A version of this blog originally appeared on Cisco
To many people, the ISA/IEC 62443 industrial security standard is like a New Year’s resolution: You know it will bring you great benefits, so you start working on it, but you eventually give up because it looks complex or other priorities arise. But it really should not be like that. Let me explain why.
Industrial networks and critical infrastructures have become the new playground for cyber criminals. Whether you run global manufacturing operations, a local water utility, a power grid network, or just a small industrial plant in the middle of nowhere, you are eligible for a cyber-attack. What would be the result? Production halts, loss of revenue, broken industrial equipment, damage to the environment, or even injured employees. Nothing else should be higher on your priority list than securing your industrial operations.
The International Society of Automation (ISA) and the International Electrotechnical Commission (IEC) have developed the ISA/IEC 62443 series of standards. It is a framework to implement industrial cybersecurity best practices step by step and drive continuous improvement. The series covers many aspects, but the key part is ISA/IEC 62443-3-3, which describes the security capabilities you should implement.
Security Requirements for All Industry Verticals
Some might think that ISA/IEC 62443-3-3 is only suited for manufacturing operations, but most of its security requirements apply to all industry verticals. Furthermore, the ISA and IEC are now working on developing profiles for specific industries, so whatever you implement today will be leveraged tomorrow to comply with a more thorough list of requirements.
To drive you through the ISA/IEC 62443-3-3, my colleagues Andrew McPhee and Maik Seewald have written a short and detailed white paper listing all security requirements and how to comply. The main key takeaway is that by leveraging Cisco’s comprehensive industrial networking and cybersecurity portfolio, implementing the standard couldn’t be easier.
As an example, the ISA/IEC 62443-3-3 highlights the imperative of controlling access to resources and restricting communications by enforcing the least privilege principle that grants users and devices only the rights they need to perform their tasks. In a nutshell, asset identification, user authentication, and micro-segmentation are a must to reduce the exposure of the industrial control system (ICS) to cyberthreats and limit the spread of attacks.
Using Cisco Identity Services Engine (ISE) together with Cisco Cyber Vision, Secure Firewall, and Duo, industrial organizations can easily implement this zero-trust approach to their OT networks. These products have been designed and tested together to enable seamless workflows and out-of-the-box integration. I told you it did not have to be complex!
Three Webinars to Deep Dive Into ISA/IEC 62443
Andrew and Maik have recently presented a webinar explaining the ISA/IEC 62443-3-3 and its security requirements. See the on-demand recording here to learn about capabilities you might be missing today and how you can easily implement them.
As a follow-up to this overview, a second webinar explains how to implement micro-segmentation in industrial networks. It dives into the ISA/IEC 62443 zones and conduits model and shows you how Cisco ISE and Cyber Vision can enforce OT micro-segmentation. See the on-demand recording here.
Securing industrial operations also means leveraging IT security tools and processes. On 15 December 2022, the webinar closing the series will discuss how to extend IT security to industrial operations so security analysts can investigate and remediate threats across both IT and OT domains. Register here.