ICS cyber security risk criteria

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Abstract

In my previous blog (Why process safety risk and cyber security risk differ) I discussed the differences between process safety risk and cyber security risk and why these two risks don’t align. In this blog I like to discuss some of the cyber security risk criteria, why they differ from process safety risk criteria and how they align with cyber security design objectives. And as usual I will challenge some of IEC 62443-3-2 misconceptions.

Cyber security can be either prescriptive or risk based. An example of a prescriptive approach is the IEC 62443-3-3, the standard is a list with security requirements to follow in order to create resilience against a specific cyber threat. For this IEC 62443 uses security levels with the following definitions:

SL 1 – Prevent the unauthorized disclosure of information via eavesdropping or casual exposure.SL 2 – Prevent the unauthorized disclosure of information to an entity actively searching for it using simple means with low

Read the article