Utilizing robust secure access capabilities is an essential part of OT cybersecurity, but how does secure access fit with a top cybersecurity framework like ISA/IEC 62443? If your organization abides by the standards and regulations of ISA/IEC 62443, you may be wondering how secure access fits into the big picture.
We’re breaking down how ISA/IEC 62443 helps organizations secure their cyber-physical systems (CPS) and where secure access fits into the well-regarded framework.
How ISA/IEC 62443 Impacts OT Cybersecurity
ISA and IEC stand for the International Society of Automation (ISA) and the International Electrotechnical Commission (IEC). Often considered the source of truth for OT networks and industrial control system (ICS) operators, ISA/IEC 62443 are a series of standards and technical reports that outline processes and requirements for maintaining and protecting electronically secure industrial automation and control systems (IACS) from cyberthreats.
Navigating the ISA/IEC 62443
ISA/IEC 62443 is not a mandatory framework, but the standards are best practices that are widely recognized across industries. By providing a comprehensive framework for identifying, assessing, and managing the risks to IACS, ISA/IEC 62443 is crucial for OT cybersecurity.
ISA/IEC 62443 is organized in a variety of ways. First, there are five Security Levels (SL) that are used to assess the risks to each system. The minimum level of risk is SL 0 which means a system has no requirements or security protections that are necessary. The highest is SL 4, which designates that a system requires sufficient protection against intentional, sophisticated attacks.
Second, there are seven Security Level Foundational Requirements (FR). These requirements mean an IACS is meeting the proper security and safeguards. Each FR has several conditions that must be met, determined by the SL. This means that systems with a higher SL must meet more conditions for the FR to be fulfilled.
ISA’s View on Secure Access
The first foundational requirement, FR1, is Identification & Authentication Control. The purpose of this FR1 is to emphasize that organizations must have a process to reliably identify and authenticate all users trying to access the IACS, whether they are human, a device, or piece of software. Not only is this a key foundational requirement of ISA/IEC 62443, but identification and authentication processes are an integral component of comprehensive Secure Access.
The second foundational requirement, FR2, is Use Control, which states that organizations should grant only the appropriate level of privileges to each user. This level of control allows an organization to maintain security and operational integrity of the IACS in an effort to protect the entire system and its data. The limitation of user controls is also a cornerstone of Secure Access, highlighting how the ISA/IEC 62443 framework prioritizes secure access measures.
How ISA/IEC Works Into Zero Trust
Like ISA/IEC 62443, the Zero Trust framework emphasizes identity and authentication and limited user controls and privileges. The idea behind Zero Trust is to grant every user limited access until they verify their identity and therefore their appropriate level of privilege, treating every user as a potential threat until proven otherwise.
Harmonizing ISA Compliance and OT Security
How to Effectively Adopt the ISA/IEC 62443 Framework
ISA/IEC 62443 OT cybersecurity measures can help secure your CPS and protect your organization from cyberthreats. Evaluating your assets’ security needs by applying IEC 62443 Security Levels and seeing whether the Foundational Requirements are being met is the first place to start in adopting the ISA/IEC 62443 framework. From there, understanding all of their guidelines and standards and seeing where your organization does or does not follow them should be a good indication of how to better secure your OT assets.
Impact From IEC 62443 to Critical Infrastructure
The benchmarks that ISA/IEC standards set for critical infrastructure are crucial to a wide range of sectors that depend on IACS, for example electric power generation and distribution, transportation, oil and gas, chemicals, and more. When organizations adopt these standards, they are further defining their risk assessment processes which can help determine the level of security required for the needs of their business and the amount of risk associated.
How ISA/IEC 62443 Strengthens CPS Secure Access
Claroty’s Approach to IEC 62443 Compliance and Secure Access
A strong secure access strategy helps meet Foundational Requirements 1 and 2 of ISA/IEC 62443. In fact, Claroty xDome Secure Access is compliant with both of these requirements.
FR1 requires organizations to identify and authenticate all users that try to access the IACS, a core measure of secure access. The solutions Claroty offers are built around role-based access controls (RBAC) in order to perform user identification. This strengthens security and enhances the user experience.
FR2 emphasizes the importance of granting the appropriate level of privileges to each user. xDome Secure Access features the segregation of duties through RBAC assignments made by a system administrator. By implementing these control mechanisms, it’s possible to better maintain the operational integrity and security of the IACS.
Claroty xDome Secure Access helps organizations looking to comply with IAS/IEC 62443 meet the conditions related to secure access measures like user controls, identity and authentication.
To learn more about the best steps to take to protect your OT environment in line with ISA/IEC 62443, particularly for secure access, speak with a member of our team.
