Applying 62443 Concepts to Securing OT ICS Endpoints

Mapping ISO to IEC 62443

Most cyber risks and events are associated with the compromise of endpoints or commodity systems, HMIs, Historians, AD servers, EWS, and technician laptops. This means we need to be considering these endpoints vs. merely monitoring network traffic when treating cyber-risk down to tolerable levels for the organization. The IEC 62443 standards have high-level, concentrated advice, but in comparison to NIST-SP technical requirements, it is not as clear because 62443 was designed to be highly agnostic and applicable to many industries.

When looking at the 62443 foundational requirements (FR) and security requirements (SR), many can be found within a cybersecurity program or tweaked to focus on endpoints and fulfilled using technology. Security continuously degrades and audits/remediation requires resources, but security controls per asset can be implemented and monitored so OT systems management (OTSM) teams can get ahead of the problem (where possible) using the correct solutions.

This session is about mapping endpoint security capabilities to those outlined in the 62443 families, using multiple products to tie FR/SRs together, and how to gain visibility on gaps, security-level (SL) variances, etc. via a centralized platform strategy that enables teams to act.

During this presentation, you will learn:

• An introduction to the 62443 FR/SRs with respect to endpoint security
• A mapping of FR/SRs to the various capabilities or products out there
• An example of an HMI “blueprint” with a specific target security level (SL-T)
• An example illustrating variance between an achieved security level (SL-As) vs. the desired SL-T via a compliance strategy
• An example dashboard report showing overall results as a feedback system for your CSMS
• Next steps to expanding this concept