Internet of things or IoT can be defined as the interconnection via the internet of computing devices embedded in everyday objects enabling them to send and receive data. The Internet of Things is revolutionizing the way we operate our systems today. As IIoT (Industrial IoT) devices and gateways populate the industrial control system (ICS) environments, it brings immense potential for improved communications, productivity, and overall efficiency of the systems. With this significant improvement comes new attack vectors and vulnerabilities. In the industry control systems, it differs from the industrial ethernet in the sense that IIoT devices have connectivity to the internet, typically via a cellular data link (LTE,5G). According to a study co-sponsored by ISA Global Security Alliance (ISAGCA) and ISA Security Compliance Institute (ISCI), Organizations responsible for industrial control systems are struggling to balance the game-changing benefits of the IIoT solutions with the new cybersecurity risks . The new risks stem from the fact that IIoT are connected to unsecure public networks (such as the internet) and the fact that they are often placed in remote locations without proper physical security measures. The current IEC 62443-4-2 does not address the following risks. One tool that can help significantly mitigate the risk is to require the IIoT product to meet a set of security requirements and best practices. In the industrial automation space, IEC 62443 is the pre-eminent cybersecurity standard, but it has been a question as to whether the IEC 62443 standard is sufficient for securing IIoT devices. If not, Is there a viable alternative?
The goal of the study mentioned above was to answer that question by determining the applicability and completeness of the IEC 62443 standards and certifications to IIoT components and systems. The fact that was apparent in the early part of the study was that the requirements for the standard IEC 62443 Part 4-2 Technical Security Requirements for IACS components were very closely applicable to these IIoT components. A question remained whether additional requirements beyond the existing 4-2 standard should be recommended as additional criteria for IIoT components. After extensive research into additional requirements and reviewing existing papers for IIoT security some unique new requirements were turning up. As a result, the study concluded that applying the IEC 62443 standards, along with some additional requirements that are appropriate for IIoT would be the best way to solve this problem. These additional requirements were identified in the study and the result of adding these requirements to the already existing IEC 62443 requirements is the introduction of IIoT Component Security Assurance (ICSA), a new certification scheme for IIoT devices and gateways.
For a component to be certified under ICSA it must meet two requirements.
- Meet the definition [IEC 62443-4-2] for at least one of embedded device, host device, or network device; and
- Meet the definition [ICSA 100 3.1] for at least one of IIoT device or IIoT gateway.
The definitions for the following are mentioned below for better understanding of the requirements.
- Embedded Device: Special purpose device running embedded software designed to directly monitor, control, or actuate an industrial process
- Host Device: General purpose device running an operating system (for example Microsoft Windows OS or Linux) capable of hosting one or more software applications, data stores or functions from one or more suppliers.
- Network Device: A device that facilitates data flow between devices, or restricts the flow of data, but may not directly interact with a control process.
- IIoT Device: An entity that is a sensor or actuator for a physical process or communicates with sensors or actuators for a physical process, that directly connects to an untrusted network to support and/or use data collection and analytic functions accessible via that network.
- IIoT Gateway: entity of an IIoT system that connects one or more proximity networks and the IIoT devices on those networks to each other and directly connects to one or more untrusted access networks.
ICSA certification was designed for IIoT components designed to directly connect with untrusted networks in system architecture. These networks include publicly accessible networks such as the internet or a cellular network. Other examples of untrusted networks include internal enterprise networks which are not in full control of the asset owner.
- Ensuring that products are developed using a secure development lifecycle.
- Ensuring that the supplier has an effective process in place to respond to security vulnerabilities.
- Ensuring that the product has sufficient security features available based on the level of risk associated with its usage
- Ensuring that the product is tested to determine if there are any known vulnerabilities in the product.
For example, a supplier must hold an ISASecure SDLA (Security Development Lifecycle Assurance) development process certification such that the component which is to be evaluated is in the scope of that process. This ensures that the component is developed using a security development lifecycle, and that the supplier has an effecting vulnerability response process in place as well. This criterion is formally called SDLPA-IC (Security Development Lifecycle Process Assessment for IIoT components). This is based on [IEC 62443-4-1] standard. ICSA certification has three additional elements.
Security Development Artifacts for IIoT components (SDA-IC) – This ensures that the compliant development process was used to develop the component to be certified
Functional Security Assessment for IIoT components (FSA-IC) – This examines the security capabilities of the product
Vulnerability Identification Testing for IIoT components (VIT-IC). – This step includes a scan for known vulnerabilities in the product
ICSA certification defines two certification tiers, Core and Advanced level of security. This structure is inspired by IEC 62443-4-2's structure with four capability security levels. The core tier roughly maps to SL 2 and the Advance tier roughly maps to SL 4. The VIT-IC components are the same for the basic and advanced tier except allowable residual risk for known security issues. There are added requirements related to the product's required security capabilities for the advanced tier not required for the core tier.
Figure 1 – Key parts of the ICSA Program.
exida contributed to the development of the ICSA certification and is accredited by ISA Secure to issue these certifications. exida is a globally recognized chartered laboratory with over 10 years of experience in the cybersecurity certification industry. In this case, exida can help with the ICSA certification process from the prerequisite of SDLA to the advanced requirements of FSA-IC.
An industry vetted certification for the IIoT component will help the asset owner gain confidence that they can continue to enjoy the innovative benefits that the new IIoT components provide for their ICS networks, with the risk of a successful attack being significantly reduced. A certification program also provides an opportunity for suppliers to demonstrate the cybersecurity posture of their products and help bring more secure products to the real-world environments.
Document: ICSA - 100
Document: ICSA - 300