Information Security Risk Assessment Methodology for Industrial Systems Supporting ISA/IEC 62443 Compliance

Eider Iturbe; Erkuden Rios; Jason Mansell; Nerea Toledo

doi:10.1109/ICECET58911.2023.10389369

Information Security Risk Assessment Methodology for Industrial Systems Supporting ISA/IEC 62443 Compliance

CIBERSEC and DLT

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

6 Citations (Scopus)

Abstract

In the context of Industry 4.0, digitalization is one of the key ingredients to foster economic growth and competitiveness of the industrial sector. But the speed in which digitalization is coming into play as well as the growing use of novel technologies such as Cyber Physical Systems (CPSs), Industrial Internet of Things (IIoT) and artificial intelligence techniques, comes hand by hand, with the increase in the attack vectors to these industries. So now, more than ever, there is a need for clear and reusable methodologies that support security experts in identifying the threats as well as the required measures to secure next-generation industrial infrastructures and solutions. This paper presents a risk assessment methodology for security and privacy of industrial solutions which systematises the activities to be carried out in a technology-, system-, and domain-agnostic manner and, thus, it can be reused in multiple types of systems. The methodology supports the compliance with the industrial cybersecurity standard ISA/IEC 62443.

Original language	English
Title of host publication	International Conference on Electrical, Computer and Energy Technologies, ICECET 2023
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9798350327816
DOIs	https://doi.org/10.1109/ICECET58911.2023.10389369
Publication status	Published - 2023
Event	2023 IEEE International Conference on Electrical, Computer and Energy Technologies, ICECET 2023 - Cape Town, South Africa Duration: 16 Nov 2023 → 17 Nov 2023

Publication series

Name	International Conference on Electrical, Computer and Energy Technologies, ICECET 2023

Conference

Conference	2023 IEEE International Conference on Electrical, Computer and Energy Technologies, ICECET 2023
Country/Territory	South Africa
City	Cape Town
Period	16/11/23 → 17/11/23

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 8 Decent Work and Economic Growth
SDG 9 Industry, Innovation, and Infrastructure

Keywords

cyber security
industrial systems
risk assessment
standard compliance

Access to Document

10.1109/ICECET58911.2023.10389369

Cite this

Iturbe, E., Rios, E., Mansell, J., & Toledo, N. (2023). Information Security Risk Assessment Methodology for Industrial Systems Supporting ISA/IEC 62443 Compliance. In International Conference on Electrical, Computer and Energy Technologies, ICECET 2023 (International Conference on Electrical, Computer and Energy Technologies, ICECET 2023). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICECET58911.2023.10389369

Iturbe, Eider ; Rios, Erkuden ; Mansell, Jason et al. / Information Security Risk Assessment Methodology for Industrial Systems Supporting ISA/IEC 62443 Compliance. International Conference on Electrical, Computer and Energy Technologies, ICECET 2023. Institute of Electrical and Electronics Engineers Inc., 2023. (International Conference on Electrical, Computer and Energy Technologies, ICECET 2023).

@inproceedings{9c4c97986c384abcab88e5824b5018e3,

title = "Information Security Risk Assessment Methodology for Industrial Systems Supporting ISA/IEC 62443 Compliance",

abstract = "In the context of Industry 4.0, digitalization is one of the key ingredients to foster economic growth and competitiveness of the industrial sector. But the speed in which digitalization is coming into play as well as the growing use of novel technologies such as Cyber Physical Systems (CPSs), Industrial Internet of Things (IIoT) and artificial intelligence techniques, comes hand by hand, with the increase in the attack vectors to these industries. So now, more than ever, there is a need for clear and reusable methodologies that support security experts in identifying the threats as well as the required measures to secure next-generation industrial infrastructures and solutions. This paper presents a risk assessment methodology for security and privacy of industrial solutions which systematises the activities to be carried out in a technology-, system-, and domain-agnostic manner and, thus, it can be reused in multiple types of systems. The methodology supports the compliance with the industrial cybersecurity standard ISA/IEC 62443.",

keywords = "cyber security, industrial systems, risk assessment, standard compliance",

author = "Eider Iturbe and Erkuden Rios and Jason Mansell and Nerea Toledo",

note = "Publisher Copyright: {\textcopyright} 2023 IEEE.; 2023 IEEE International Conference on Electrical, Computer and Energy Technologies, ICECET 2023 ; Conference date: 16-11-2023 Through 17-11-2023",

year = "2023",

doi = "10.1109/ICECET58911.2023.10389369",

language = "English",

series = "International Conference on Electrical, Computer and Energy Technologies, ICECET 2023",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "International Conference on Electrical, Computer and Energy Technologies, ICECET 2023",

address = "United States",

}

Iturbe, E , Rios, E , Mansell, J & Toledo, N 2023, Information Security Risk Assessment Methodology for Industrial Systems Supporting ISA/IEC 62443 Compliance. in International Conference on Electrical, Computer and Energy Technologies, ICECET 2023. International Conference on Electrical, Computer and Energy Technologies, ICECET 2023, Institute of Electrical and Electronics Engineers Inc., 2023 IEEE International Conference on Electrical, Computer and Energy Technologies, ICECET 2023, Cape Town, South Africa, 16/11/23. https://doi.org/10.1109/ICECET58911.2023.10389369

Information Security Risk Assessment Methodology for Industrial Systems Supporting ISA/IEC 62443 Compliance. / Iturbe, Eider ; Rios, Erkuden ; Mansell, Jason et al.
International Conference on Electrical, Computer and Energy Technologies, ICECET 2023. Institute of Electrical and Electronics Engineers Inc., 2023. (International Conference on Electrical, Computer and Energy Technologies, ICECET 2023).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Information Security Risk Assessment Methodology for Industrial Systems Supporting ISA/IEC 62443 Compliance

AU - Iturbe, Eider

AU - Rios, Erkuden

AU - Mansell, Jason

AU - Toledo, Nerea

PY - 2023

Y1 - 2023

N2 - In the context of Industry 4.0, digitalization is one of the key ingredients to foster economic growth and competitiveness of the industrial sector. But the speed in which digitalization is coming into play as well as the growing use of novel technologies such as Cyber Physical Systems (CPSs), Industrial Internet of Things (IIoT) and artificial intelligence techniques, comes hand by hand, with the increase in the attack vectors to these industries. So now, more than ever, there is a need for clear and reusable methodologies that support security experts in identifying the threats as well as the required measures to secure next-generation industrial infrastructures and solutions. This paper presents a risk assessment methodology for security and privacy of industrial solutions which systematises the activities to be carried out in a technology-, system-, and domain-agnostic manner and, thus, it can be reused in multiple types of systems. The methodology supports the compliance with the industrial cybersecurity standard ISA/IEC 62443.

AB - In the context of Industry 4.0, digitalization is one of the key ingredients to foster economic growth and competitiveness of the industrial sector. But the speed in which digitalization is coming into play as well as the growing use of novel technologies such as Cyber Physical Systems (CPSs), Industrial Internet of Things (IIoT) and artificial intelligence techniques, comes hand by hand, with the increase in the attack vectors to these industries. So now, more than ever, there is a need for clear and reusable methodologies that support security experts in identifying the threats as well as the required measures to secure next-generation industrial infrastructures and solutions. This paper presents a risk assessment methodology for security and privacy of industrial solutions which systematises the activities to be carried out in a technology-, system-, and domain-agnostic manner and, thus, it can be reused in multiple types of systems. The methodology supports the compliance with the industrial cybersecurity standard ISA/IEC 62443.

KW - cyber security

KW - industrial systems

KW - risk assessment

KW - standard compliance

UR - https://www.scopus.com/pages/publications/85187259124

U2 - 10.1109/ICECET58911.2023.10389369

DO - 10.1109/ICECET58911.2023.10389369

M3 - Conference contribution

AN - SCOPUS:85187259124

T3 - International Conference on Electrical, Computer and Energy Technologies, ICECET 2023

BT - International Conference on Electrical, Computer and Energy Technologies, ICECET 2023

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2023 IEEE International Conference on Electrical, Computer and Energy Technologies, ICECET 2023

Y2 - 16 November 2023 through 17 November 2023

ER -

Iturbe E , Rios E , Mansell J, Toledo N. Information Security Risk Assessment Methodology for Industrial Systems Supporting ISA/IEC 62443 Compliance. In International Conference on Electrical, Computer and Energy Technologies, ICECET 2023. Institute of Electrical and Electronics Engineers Inc. 2023. (International Conference on Electrical, Computer and Energy Technologies, ICECET 2023). doi: 10.1109/ICECET58911.2023.10389369

Information Security Risk Assessment Methodology for Industrial Systems Supporting ISA/IEC 62443 Compliance

Abstract

Publication series

Conference

UN SDGs

Keywords

Access to Document

Other files and links

Fingerprint

Cite this