TY - GEN
T1 - Information Security Risk Assessment Methodology for Industrial Systems Supporting ISA/IEC 62443 Compliance
AU - Iturbe, Eider
AU - Rios, Erkuden
AU - Mansell, Jason
AU - Toledo, Nerea
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - In the context of Industry 4.0, digitalization is one of the key ingredients to foster economic growth and competitiveness of the industrial sector. But the speed in which digitalization is coming into play as well as the growing use of novel technologies such as Cyber Physical Systems (CPSs), Industrial Internet of Things (IIoT) and artificial intelligence techniques, comes hand by hand, with the increase in the attack vectors to these industries. So now, more than ever, there is a need for clear and reusable methodologies that support security experts in identifying the threats as well as the required measures to secure next-generation industrial infrastructures and solutions. This paper presents a risk assessment methodology for security and privacy of industrial solutions which systematises the activities to be carried out in a technology-, system-, and domain-agnostic manner and, thus, it can be reused in multiple types of systems. The methodology supports the compliance with the industrial cybersecurity standard ISA/IEC 62443.
AB - In the context of Industry 4.0, digitalization is one of the key ingredients to foster economic growth and competitiveness of the industrial sector. But the speed in which digitalization is coming into play as well as the growing use of novel technologies such as Cyber Physical Systems (CPSs), Industrial Internet of Things (IIoT) and artificial intelligence techniques, comes hand by hand, with the increase in the attack vectors to these industries. So now, more than ever, there is a need for clear and reusable methodologies that support security experts in identifying the threats as well as the required measures to secure next-generation industrial infrastructures and solutions. This paper presents a risk assessment methodology for security and privacy of industrial solutions which systematises the activities to be carried out in a technology-, system-, and domain-agnostic manner and, thus, it can be reused in multiple types of systems. The methodology supports the compliance with the industrial cybersecurity standard ISA/IEC 62443.
KW - cyber security
KW - industrial systems
KW - risk assessment
KW - standard compliance
UR - http://www.scopus.com/inward/record.url?scp=85187259124&partnerID=8YFLogxK
U2 - 10.1109/ICECET58911.2023.10389369
DO - 10.1109/ICECET58911.2023.10389369
M3 - Conference contribution
AN - SCOPUS:85187259124
T3 - International Conference on Electrical, Computer and Energy Technologies, ICECET 2023
BT - International Conference on Electrical, Computer and Energy Technologies, ICECET 2023
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2023 IEEE International Conference on Electrical, Computer and Energy Technologies, ICECET 2023
Y2 - 16 November 2023 through 17 November 2023
ER -