Industrial-process measurement, control and automation - Smart manufacturing - Part 3: Challenges for cybersecurity

IEC TR 63283-3:2022(E) identifies challenges which apply to the engineering of a smart manufacturing facility related to cybersecurity.

General Information

Status
Published
Publication Date
08-Mar-2022
Current Stage
PPUB - Publication issued
Start Date
05-Apr-2022
Completion Date
09-Mar-2022
Ref Project

Buy Standard

Technical report
IEC TR 63283-3:2022 - Industrial-process measurement, control and automation - Smart manufacturing - Part 3: Challenges for cybersecurity
English language
54 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


IEC TR 63283-3 ®
Edition 1.0 2022-03
TECHNICAL
REPORT
colour
inside
Industrial-process measurement, control and automation – Smart
manufacturing –
Part 3: Challenges for cybersecurity
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.

IEC Secretariat Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.

IEC publications search - webstore.iec.ch/advsearchform IEC Products & Services Portal - products.iec.ch
The advanced search enables to find IEC publications by a Discover our powerful search engine and read freely all the
variety of criteria (reference number, text, technical publications previews. With a subscription you will always have
committee, …). It also gives information on projects, replaced access to up to date content tailored to your needs.
and withdrawn publications.
Electropedia - www.electropedia.org
IEC Just Published - webstore.iec.ch/justpublished
The world's leading online dictionary on electrotechnology,
Stay up to date on all new IEC publications. Just Published
containing more than 22 300 terminological entries in English
details all new publications released. Available online and once
and French, with equivalent terms in 19 additional languages.
a month by email.
Also known as the International Electrotechnical Vocabulary

(IEV) online.
IEC Customer Service Centre - webstore.iec.ch/csc

If you wish to give us your feedback on this publication or need
further assistance, please contact the Customer Service
Centre: sales@iec.ch.
IEC TR 63283-3 ®
Edition 1.0 2022-03
TECHNICAL
REPORT
colour
inside
Industrial-process measurement, control and automation – Smart

manufacturing –
Part 3: Challenges for cybersecurity

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 25.040.40 ISBN 978-2-8322-1085-8

– 2 – IEC TR 63283-3:2022  IEC 2022
CONTENTS
FOREWORD . 5
INTRODUCTION . 7
1 Scope . 8
2 Normative references . 8
3 Terms, definitions, abbreviated terms and acronyms . 8
3.1 Terms and definitions . 8
3.2 Abbreviated terms and acronyms . 15
4 Smart Manufacturing challenges for cybersecurity . 15
5 Systems engineering . 16
6 Applying IEC 62443 (all parts) to smart manufacturing. 24
6.1 General . 24
6.2 Relation to ISO/IEC 27000 (all parts) . 25
6.3 Reference model . 26
6.4 Foundational requirements . 26
6.5 Zones and conduits in system of systems . 27
6.6 Security risk assessment and security levels . 27
6.7 Security lifecycle . 27
6.8 Auditing and logging . 28
6.9 Conclusion . 28
7 Smart Manufacturing security threats . 28
7.1 General . 28
7.2 Use case view on cybersecurity . 29
7.2.1 General . 29
7.2.2 Use case “Manufacturing of individualized products”. 29
7.2.3 Use case “Standardization of production technologies” . 31
7.2.4 Use case “Flexible scheduling and resource allocation” . 32
7.2.5 Use case “Modularization of production system” . 33
7.2.6 Use case “Feedback loops” . 35
7.2.7 Use case “Simulation in operation” . 36
7.2.8 Use case “Simulation in design and engineering” . 38
7.2.9 Use cases “Update and functional scalability of production resources”
and “Device configuration” . 38
7.2.10 Use case “Information extraction from production systems” . 39
7.2.11 Use case “Self-optimization of production resources” Use case
“Optimization of operation through machine learning” Use case
“Optimization in design and engineering through machine learning” . 41
7.2.12 Use case “Design for energy efficiency” Use case “Optimization of
energy” . 41
7.2.13 Use case “Seamless models” . 42
7.3 Smart Manufacturing lifecycle view on cybersecurity . 43
8 Summary of challenges . 44
8.1 General . 44
8.2 Identification and Authentication Control (AC) . 45
8.3 Use Control (UC) . 45
8.4 Data and System Integrity (DI) . 47
8.5 Data Confidentiality (DC) . 48
8.5.1 General . 48

8.5.2 Intended Use . 48
8.5.3 Data Confidentiality . 49
8.6 Restricted Data Flow (RDF) . 49
8.7 Timely Response to Events (TRE) . 49
8.8 Resource Availability (RA) . 50
Annex A (informative) Mapping use cases to foundational requirements . 51
Annex B (informative) Secure identities . 52
Bibliography . 53

Figure 1 – The IEC 62443 series . 24
Figure 2 – Details of the application of individual parts of IEC 62443 by different roles
during the individual life cycles of automation assets . 25
Figure 3 – Use case “Manufacturing of individualized products” . 29
Figure 4 – Use case “Standardization of production technologies” . 31
Figure 5 – Use case “Flexible scheduling and resource allocation”. 32
Figure 6 – Use case “Modularization of production system” . 33
Figure 7 – Use case “Feedback loops” . 36
Figure 8 – Use case “Simulation in operation” . 37
Figure 9 – Use case “Simulation in design and engineering” . 38
Figure 10 – Use case “Information extraction from production systems” . 40
Figure 11 – From Value Streams to Value Networks . 43
Figure 12 – Lifecycles, users/stakeholders, granted privileges, and views . 46
Figure 13 – Privacy and Intended Use . 48

Table 1 – ISO/IEC/IEEE 15288 System engineering process . 17
Table 2 – Use case “Manufacturing of individualized products” . 30
Table 3 – Use case “Standardization of production technologies”. 32
Table 4 – Use case “Flexible Scheduling and resource allocation” . 33
Table 5 – Use case “Modularization of production system” . 34
Table 6 – Use Case “Feedback loops” . 36
Table 7 – Use case “Simulation in operation” . 37
Table 8 – Use case “Simulation in design and engineering” . 38
Table 9 – Use case “Update and functional scalability of production resources”, Use
case “Device configuration”. 39
Table 10 – Use case “Information extraction from production systems” . 40
Table 11 – Use case “Machine learning” . 41
Table 12 – Use case “Design for energy efficiency”, Use case “Optimization of energy” . 42
Table 13 – Use case “Seamless models” . 43
Table 14 – Smart Manufacturing Lifecycle View on Cybersecurity . 44
Table 15 – Identification and Authentication Control (AC) challenges . 45
Table 16 – Use Control (UC) challenges . 46
Table 17 – Data and System Integrity (DI) challenges . 47
Table 18 – Data Confidentiality (DC) challenges regarding privacy . 48
Table 19 – Data Confidentiality (DC) requirements other than privacy . 49

– 4 – IEC TR 63283-3:2022  IEC 2022
Table 20 – Restricted Data Flow (RDF) challenges . 49
Table 21 – Timely Response to Events (TRE) challenges . 50
Table 22 – Resource Availability (RA) challenges . 50
Table A.1 – Mapping use cases to foundational requirements . 51

INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
INDUSTRIAL-PROCESS MEASUREMENT, CONTROL
AND AUTOMATION – SMART MANUFACTURING –

Part 3: Challenges for cybersecurity

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international
co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and
in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports,
Publicly Available Specifications (PAS) and Guide
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.