IEC TR 62443-3-1:2009
(Main)Industrial communication networks - Network and system security - Part 3-1: Security technologies for industrial automation and control systems
Industrial communication networks - Network and system security - Part 3-1: Security technologies for industrial automation and control systems
IEC/TR 62443-3-1:2009(E) provides a current assessment of various cybersecurity tools, mitigation counter-measures, and technologies that may effectively apply to the modern electronically based IACSs regulating and monitoring numerous industries and critical infrastructures. It describes several categories of control system-centric cybersecurity technologies, the types of products available in those categories, the pros and cons of using those products in the automated IACS environments, relative to the expected threats and known cyber vulnerabilities, and, most important, the preliminary recommendations and guidance for using these cybersecurity technology products and/or countermeasures.
General Information
Standards Content (Sample)
IEC/TR 62443-3-1 ®
Edition 1.0 2009-07
TECHNICAL
REPORT
colour
inside
Industrial communication networks – Network and system security –
Part 3-1: Security technologies for industrial automation and control systems
IEC/TR 6244-3-1:2009(E)
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by
any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either IEC or
IEC's member National Committee in the country of the requester.
If you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this publication,
please contact the address below or your local IEC member National Committee for further information.
Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite
ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie
et les microfilms, sans l'accord écrit de la CEI ou du Comité national de la CEI du pays du demandeur.
Si vous avez des questions sur le copyright de la CEI ou si vous désirez obtenir des droits supplémentaires sur cette
publication, utilisez les coordonnées ci-après ou contactez le Comité national de la CEI de votre pays de résidence.
IEC Central Office
3, rue de Varembé
CH-1211 Geneva 20
Switzerland
Email: 0Hinmail@iec.ch
Web: 1Hwww.iec.ch
About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.
ƒ Catalogue of IEC publications: 2Hwww.iec.ch/searchpub
The IEC on-line Catalogue enables you to search by a variety of criteria (reference number, text, technical committee,…).
It also gives information on projects, withdrawn and replaced publications.
ƒ IEC Just Published: 3Hwww.iec.ch/online_news/justpub
Stay up to date on all new IEC publications. Just Published details twice a month all new publications released. Available
on-line and also by email.
ƒ Electropedia: 4Hwww.electropedia.org
The world's leading online dictionary of electronic and electrical terms containing more than 20 000 terms and definitions
in English and French, with equivalent terms in additional languages. Also known as the International Electrotechnical
Vocabulary online.
ƒ Customer Service Centre: 5Hwww.iec.ch/webstore/custserv
If you wish to give us your feedback on this publication or need further assistance, please visit the Customer Service
Centre FAQ or contact us:
Email: 6Hcsc@iec.ch
Tel.: +41 22 919 02 11
Fax: +41 22 919 03 00
IEC/TR 62443-3-1 ®
Edition 1.0 2009-07
TECHNICAL
REPORT
colour
inside
Industrial communication networks – Network and system security –
Part 3 1: Security technologies for industrial automation and control systems
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
PRICE CODE
XD
ICS 25.040.40; 33.040.040; 35.040 ISBN 978-2-88910-711-7
– 2 – TR 62443-3-1 © IEC:2009(E)
CONTENTS
FOREWORD.139H8
INTRODUCTION.140H10
1 Scope.141H12
2 Normative references.142H13
3 Terms, definitions and acronyms.143H13
3.1 Terms and definitions .144H13
3.2 Acronyms .145H20
4 Overview .146H21
5 Authentication and authorization technologies .147H22
5.1 General .148H22
5.2 Role-based authorization tools .149H23
5.2.1 Overview .150H23
5.2.2 Security vulnerabilities addressed by this technology.151H23
5.2.3 Typical deployment .152H24
5.2.4 Known issues and weaknesses .153H24
5.2.5 Assessment of use in the industrial automation and control systems
environment.154H25
5.2.6 Future directions.155H25
5.2.7 Recommendations and guidance.156H25
5.2.8 Information sources and reference material.157H25
5.3 Password authentication .158H25
5.3.1 Overview .159H25
5.3.2 Security vulnerabilities addressed by this technology.160H26
5.3.3 Typical deployment .161H26
5.3.4 Known issues and weaknesses .162H26
5.3.5 Assessment of use in the industrial automation and control systems
environment.163H27
5.3.6 Future directions.164H27
5.3.7 Recommendations and guidance.165H28
5.3.8 Information sources and reference material.166H28
5.4 Challenge/response authentication .167H29
5.4.1 Overview .168H29
5.4.2 Security vulnerabilities addressed by this technology.169H29
5.4.3 Typical deployment .170H29
5.4.4 Known issues and weaknesses .171H29
5.4.5 Assessment of use in the industrial automation and control systems
environment.172H30
5.4.6 Future directions.173H30
5.4.7 Recommendations and guidance.174H30
5.4.8 Information sources and reference material.175H30
5.5 Physical/token authentication.176H30
5.5.1 Overview .177H30
5.5.2 Security vulnerabilities addressed by this technology.178H30
5.5.3 Typical deployment .179H31
5.5.4 Known issues and weaknesses .180H31
5.5.5 Assessment of use in the industrial automation and control systems
environment.181H31
TR 62443-3-1 © IEC:2009(E) – 3 –
5.5.6 Future directions.182H31
5.5.7 Recommendations and guidance.183H31
5.5.8 Information sources and reference material.184H32
5.6 Smart card authentication .185H32
5.6.1 Overview .186H32
5.6.2 Security vulnerabilities addressed by this technology.187H32
5.6.3 Typical deployment .188H32
5.6.4 Known issues and weaknesses .189H33
5.6.5 Assessment of use in the industrial automation and control systems
environment.190H33
5.6.6 Future directions.191H33
5.6.7 Recommendations and guidance.192H33
5.6.8 Information sources and reference material.193H34
5.7 Biometric authentication.194H34
5.7.1 Overview .195H34
5.7.2 Security vulnerabilities addressed by this technology.196H34
5.7.3 Typical deployment .197H34
5.7.4 Known issues and weaknesses .198H34
5.7.5 Assessment of use in the industrial automation and control systems
environment.199H35
5.7.6 Future directions.200H35
5.7.7 Recommendations and guidance.201H35
5.7.8 Information sources and reference material.202H35
5.8 Location-based authentication .203H35
5.8.1 Overview .204H35
5.8.2 Security vulnerabilities addressed by this technology.205H36
5.8.3 Typical deployment .206H36
5.8.4 Known issues and weaknesses .207H36
5.8.5 Assessment of use in the industrial automation and control systems
environment.208H36
5.8.6 Future directions.209H37
5.8.7 Recommendations and guidance.210H37
5.8.8 Information sources and reference material.211H37
5.9 Password distribution and management technologies.212H37
5.9.1 Overview .213H37
5.9.2 Security vulnerabilities addressed by this technology.214H37
5.9.3 Typical deployment .215H37
5.9.4 Known issues and weaknesses .216H37
5.9.5 Assessment of use in the industrial automation and control systems
environment.217H38
5.9.6 Future directions.218H38
5.9.7 Recommendations and guidance.219H39
5.9.8 Information sources and reference material.220H39
5.10 Device-to-device authentication .221H39
5.10.1 Overview .222H39
5.10.2 Security vulnerabilities addressed by this technology.223H40
5.10.3 Typical deployment .224H40
5.10.4 Known issues and weaknesses .225H40
5.10.5 Assessment of use in the industrial automation and control systems
environment.226H40
– 4 – TR 62443-3-1 © IEC:2009(E)
5.10.6 Future directions.227H41
5.10.7 Recommendations and guidance.228H41
5.10.8 Information sources and reference material.229H41
6 Filtering/blocking/access control technologies .230H41
6.1 General .231H4
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.