SIST-TP CEN ISO/TR 22100-4:2021
(Main)Safety of machinery - Relationship with ISO 12100 - Part 4: Guidance to machinery manufacturers for consideration of related IT-security (cyber security) aspects (ISO/TR 22100-4:2018)
Safety of machinery - Relationship with ISO 12100 - Part 4: Guidance to machinery manufacturers for consideration of related IT-security (cyber security) aspects (ISO/TR 22100-4:2018)
This document gives machine manufacturers guidance on potential security aspects in relation to safety of machinery when putting a machine into service or placing on the market for the first time. It provides essential information to identify and address IT-security threats which can influence safety of machinery.
This document gives guidance but does not provide detailed specifications on how to address IT-security aspects which can influence safety of machinery.
This document does not address the bypass or defeat of risk reduction measures through physical manipulation.
Sicherheit von Maschinen - Zusammenhang mit ISO 12100 - Teil 4: Leitlinien für Maschinenhersteller zur Berücksichtigung der damit verbundenen IT-Sicherheits-(Cybersicherheits-) Aspekte (ISO/TR 22100 4:2018)
Dieses Dokument enthält eine Anleitung für Maschinenhersteller zu möglichen (IT-)Sicherheitsaspekten in Bezug auf die Sicherheit von Maschinen, zum Zeitpunkt wenn eine Maschine zum ersten Mal in Betrieb genommen oder in Verkehr gebracht wird. Es enthält wesentliche Informationen zur Identifizierung und Behandlung von IT Sicherheitsbedrohungen, die die Sicherheit von Maschinen beeinflussen können.
Dieses Dokument enthält Anleitungen, stellt jedoch keine genauen Festlegungen zur Behandlung von IT Sicherheitsaspekten zur Verfügung, die die Sicherheit von Maschinen beeinflussen können.
Dieses Dokument behandelt nicht das Umgehen oder Unwirksam machen von risikomindernden Maßnahmen durch physische Manipulation.
Sécurité des machines - Relation avec l'ISO 12100 - Partie 4: Titre manque (ISO/TR 22100-4:2018)
Varnost strojev - Povezava z ISO 12100 - 4. del: Navodilo proizvajalcem strojev za upoštevanje povezanih vidikov IT-varnosti (kibernetske varnosti) (ISO/TR 22100-4:2018)
General Information
Standards Content (Sample)
SLOVENSKI STANDARD
SIST-TP CEN ISO/TR 22100-4:2021
01-februar-2021
Varnost strojev - Povezava z ISO 12100 - 4. del: Navodilo proizvajalcem strojev za
upoštevanje povezanih vidikov IT-varnosti (kibernetske varnosti) (ISO/TR 22100-
4:2018)
Safety of machinery - Relationship with ISO 12100 - Part 4: Guidance to machinery
manufacturers for consideration of related IT-security (cyber security) aspects (ISO/TR
22100-4:2018)
Sicherheit von Maschinen - Zusammenhang mit ISO 12100 - Teil 4: Leitlinien für
Maschinenhersteller zur Berücksichtigung der damit verbundenen IT-Sicherheits-
(Cybersicherheits-) Aspekte (ISO/TR 22100 4:2018)
Sécurité des machines - Relation avec l'ISO 12100 - Partie 4: Titre manque (ISO/TR
22100-4:2018)
Ta slovenski standard je istoveten z: CEN ISO/TR 22100-4:2020
ICS:
13.110 Varnost strojev Safety of machinery
SIST-TP CEN ISO/TR 22100-4:2021 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
SIST-TP CEN ISO/TR 22100-4:2021
---------------------- Page: 2 ----------------------
SIST-TP CEN ISO/TR 22100-4:2021
CEN ISO/TR 22100-4
TECHNICAL REPORT
RAPPORT TECHNIQUE
April 2020
TECHNISCHER BERICHT
ICS 13.110
English Version
Safety of machinery - Relationship with ISO 12100 - Part 4:
Guidance to machinery manufacturers for consideration of
related IT-security (cyber security) aspects (ISO/TR
22100-4:2018)
Sécurité des machines - Relation avec l'ISO 12100 -
Partie 4: Titre manque (ISO/TR 22100-4:2018)
This Technical Report was approved by CEN on 6 April 2020. It has been drawn up by the Technical Committee CEN/TC 114.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2020 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN ISO/TR 22100-4:2020 E
worldwide for CEN national Members.
---------------------- Page: 3 ----------------------
SIST-TP CEN ISO/TR 22100-4:2021
CEN ISO/TR 22100-4:2020 (E)
Contents Page
European foreword . 3
2
---------------------- Page: 4 ----------------------
SIST-TP CEN ISO/TR 22100-4:2021
CEN ISO/TR 22100-4:2020 (E)
European foreword
The text of ISO/TR 22100-4:2018 has been prepared by Technical Committee ISO/TC 199 "Safety of
machinery” of the International Organization for Standardization (ISO) and has been taken over as
CEN ISO/TR 22100-4:2020 by Technical Committee CEN/TC 114 “Safety of machinery” the secretariat
of which is held by DIN.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
Endorsement notice
The text of ISO/TR 22100-4:2018 has been approved by CEN as CEN ISO/TR 22100-4:2020 without any
modification.
3
---------------------- Page: 5 ----------------------
SIST-TP CEN ISO/TR 22100-4:2021
---------------------- Page: 6 ----------------------
SIST-TP CEN ISO/TR 22100-4:2021
TECHNICAL ISO/TR
REPORT 22100-4
First edition
2018-12
Safety of machinery — Relationship
with ISO 12100 —
Part 4:
Guidance to machinery manufacturers
for consideration of related IT-security
(cyber security) aspects
Reference number
ISO/TR 22100-4:2018(E)
©
ISO 2018
---------------------- Page: 7 ----------------------
SIST-TP CEN ISO/TR 22100-4:2021
ISO/TR 22100-4:2018(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2018
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2018 – All rights reserved
---------------------- Page: 8 ----------------------
SIST-TP CEN ISO/TR 22100-4:2021
ISO/TR 22100-4:2018(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 General characterization of safety of machinery versus IT-security .3
4.1 Principle objectives . 3
4.2 Different elements of risk . 4
4.3 Consequences for risk assessment process . 5
5 Relationship to existing legal and standardization framework regarding safety of
machinery . 5
5.1 Legal framework . 5
5.2 Standardization framework – Relationship to ISO 12100 . 5
6 Relationship between safety of machinery and IT-security . 5
7 Essential steps to address IT-security over the whole life cycle of the machine .7
8 Generic guidance for assessing IT-security threats regarding their possible
influence on safety of machinery . 8
9 Roles to address IT-security issues with possible relevance to safety of machinery .9
10 Guidance for machine manufacturers to address IT-security issues with possible
relevance to safety of machinery .11
10.1 General .11
10.2 Selection of appropriate components (hardware/software) .11
10.3 Appropriate machine design .12
10.4 Instruction handbook (guidance to the machine user) .12
Annex A (informative) Example of a legal framework.14
Bibliography .15
© ISO 2018 – All rights reserved iii
---------------------- Page: 9 ----------------------
SIST-TP CEN ISO/TR 22100-4:2021
ISO/TR 22100-4:2018(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso
.org/iso/foreword .html.
This document was prepared by Technical Committee ISO/TC 199, Safety of machinery.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/members .html.
A list of all parts in the ISO 22100 series can be found on the ISO website.
iv © ISO 2018 – All rights reserved
---------------------- Page: 10 ----------------------
SIST-TP CEN ISO/TR 22100-4:2021
ISO/TR 22100-4:2018(E)
Introduction
Internet, digital services and technology are important enablers for smart manufacturing, which is one
part of internet of things (IoT) (see ISO/IEC 20924). For the manufacturing environment, the foundations
are vertical networking and horizontal integration across the entire value chain, convergence of
design, ordering, delivery and manufacturing capabilities. This results in the transformation of
conventional value chains and the emergence of new business models. Smart products based on smart
manufacturing know many details on how they were made, their performance and how they are being
used. The physical product is linked to its digital representation, and the digital content depends on
lifecycle phase. Implementing smart manufacturing creates an efficient and highly responsive package
by leveraging existing manufacturing systems, as well as technological and economic potential. Smart
manufacturing increases the vulnerabilities of machinery to IT-security threats.
Smart manufacturing leads to the emergence of dynamic, real-time optimized, self-organizing value
chains. An appropriate regulatory framework is therefore necessary, as well as standardized interfaces
and harmonized business processes. Smart manufacturing is characterized by:
a) increased product flexibility;
b) new intrinsic built-in product properties;
c) flexible work organization;
d) changed scale (up to a lot size 1) and location of manufacturing.
For smart manufacturing, the description of the network infrastructure needs to be further expanded
to enable privacy, self-configuration and ease of use. Therefore, there is a need for fast available, robust
and secure communication networks.
The primary purpose of this document is to address aspects on safety of machinery that can be
affected by IT-security attacks related to the direct or remote access to, and manipulation of, a safety-
related control system(s) by persons for intentional abuse (unintended uses). IT-security attacks are
increasingly becoming a potential threat to the safety of machinery. Although intentional abuse falls
outside the scope of ISO 12100 and the (safety-related) risk assessment process, it is reasonable also for
machinery manufacturers to consider such threats.
Current technologies enable machinery to be monitored and/or improved regarding their performance
remotely by adjusting parameters without having to be on site at the machine. This ability provides
considerable benefits as machinery can be kept operating without the downtime and associated costs
of a field service person making a service call.
However, this same capability to adjust machine parameters to improve performance lends itself to the
possibility for persons with nefarious or criminal intent to make adjustments that can put workers and
others at risk of harm. For example, speeds or forces can be adjusted to dangerous levels, temperatures
can be lowered below a kill step level resulting in food contamination, or error codes or messages can
be erased or falsified.
Human error can have little relation to IT-security in its strict sense. Those unintentional influences
(reasonably foreseeable human error when adjusting parameters of the machine or its control system)
are already covered within the normal (safety-related) risk assessment and the resulting inherently
safe design of the control system (see ISO 12100:2010, 6.2.11.1).
© ISO 2018 – All rights reserved v
---------------------- Page: 11 ----------------------
SIST-TP CEN ISO/TR 22100-4:2021
---------------------- Page: 12 ----------------------
SIST-TP CEN ISO/TR 22100-4:2021
TECHNICAL REPORT ISO/TR 22100-4:2018(E)
Safety of machinery — Relationship with ISO 12100 —
Part 4:
Guidance to machinery manufacturers for consideration of
related IT-security (cyber security) aspects
1 Scope
This document gives machine manufacturers guidance on potential security aspects in relation to
safety of machinery when putting a machine into service or placing on the market for the first time. It
provides essential information to identify and address IT-security threats which can influence safety of
machinery.
This document gives guidance but does not provide detailed specifications on how to address IT-
security aspects which can influence safety of machinery.
This document does not address the bypass or defeat of risk reduction measures through physical
manipulation.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 12100:2010, Safety of machinery — General principles for design — Risk assessment and risk reduction
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 12100 and the following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https: //www .iso .org/obp
— IEC Electropedia: available at http: //www .electropedia .org/
3.1
antivirus tool
software used to detect malicious code, prevent it from infecting a system, and remove malicious code
that has infected the system
3.2
attack
attempt to gain unauthorized access to system services, resources, or information
[SOURCE: CNSSI-4009, modified — “., or an attempt to compromise system integrity, availability, or
confidentiality” has been deleted at the end of the definition.]
© ISO 2018 – All rights reserved 1
---------------------- Page: 13 ----------------------
SIST-TP CEN ISO/TR 22100-4:2021
ISO/TR 22100-4:2018(E)
3.3
authentication
verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources
in an information system
[SOURCE: NIST SP 800-53]
3.4
authorization
right or permission that is granted to a system entity to access a system resource
[SOURCE: RFC 4949]
3.5
confidentiality
preserving authorized restrictions on, and preventing unauthorized access (3.18) to information
3.6
encryption
transformation of data into a form that conceals the data’s original meaning to prevent it from being
known or used
Note 1 to entry: If the transformation is reversible, the corresponding reversal process is called “decryption,”
which is a transformation that restores encrypted data to its original state.
[SOURCE: RFC 4949, modified — The word “cryptographic” has been deleted before “transformation
of data” and “(called “plaintext”)” deleted afterwards; “(called “ciphertext”)” has been deleted after
“form”. The second sentence has been moved to Note 1 to entry.]
3.7
firewall
software that restricts data communication traffic between two connected networks.
Note 1 to entry: It is also common to name specific hardware in which the software runs a firewall.
3.8
integrator
entity who designs, provides, manufactures or assembles an integrated manufacturing system and is in
charge of the safety strategy, including the protective measures, control interfaces and interconnections
of the control system
Note 1 to entry: The integrator can be a manufacturer, assembler, engineering company or the user.
[SOURCE: ISO 11161:2007, 3.10]
3.9
integrity
condition of guarding against improper modification or destruction of information
3.10
IT-security
Information Technology security
cyber security
protection of an IT-system from the attack (3.2) or damage to its hardware, software or information, as
well as from disruption or misdirection of the services it provides
3.11
IT-security incident
occurrence that actually or potentially jeopardizes the confidentiality (3.5), integrity (3.9), or availability
of an IT-system
2 © ISO 2018 – All rights reserved
---------------------- Page: 14 ----------------------
SIST-TP CEN ISO/TR 22100-4:2021
ISO/TR 22100-4:2018(E)
3.12
machine control system
system which responds to input signals from parts of machine elements, operators, external control
equipment or any combination of these and generates output signals causing the machine to behave in
the intended manner
Note 1 to entry: The machine control system can use any technology or any combination of different technologies
(e.g. electrical/electronic, hydraulic, pneumatic, mechanical).
[SOURCE: ISO 13849-1:2015, 3.1.32]
3.13
password
string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify
access authorization (3.4)
3.14
remote access
access by users (or information systems) communicating external to an information system security
perimeter
[SOURCE: NIST SP 800-53]
3.15
risk reduction measure
protective measure
action or means to eliminate hazards or reduce risks
[SOURCE: ISO/IEC Guide 51:2014, 3.13]
3.16
smart manufacturing
manufacturing that improves its performance aspects with integrated and intelligent use of processes
and resources in cyber, physical and human spheres to create and deliver products and services, which
also collaborates with other domains within enterprises’ value chains
Note 1 to entry: Performance aspects include agility, efficiency, safety, security, sustainability or any other
performance indicators identified by the enterprise.
Note 2 to entry: In addition to manufacturing, other enterprise domains can include engineering, logistics,
marketing, procurement, sales or any other domains identified by the enterprise.
3.17
threat
any IT-security incident (3.11) with the potential to adversely impact machinery operations
3.18
unauthorized access
any logical or physical access which is not intended by the owner of an IT-system
3.19
vulnerability
weakness in the security of an IT-system that can be exploited or triggered by a threat (3.17)
4 General characterization of safety of machinery versus IT-security
4.1 Principle objectives
The principle objectives and conditions of IT-security are very much different from machinery safety,
see Table 1.
© ISO 2018 – All rights reserved 3
---------------------- Page: 15 ----------------------
SIST-TP CEN ISO/TR 22100-4:2021
ISO/TR 22100-4:2018(E)
Table 1 — Principle objectives
Safety of machinery IT-Security
(cyber security)
Objectives injury/accident prevention, health availability, integrity, confidentiality
(avoidance of harm)
Conditions transparent (obvious) not obvious (not shared with machin-
(risks, methods, measures) ery user)
Dynamics rather static field (intended use, highly dynamic field; moving target
reasonable foreseeable misuse) (intentional manipulation, criminal
intent)
Risk reduction (mitigation) mainly by machine manufacturer by various actors (machine manu-
measures at a dedicated time (when provid- facturer, integrator, machine user,
ing the machine for the first use) service provider) at any time along the
overall life cycle
4.2 Different elements of risk
The elements of risk regarding safety are characterized as given in Figure 1.
Figure 1 — Elements of risk related to safety of machinery (see ISO 12100:2010, Figure 3)
Regarding IT-security the elements of risk are different and can be characterized according to Figure 2
as follows:
Figure 2 — Elements of risk related to IT-security
4 © ISO 2018 – All rights reserved
---------------------- Page: 16 ----------------------
SIST-TP CEN ISO/TR 22100-4:2021
ISO/TR 22100-4:2018(E)
4.3 Consequences for risk assessment process
Based on the differences shown in 4.2, risk assessment regarding safety of machinery which is
prescribed in ISO 12100:2010, Clause 5 has to be distinguished clearly from a risk assessment regarding
IT-security.
An example regarding IT-security risk assessment for industrial automation and control systems is
1)
given in IEC 62443-3-2:— , Clause 5.
5 Relationship to existing legal and standardization framework regarding safety
of machinery
5.1 Legal framework
Legal frameworks for putting a machine into service or placing it on the market for the first time
(responsibility of the machine manufacturers) and ISO 12100 restrict the scope of safety of machinery
to the “intended use” and the “reasonably foreseeable misuse” of a machine. Every kind of intentional
violation (sabotage/spying) of a machine is de facto a criminal act which is outside the scope of current
safety legislation. Consequently, it is also out of the scope of standardization for safety of machinery,
which supports such legislation. For an example, see Annex A.
5.2 Standardization framework – Relationship to ISO 12100
In line with local/regional legal framework for putting machinery into service or placing on the market
for the first time, ISO 12100 does not explicitly address IT-security attacks and/or threats which are
categorized as intentional abuse and criminal acts.
The determination of the limits of the machinery as part of the strategy for risk assessment and
risk reduction in ISO 12100 only considers the intended use and any reasonably foreseeable misuse
(see ISO 12100:2010, Clause 4). IT-security attacks and/or threats from outside and possible safety
implications (via vulnerabilities of the machine control system or other electronic parts) are not
considered as reasonably foreseeable misuse.
However, manufacturers providing machinery which can have vulnerabilities to IT-security attacks
and/or threats should take this aspect into account in particular when IT-security attacks and/or
threats can have an impact to safety of machinery.
6 Relationship between safety of machinery and IT-security
The relationship between safety of machinery and IT-security is shown in Figure 3.
1) Currently available as draft document IEC 65/690/CDV:2018.
© ISO 2018 – All rights reserved 5
---------------------- Page: 17 ----------------------
SIST-TP CEN ISO/TR 22100-4:2021
ISO/TR 22100-4:2018(E)
Figure 3 — Relationship between safety of machinery and IT-security
Resulting from 4.3 and Figure 3, the safety risk assessment for a machine according to ISO 12100
should be made in advance of any IT-security risk considerations. The resulting inherently safe design
measures, and safeguarding and risk reduction measures, of a machine should then be analysed
regarding possible vulnerabilities against IT-security threats.
Resulting IT-security risks can then be mitigated through the combined efforts of component suppliers,
the machinery manufacturer, the integrator, and the machinery user. In general, the potential responses
to security risks should apply the following hierarchy based on ISO 12100:
a) eliminate the security risk by design (avoid vulnerabilities);
b) mitigate the security risk by risk reduction (mitigation) measures (limit vulnerabilities);
c) provide information about the residual security risk and the measures to be adapted by the user.
NOTE The comparable term to “risk mitigation” is the term “risk reduction” used in safety of machinery.
Those vulnerabilities against IT-security attacks (threats) depend heavily on whether a machine can be
connected to an external IT-system and how often this happens. Answering the following questions can
help limit or restrict IT-security threats and vulnerabilities.
1) Does it need to be connected?
2) Does it need to be connected at all times (continuously)?
6 © ISO 2018 – All rights reserved
---------------------- Page: 18 ----------------------
SIST-TP CEN ISO/TR 22100-4:2021
ISO/TR 22100-4:2018(E)
3) Is the connection monitored [e.g. using a virtual private network (VPN) system]?
4) Is the connection configurable (e.g. access for authorized persons only)?
5) Can the connection be restricted to "read only" mode (without ability to change)?
Consequently, a machine without any direct or indirect interface to external IT-systems can be
considered as not vulnerable to IT-security attacks.
7 Essential steps to address IT-security over the whole life cycle of the machine
IT-security threats and vulnerabilities require cooperation and coordination between the component
suppliers, the machinery manufacturer, the integrator, and the machinery user. Each has a role to play
in preventing IT-security attacks throughout the phases of the lifecycle of the machinery. No party can
assign to another the responsibility for IT-security, or assume that another is fully responsible for IT-
security. At the same time, no party has all of the required information available to effectively address
IT-security threats and vulnerabilities throughout the phases of the lifecycle of the machinery.
Component suppliers, the machinery manufacturer, the integrator, and the machinery end user
should each use the essential elements to evaluate its system(s). Part of the evaluation should include
communicating to the other parties the threats and vulnerabilities which it cannot fully address alone
or which have implications to the other parties. For example, a machine manufacturer cannot prevent
entirely an IT-security threat if the machinery user connects the machine to the connected world via its
communication or networked system. The machinery manufacturer should inform the machinery user
of the preferred communications method(s) in order to minimize potential attacks.
Essential steps for providing effective IT-security should be considered by machinery manufacturers
and integrators. This should be done as far as possible in the context of the machinery user's actual or
expected IT-infrastructure.
The following five steps should enable machinery manufacturers and integrators – regardless of size,
degree of IT-security threats, or sophistication – to apply the principles and best practices to improving
the security and resilience of machinery.
a) Identify – What are the IT-security threats and vulnerabilities?
— Why would an entity attack the machine control system?
— What does the machine user have that is valuable?
— What are the vulnera
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.