TUM Logo

Development of an IACS Security Engineering Tool

Development of an IACS Security Engineering Tool

Supervisor(s): Michael Heinl, Nikolai Puch, Alexander Giehl
Status: finished
Topic: Others
Author: Nguyen Truong An To
Submission: 2023-02-15
Type of Thesis: Bachelorthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching


Industrial Automation and Control System (IACS) in critical infrastructures have continuously developed during the last decades.

This phenomenon leads to a pressing demand for cyber security protection in IACS, particularly to secure the IACS components

and systems in use.

For this reason, the International Electrotechnical Commission (IEC), together with the International Society of Automation (ISA),

has established the ISA/IEC 62443 series of standards which provide security requirements for components and systems in IACS.

However, the provided list of security requirements is quite extensive and sometimes even inapplicable in many practical situations.

Therefore, this thesis aims at developing a methodology to assess the requirement relevance for IACS components and systems.

The approach is based on the concept of categorizing the requirements and then evaluating a specific component to find out which

categories it belongs to. After that, the applicable requirements can be determined by filtering out all the irrelevant ones. This process

should aid the engineers to eliminate the irrelevant requirements in the 62443 standards, and thereby also help them concentrate on the

relevant aspects that are truly essential to the component under consideration. Along with the methodology, this thesis also provides a simple,

interactive web application which should assist the engineers in evaluating IACS components and, at the end of the process, deliver a list of

applicable security requirements.