Development of an IACS Security Engineering Tool
Development of an IACS Security Engineering Tool
| Supervisor(s): | Michael Heinl, Nikolai Puch, Alexander Giehl |
| Status: | finished |
| Topic: | Others |
| Author: | Nguyen Truong An To |
| Submission: | 2023-02-15 |
| Type of Thesis: | Bachelorthesis |
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching
|
|
DescriptionIndustrial Automation and Control System (IACS) in critical infrastructures have continuously developed during the last decades. This phenomenon leads to a pressing demand for cyber security protection in IACS, particularly to secure the IACS components and systems in use. For this reason, the International Electrotechnical Commission (IEC), together with the International Society of Automation (ISA), has established the ISA/IEC 62443 series of standards which provide security requirements for components and systems in IACS. However, the provided list of security requirements is quite extensive and sometimes even inapplicable in many practical situations. Therefore, this thesis aims at developing a methodology to assess the requirement relevance for IACS components and systems. The approach is based on the concept of categorizing the requirements and then evaluating a specific component to find out which categories it belongs to. After that, the applicable requirements can be determined by filtering out all the irrelevant ones. This process should aid the engineers to eliminate the irrelevant requirements in the 62443 standards, and thereby also help them concentrate on the relevant aspects that are truly essential to the component under consideration. Along with the methodology, this thesis also provides a simple, interactive web application which should assist the engineers in evaluating IACS components and, at the end of the process, deliver a list of applicable security requirements. |
|