TUM Logo

Towards Open and ISA/IEC 62443-conform Logging for OT Devices

Towards Open and ISA/IEC 62443-conform Logging for OT Devices

Supervisor(s): Michael Heinl, Sebastian Peters
Status: finished
Topic: Others
Author: Hendrik Hagendorn
Submission: 2024-03-15
Type of Thesis: Masterthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching


In the evolving landscape of Operational Technology (OT), the
integration of robust logging mechanisms is paramount to maintaining
compliance with industrial standards such as ISA/IEC 62443. This thesis
presents a ISA/IEC 62443-compliant approach to enhance the security and
standard conformance of logging mechanisms within OT environments. By
leveraging insights from existing protocols, such as Profinet IO and
syslog, alongside the implementation of innovative logging strategies,
we address the unique challenges of logging in OT settings. These
challenges include the integration of legacy systems, ensuring high
availability, and maintaining the confidentiality and integrity of log
data in real-time operational contexts.

Our research analyzes current logging protocols and data structures,
identifying gaps in their ability to meet the stringent requirements set
forth by the ISA/IEC 62443 standards. We propose a logging concept that
not only ensures compliance with these standards but also supports the
seamless integration with existing OT infrastructure. This concept
includes the development of a secure and flexible logging framework that
can be adapted to various OT devices and platforms. The framework
emphasizes the importance of confidentiality, integrity, availability,
and event correlation to aid in the detection and mitigation of security
incidents. The practicality of this approach is demonstrated through the
implementation of a testbed, showcasing the feasibility and
effectiveness of our logging concept in real-world OT scenarios.

Our findings reveal that a standards-compliant logging mechanism
significantly enhances the security posture of OT systems, providing a
robust foundation for the detection, analysis, and response to security
threats. This research contributes to the body of knowledge in OT
security, offering a comprehensive strategy for organizations to achieve
and maintain compliance with ISA/IEC 62443 standards, thereby ensuring
the safe and reliable operation of critical industrial systems.