Tailoring IEC 62443: A Company-Specific Approach to Operational Technology Se curity Levels
Räsänen, Tero (2025)
2025
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2025052817366
https://urn.fi/URN:NBN:fi:amk-2025052817366
Tiivistelmä
Integration of IT and OT networks poses a new threat to OT systems responsible for running important manufacturing processes and critical infrastructure. Even small disturbances in the availability of these systems can cause major physical, environmental and financial damage, which makes them a prime target for cyberattacks.
The purpose of this work was to improve the management of OT cyber security by tailoring the IEC 62443 standards system requirements and security levels to a company specific model. A standard based approach is the best approach to improve the OT cyber security management and maturity.
The goal was to tailor the company’s internal OT cyber security requirements and divide them into security levels based on IEC 62443 and create a practical tool for assessing the company’s OT systems. The work was done by comparing the company’s current requirements with the IEC standard, tailoring them to fit different types of OT environments and building an Excel-based assessment tool for assessments.
The result was a more clear and practical set of requirements that help classify systems based on their criticality and risk level. The assessment tool also supports internal assessments and helps to track the development. One key finding was that OT systems are unique and usually different from each other. There are no simple solutions. Instead, tailored requirements and collaboration with experts from different fields such as cyber security specialists, automation engineers and system owners, is needed to improve security in OT systems.
The purpose of this work was to improve the management of OT cyber security by tailoring the IEC 62443 standards system requirements and security levels to a company specific model. A standard based approach is the best approach to improve the OT cyber security management and maturity.
The goal was to tailor the company’s internal OT cyber security requirements and divide them into security levels based on IEC 62443 and create a practical tool for assessing the company’s OT systems. The work was done by comparing the company’s current requirements with the IEC standard, tailoring them to fit different types of OT environments and building an Excel-based assessment tool for assessments.
The result was a more clear and practical set of requirements that help classify systems based on their criticality and risk level. The assessment tool also supports internal assessments and helps to track the development. One key finding was that OT systems are unique and usually different from each other. There are no simple solutions. Instead, tailored requirements and collaboration with experts from different fields such as cyber security specialists, automation engineers and system owners, is needed to improve security in OT systems.