Fockel, Markus;Merschjohann, Sven;Fazal-Baqaie, Masud;Förder, Torsten;Hausmann, Stefan;Waldeck, Boris:

Designing and Integrating IEC 62443 Compliant Threat Analysis.

In: Proceedings of the 26th European System, Software & Service Process Improvement & Innovation Conference (EuroSPI 2019), S. 57--69, Sep. 2019, Springer International Publishing

Abstract

Cybersecurity gains more and more attention as the number of security incidents rises. In order to strengthen the security of products within the industrial automation domain, the novel standard IEC 62443 prescribes security practices throughout the development lifecycle that improve the security of the resulting product. However, implementing and integrating concrete security practices into the existing development processes is challenging, as best practices for the automation domain are still missing. Hence, in this paper we present our implementation of a standard compliant threat analysis for the development process of the industrial control systems manufacturer Phoenix Contact. Phoenix Contact was successfully certified for its compliance with IEC 62443. We illustrate the requirements of the standard, the resulting threat analysis process, and its tight integration into the existing development process and its tools.

Weblink

https://doi.org/10.1007%2F978-3-030-28005-5_5

Bibtex

@inproceedings{hniid=9938,
author = {Fockel, Markus and Merschjohann, Sven and Fazal-Baqaie, Masud and F{\"o}rder, Torsten and Hausmann, Stefan and Waldeck, Boris},
title = {Designing and Integrating IEC 62443 Compliant Threat Analysis},
booktitle = {Proceedings of the 26th European System, Software & Service Process Improvement & Innovation Conference (EuroSPI 2019)},
pages = {57--69},
publisher = {Springer International Publishing},
month = sep,
year = {2019},
}

BibTeX in die Zwischenablage kopieren

Permalink

https://www.hni.uni-paderborn.de/pub/9938