Industrial IoT Security at Scale: IEC 62443 Zones, Conduits, and the IACS Architecture

SL 1â€“4

IEC 62443-3-3 Security Levels â€” most deployments target SL-2 but operate at SL-1 capability

IEC 62443 is the international standard series for Industrial Automation and Control System (IACS) security. Part 3-3 specifies system-level security requirements, defining four Security Levels based on the sophistication of the adversary assumed. The zone-and-conduit model partitions the IACS into security zones with defined Security Level Targets, connected by conduits whose security controls are sized to bridge the difference. The OPC-UA security architecture â€” used extensively for industrial data aggregation across heterogeneous equipment â€” adds a layer of session-based authentication and encryption that the underlying fieldbus protocols lack. What 'defence in depth' means in this context is not deploying a firewall at the IT/OT boundary. It is implementing security controls at every zone boundary so that compromise of one zone does not provide access to adjacent zones.

Full article content coming soon.

Architecture

The engineering behind this article is available as a service.

We have done this work — not advised on it, not reviewed documentation about it. If the problem in this article is your problem, the first call is with a senior engineer who has solved it.

Talk to an Engineer See Case Studies →

Industrial IoT Security at Scale: IEC 62443 Zones, Conduits, and the IACS Architecture

What Happens to Your HIPAA BAAs When You Migrate to Cloud

NERC CIP v7: The Utility Industry's Most Underestimated Compliance Deadline

HL7 FHIR R4 to R5: The Migration Nobody Budgeted For

The engineering behind this article is available as a service.