Vulnerability and security risk assessment in a IIoT environment in compliance with standard IEC 62443

摘要

Industrial networks based on the Internet of Things (IoT) have become the backbone of Industry 4.0. Indeed, these connected objects increase the efficiency, flexibility and autonomy of machines, thus improving the productivity and profitability of factories. However, the opening up of digitization technologies, especially in environments where failure is hardly tolerable, creates new challenges related to security. The number of vulnerabilities in industrial facilities is constantly increasing [1]. To implement a cyber defense framework for industrial systems, the cybersecurity standard IEC 62443 has been proposed. This standard mainly provides a set of instructions and measures to be put in place to ensure not only the security of the industrial system, but also operational safety. In this paper, we propose a new approach based on the standards IEC 62443-3-2 and IEC 62443-4-2 allowing us to verify, through an in-depth risk assessment, the conformity of the objects with the main security requirements.