Charles Marrow
|
Head of Center of Excellence - Embedded Device Security
September 3, 2024

Threat modeling for IIoT Devices and Gateways

The ISASecure® IEC 62443 ICSA Certification Program is a certification initiative developed by the ISA Security Compliance Institute (ISCI). It is aimed at improving cybersecurity in Industrial Automation and Control Systems (IACS) and Industrial Internet of Things (IIoT) components. The program is based on the international standards set IEC 62443, ensuring that certified components meet stringent security requirements.

Key Aspects of the Certification Program:

  • Scope: Targets IIoT devices and gateways, ensuring they adhere to industry-recognized security practices.
  • Integration with IEC 62443: The program's alignment with IEC 62443-4-2 and IEC 62443-4-1 ensures that IIoT components are not only secure in their design but also in their development lifecycle. This is available in IriusRisk’s Enterprise Edition, with specific extensions to address IIoT environments.

ICSA-500 Commonly Accepted IIoT Practices

ICSA-500 provides guidelines on implementing security practices for IIoT components. It supports the broader ISASecure ICSA certification by offering detailed interpretations and examples of specific IIoT related security practices. ICSA-500 covers critical IIoT device elements, e.g. hypervisors, compartmentalization and containers. These practices are meant to ensure that IIoT components meet the specific requirements outlined in the ICSA certification. IriusRisk has built a specific Threat/Control Library based on the ICSA-500 practices which can be used to support a product ICSA certification process or securing IIoT Devices through the process of Threat modeling.  

Key Properties of the ICSA-500 Document:

  • Purpose: Provides a framework for interpreting specific ICSA certification requirements, focusing on practices that are widely accepted in the industry.
  • Scope of Practices: Covers various security topics, including cryptographic techniques, compartmentalization, user authentication, and integrity protection for both software and data.
  • Application: The practices outlined in ICSA-500 are not mandatory but are provided as guidance to ensure that the device is secured during the design phase.

Select Examples of ICSA-500 Security Practices:

  1. Cryptographic Techniques: Emphasizes the use of internationally recognized cryptographic standards, avoiding proprietary algorithms.
  2. Compartmentalization: Details methods for separating critical functions within a device to enhance security, including the use of hardware separation (e.g., Trusted Platform Modules).
  3. User Authentication: Specifies the need for multifactor authentication for remote human access and certificate-based authentication for non-human users (e.g., software processes).
  4. Integrity Checking: Recommends practices for ongoing integrity checks of software and data at rest, including the use of hash functions and secure storage mechanisms.
  5. Communication Security: Advocates for the use of secure communication protocols such as TLS, IPsec, and SSH to protect data transmitted over untrusted networks.
  6. Data at Rest Encryption: Stresses the importance of encrypting sensitive data stored on devices using unique keys and approved cryptographic algorithms.

Conclusion

The ISASecure ICSA certification, supported by the ICSA-500 document, provides a robust framework for ensuring that IIoT components meet high-security standards. The practices outlined in ICSA-500 serve as a valuable resource for both certifiers and product suppliers, helping to interpret and apply commonly accepted security practices in line with the certification's requirements. IriusRisk now includes both IEC 62443 4-2 and ICSA-500 to support the ICSA certification and standard threat modeling process of IIoT devices and gateways. For end-users, it offers peace of mind, knowing that their critical industrial systems are protected by components that adhere to the highest security standards.