Human-centric Introduction to a Complex Cybersecurity Standard

Industrial automation and control systems (IACS) operate in complex and increasingly networked environments of industrial plants. Due to the increasing number of cyberattacks, these systems are also exposed to the growing threat of being attacked. IACS are often found in critical infrastructure such as power supply or water treatment plants, as well as in industry, so their compromise can result in devastating consequences. To prevent this, the IEC-62443 series of standards was developed to address the cybersecurity of IACS. In order to achieve cybersecurity in accordance with the IEC-62443 standard, the human factor plays a major role, as it is humans that need to implement and manage the cybersecurity controls. To help those users to get started and gain a basic understanding of important IEC-62443 concepts such as zones and conduits, defense in depth, and security levels, this paper defines an experience-based practical approach to train users w.r.t. application and implementation of the standard.