Industrial Control Systems and their Operational Technology assets remain a prime target for persistent attacks - particularly those deemed as Critical National Infrastructure (CNI). These critical, high-risk systems have unique security requirements to prevent compromise - but how do you identify these?
IriusRisk helps engineers and security analysts to quickly understand the security threats that apply to the design of a system. To alleviate the challenges posed by the unique and increasingly complex requirements within Industrial Automation and Control Systems (IACS), we've built a dedicated module for the global standard created by the ISA Global Security Alliance. Engage the power of automated threat modeling and secure design for IEC/ANSI 62443.
Companies like IriusRisk are key to enabling adoption of the ISA/IEC 62443 standards for supplier companies. Commercial tools that simplify the threat analysis and compliance tasks during product development remove barriers to applying the ISA/IEC 62443 standards.
Andre Ristaino, ISA Managing Director, Consortia and Conformance Programs
Businesses that need to comply, build, and design according to IEC/ANSI 62443
Manufacturers of network and industrial control systems, such as PLCs, controllers, sensors, etc.
Teams responsible for the maintenance of industrial control systems throughout the SDLC
Medical technology and healthcare providers
Operational technology industries and CNI, such as rail and transport, power stations, petrochemicals, water, recycling, metal and fabric manufacturing.
The challenges of adopting IEC/ANSI 62443 standards:
How do I navigate and prioritize controls according to risk?
How do I identify the threats to my infrastructure?
Where do I find the expertise (or the time) to identify and enact the specific controls necessary?
How do I know if I am compliant with IEC/ANSI 62443, or if I am meeting my target security level?
How do I know if the controls that I have implemented have adequately secured my infrastructure?
The answer? Start left.
Risk assessments: use threat modeling to define the specific controls required for assessment and uniquely applicable to your systems
Visualize your risk: establish your security baseline, and achieve your target security level
Produce your security requirements near-instantly using our 27 independently-configured components to remediate threats
Harness an instantly accessible library: all 186 pages of IEC/ANSI 62443 for software development: Parts 3-3 (Network and System Security) and 4-2 (Security for Industrial Automation and Control Systems)
Reduce hours of manual analysis to seconds: watch IriusRisk define your mandatory controls for each component
Start Left: Helping you to design secure, robust products
Visit our Resources Hub for threat modeling articles, thought leadership, and further information on industrial automation and IEC/ ANSI 62443.
Spot and fix architectural security flaws in your operational technology infrastructure before you build with IriusRisk’s automated, scalable and intuitive threat modeling platform.
Implementing Security
This article reviews security technologies and techniques that implement controls and countermeasures reported in standards and regulations, and used in threat modeling.
