Author: – IKE –
In CyberSEAS, we will investigate the cybersecurity readiness of involved infrastructures to obtain certification following global cybersecurity standards and frameworks, and to investigate how CyberSEAS tools and solutions can support these infrastructures in adhering to these standards and frameworks. Accordingly, this approach suggests pursuing the certificate by the infrastructure and not by the individual owners of CyberSEAS tools.
Based on the aforementioned points and following the project context and requirements, we suggest using the IEC 62443 and IEC 62351 standards in our approach to provide guidance to infrastructure owners regarding the prospective procedure for obtaining a certificate in the future. By utilizing these standards, we can ensure that industrial systems comply with necessary cybersecurity requirements, and information exchange in energy management systems is secure and protected from potential cyber threats. CyberSEAS tools and solutions can also provide additional support to these infrastructures in adhering to these standards and frameworks.
CyberSEAS infrastructures are typically composed of interconnected systems and networks which are often managed by different entities and may have different cybersecurity requirements. Therefore, it is important to take a holistic approach and study the cybersecurity readiness of the infrastructures as a whole, rather than just focusing on the capabilities of specific cybersecurity tools.
Based on the approach, two standards have been selected that will go along with the project requirements and helps us to achieve the task objectives.
The two common standards (families of standards) that we have selected are:
- IEC 62443: This standard contains both procedural and high-level technical requirements. It defines WHAT cybersecurity aspects industrial systems must comply with. This standard is vital because it is the one currently used in the industrial field to deal with certification processes with an external certification body.
- IEC 62351: This standard contains technical requirements on cybersecurity aspects related to information exchange in energy management systems (TCP/IP profiles, MMS, communication networks, access control, key management, etc.). It defines HOW cybersecurity requirements for information exchange must be fulfilled.
Studying the features of CyberSEAS tools with regards to cybersecurity reference standards is certainly important, as it provides a means of ensuring that the solutions can effectively protect critical infrastructures from cyber threats, thus we believe it is beneficial to study the integration of CyberSEAS tools in the potential certificate process of the pilots’ infrastructures.