OT Cybersecurity: Leveraging ISA 62443-3-2 for IACS Risk Assessment

This document is intended to provide the reader with an overview of ISA 62443-3-2, “Security Risk Assessment for Design," as well as a summary of some methodologies that can be used to assist execution of the industrial automation control system (IACS) cyber security risk assessment work process requirements detailed in the standard.

This risk assessment work process is applicable to many sectors, e.g. industrial process sector, building automation, medical devices, transportation sectors, electrical production, water treatment, etc. Risk management of the IACS starts with a proposed design that is based on company standards and practices and/or recognized and generally acceptable good engineering practice (RAGAGEP). It then requires the understanding of how to identify vulnerabilities, threats, consequences of a successful attack, ranking risks, and then implementing mitigation measures to lower risks to tolerable levels. The standard itself is considered a (RAGAGEP).

Download the full report.
 

About ISAGCA

The ISA Global Cybersecurity Alliance is made up of 48 member companies spread across more than 2,400 combined worldwide locations. ISAGCA’s mission is to enable and accelerate adoption of cybersecurity practices for all stakeholder groups based on the ISA/IEC 62443 family of automation cybersecurity standards. Automation and cybersecurity provider members serve 31 different industries, and industrial end user companies also are encouraged to join. Member companies collaborate with each other, industry partners, and regulatory/legislative bodies to secure automation that affects everyday lives. Read more on their blog.