Inside the Unique Cybersecurity Needs of IIoT Systems: Learn More in ISA's New Paper

The use of cloud-based functionality for industrial automation and control systems (IACS) has grown in recent years. While the decision to introduce the cloud to IACS is always a risk and ultimately lies with the asset owner, more asset owners are making this choice today.

Systems that rely on the industrial internet of things (IIoT) need unique protection from cybersecurity threats.  All their components — from sensors, actuators and controllers at the edge to services in the cloud and the communications between edge and cloud — may be vulnerable to cyberattack.

The International Society of Automation (ISA) has released a new paper from its ISASecure® cybersecurity certification program and the ISA Global Cybersecurity Alliance (ISAGCA). This paper explores how to apply the ISA/IEC 62443 series of standards — the leading consensus-based automation and control systems cybersecurity standards — to cloud-based functionality.

Key Findings

• IACS that use cloud-based functionality can benefit from concepts in the ISA/IEC 62443 standards. Risk assessment, zone and conduit partitioning and the system/component model can all be applied to an IIoT IACS.
• When the cloud-based functionality has the capability to influence the physical state of the equipment under control, the scope of ISA/IEC 62443 should extend to the cloud environment.
• Implementation of essential functions in the cloud does not meet ISA/IEC 62443 requirements.
• A new category of cloud service, proposing the term "operational technology as a service (OTaaS)," would provide transparency when cloud-based functionality has the capability to directly or indirectly change the physical state of the equipment under control.
• The role of cloud provider is a new one, and it is not currently defined in the ISA/IEC 62443 series. This role encompasses aspects of product supplier, service provider and asset owner (operator) roles.  
• Conformity assessment schemes based on ISA/IEC 62443 standards could be developed for IIoT systems, components and IACS provided that these standards receive updates for the IIoT use case.

Read the Report

This 73-page paper, “IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards” is now available as a free download.

Learn More in the Webinar

ISASecure and ISAGCA will host an informative webinar on 17 July 2024 at 11 a.m. Eastern time for anyone interested in understanding more about the paper. Registration is free.