#IEC 62443 # Security Levels as per IEC-62443
Security levels are used to classify zone/conduits based on security properties and countermeasures.
There are mainly 3 security level: a) 1 b) 2 c) 3. 1 is the lowest and 3 is the highest security level. The security levels are qualitative. As the mathematical modelling of threats and vulnerabilities increases, there is more chance to have quantitative threat modelling.
Security Levels are for zones/conduits , not for individual device/systems.
There are 3 SL types:
a) SL Target
b) SL Achieved
c) SL Capability
SL Target: Required Security Level of Zone or Conduit.
Determined through Risk Assessment Determines required effectiveness of countermeasures that needs to be in place to prevent security of zone or conduit compromised.
SL Achieved:
Dependent of security properties of devices and systems. This decreases with time due to degradation countermeasures with time and increase in vulnerability. At any point of time SL achieved needs to be higher than SL Target.
SL Capability:
This is the measure of effectiveness of countermeasures. Defined by security properties of devices and systems within a zone or conduit. Example of Security Properties: Preserving authenticity and integrity of messages Preserving confidentiality of messages Ensuring accountability Enforcing access control policies.
Comments