ThreatGet: Ensuring the Implementation of Defense-in-Depth Strategy for IIoT Based on IEC 62443

Christoph Schmittner; Abdelkader Shaaban; Georg Macher

doi:10.1109/ICPS51978.2022.9816864

ThreatGet: Ensuring the Implementation of Defense-in-Depth Strategy for IIoT Based on IEC 62443

Christoph Schmittner
, Abdelkader Shaaban (Autor:in und Vortragende:r)
, Georg Macher

Graz University of Technology

Publikation: Beitrag in Buch oder Tagungsband › Vortrag mit Beitrag in Tagungsband › Begutachtung

Abstract

Security engineering is a major challenge in the distributed and heterogeneous nature of the Industrial Internet of Things (IIoT). While IEC 62443 is available as a security engineering standard for the industrial domain, the increased complexity and dynamic of combining IoT with industrial sys-tems challenges approaches without automation. Security analy-sis in the IIoT with a model-based engineering tool is essential to ensure the proper method is applied to protect the system model. This work follows the Defense-in-depth strategy presented by IEC 62443, then adapted for IIoT applications. We use ThreatGet threat modeling tool to show how this strategy could be implemented in the IIoT domain using threat modeling. The research findings demonstrate how the threat modeling approach ensures the implementation of a defense-in-depth strategy in the IIoT domain.

Originalsprache	Englisch
Titel	Proceedings 2022 IEEE 5th International Conference on Industrial Cyber-Physical Systems (ICPS)
Seiten	1-6
Seitenumfang	6
ISBN (elektronisch)	978-1-6654-9770-1
DOIs	https://doi.org/10.1109/ICPS51978.2022.9816864
Publikationsstatus	Veröffentlicht - 2022
Veranstaltung	International Conference on Industrial Cyber-Physical Systems (ICPS) 2022 - Coventry, Großbritannien/Vereinigtes Königreich Dauer: 24 Mai 2022 → 26 Mai 2022

Konferenz

Konferenz	International Conference on Industrial Cyber-Physical Systems (ICPS) 2022
Land/Gebiet	Großbritannien/Vereinigtes Königreich
Zeitraum	24/05/22 → 26/05/22

Research Field

Dependable Systems Engineering

Zugriff auf Dokument

10.1109/ICPS51978.2022.9816864

Diese Publikation zitieren

@inproceedings{6e4f5231301742f587db9cc2ec710fce,

title = "ThreatGet: Ensuring the Implementation of Defense-in-Depth Strategy for IIoT Based on IEC 62443",

abstract = "Security engineering is a major challenge in the distributed and heterogeneous nature of the Industrial Internet of Things (IIoT). While IEC 62443 is available as a security engineering standard for the industrial domain, the increased complexity and dynamic of combining IoT with industrial sys-tems challenges approaches without automation. Security analy-sis in the IIoT with a model-based engineering tool is essential to ensure the proper method is applied to protect the system model. This work follows the Defense-in-depth strategy presented by IEC 62443, then adapted for IIoT applications. We use ThreatGet threat modeling tool to show how this strategy could be implemented in the IIoT domain using threat modeling. The research findings demonstrate how the threat modeling approach ensures the implementation of a defense-in-depth strategy in the IIoT domain.",

keywords = "IEC 62443, IIoT, Model-based, Security Analysis",

author = "Christoph Schmittner and Abdelkader Shaaban and Georg Macher",

year = "2022",

doi = "10.1109/ICPS51978.2022.9816864",

language = "English",

isbn = "978-1-6654-9771-8",

pages = "1--6",

booktitle = "Proceedings 2022 IEEE 5th International Conference on Industrial Cyber-Physical Systems (ICPS)",

note = "International Conference on Industrial Cyber-Physical Systems (ICPS) 2022 ; Conference date: 24-05-2022 Through 26-05-2022",

}

Schmittner, C , Shaaban, A & Macher, G 2022, ThreatGet: Ensuring the Implementation of Defense-in-Depth Strategy for IIoT Based on IEC 62443. in Proceedings 2022 IEEE 5th International Conference on Industrial Cyber-Physical Systems (ICPS). S. 1-6, International Conference on Industrial Cyber-Physical Systems (ICPS) 2022, Großbritannien/Vereinigtes Königreich, 24/05/22. https://doi.org/10.1109/ICPS51978.2022.9816864

ThreatGet: Ensuring the Implementation of Defense-in-Depth Strategy for IIoT Based on IEC 62443. / Schmittner, Christoph ; Shaaban, Abdelkader (Autor:in und Vortragende:r); Macher, Georg.
Proceedings 2022 IEEE 5th International Conference on Industrial Cyber-Physical Systems (ICPS). 2022. S. 1-6.

Publikation: Beitrag in Buch oder Tagungsband › Vortrag mit Beitrag in Tagungsband › Begutachtung

TY - GEN

T1 - ThreatGet: Ensuring the Implementation of Defense-in-Depth Strategy for IIoT Based on IEC 62443

AU - Schmittner, Christoph

AU - Macher, Georg

A2 - Shaaban, Abdelkader

PY - 2022

Y1 - 2022

N2 - Security engineering is a major challenge in the distributed and heterogeneous nature of the Industrial Internet of Things (IIoT). While IEC 62443 is available as a security engineering standard for the industrial domain, the increased complexity and dynamic of combining IoT with industrial sys-tems challenges approaches without automation. Security analy-sis in the IIoT with a model-based engineering tool is essential to ensure the proper method is applied to protect the system model. This work follows the Defense-in-depth strategy presented by IEC 62443, then adapted for IIoT applications. We use ThreatGet threat modeling tool to show how this strategy could be implemented in the IIoT domain using threat modeling. The research findings demonstrate how the threat modeling approach ensures the implementation of a defense-in-depth strategy in the IIoT domain.

AB - Security engineering is a major challenge in the distributed and heterogeneous nature of the Industrial Internet of Things (IIoT). While IEC 62443 is available as a security engineering standard for the industrial domain, the increased complexity and dynamic of combining IoT with industrial sys-tems challenges approaches without automation. Security analy-sis in the IIoT with a model-based engineering tool is essential to ensure the proper method is applied to protect the system model. This work follows the Defense-in-depth strategy presented by IEC 62443, then adapted for IIoT applications. We use ThreatGet threat modeling tool to show how this strategy could be implemented in the IIoT domain using threat modeling. The research findings demonstrate how the threat modeling approach ensures the implementation of a defense-in-depth strategy in the IIoT domain.

KW - IEC 62443

KW - IIoT

KW - Model-based

KW - Security Analysis

U2 - 10.1109/ICPS51978.2022.9816864

DO - 10.1109/ICPS51978.2022.9816864

M3 - Conference Proceedings with Oral Presentation

SN - 978-1-6654-9771-8

SP - 1

EP - 6

BT - Proceedings 2022 IEEE 5th International Conference on Industrial Cyber-Physical Systems (ICPS)

T2 - International Conference on Industrial Cyber-Physical Systems (ICPS) 2022

Y2 - 24 May 2022 through 26 May 2022

ER -

ThreatGet: Ensuring the Implementation of Defense-in-Depth Strategy for IIoT Based on IEC 62443

Abstract

Konferenz

Research Field

Zugriff auf Dokument

Fingerprint

Diese Publikation zitieren