IEC TR 63069 pdf free download

IEC TR 63069 pdf free download.Industrial-process measurement, control and automation – Framework for functional safety and security.
6.2 Managing security related safety aspects
When interacting between the safety domain and the security domain, as shown in Figure 4, the following is recommended.
a) Security related safety aspects should be managed by the security domain and investigated in the threat-risk assessment <security>.
NOTE Managed by the security domain does not imply handled by security experts only.
b) Potential security impacts with impact on safety functions should be addressed by the countermeasures defined for the security environment.
c) Measures for the safety design and countermeasures for the security environment should follow the guiding principles, so that the required risk reductions are achieved in both areas.
7 Risk assessment considerations
7.1 Risk assessment at higher level
Risk assessment at higher level can be understood as a system activity covering both aspects of security and safety for identifying risks and classifying them.
The initial phase is to perform a risk assessment at higher level in order to determine the overall risk to be covered.
Risk assessment <safety> and threat-risk assessment <security> are similar processes, since both intend to take into account the consequences of threats and/or failures. However, they differ in various aspects. For example, the likelihood of vulnerability exploitation by plausible threats is nondeterministic and only qualitatively based on current experience. Security aspects cannot be quantified.
The threat-risk assessment <security> should comply with IEC 62443-2-4, IEC 62443-4-1 and IEC 62443-3-3.
The correlation between functional safety and IACS security is similar to the correlation between functional safety and electromagnetic compatibility, where a potential impact needs evaluation, but no generic settlement can be defined.
The information from a risk assessment at higher level should be available to the safety and security domains in parallel. In both domains, based on this information, the relevant risk assessments are done. Experts from both domains cooperate to address potential conflicts and compatibility issues. Identified conflicts should be resolved and can impact the safety design as well as the security design. See Figure 5.
7.4.2 Reasonably foreseeable misuse (safety)
The aspect of reasonably foreseeable circumstances or misuse as described in IEC 61508-1 and defined in IEC 61508-4 does not include human manipulation and actions with the sole intention to cause damage or injuries. The aspect of foreseeable circumstances or misuse should not be confused with security considerations. Reasonably foreseeable misuse rather relates to behaviours like disregarding the intended use of systems and intentions to overcome safety precautions, which are perceived as inconvenient in daily work.
7.4.3 Prevention of malevolent and unauthorized actions (security)
Security precautions to prevent malevolent and unauthorized actions of an attacker should consider a larger range of manipulative actions, based on the assumed security level. The IEC 62443 series should be used to investigate the system and to identify suitable mechanisms to prevent access.
NOTE Mechanisms can include prevention of physical access to systems and awareness of social engineering
hazards
7.4.4 CombinatIon of password protection measures
The password requirements related to safety aspects, like foreseeable misuse, may not be in line with more stringent security recommendations. Usually, security measures fulfil the safety requirements related to password protection.
NOTE The possible manipulation oF mechanical elements and electrical wiring can be considered as a separate investigation.
8 Incident response readiness and incident handling
8.1 General
Incident handling for the IACS should include actions to prevent safety function(s) from dangerous failures. In the event when a critical security incident is detected, it should be assessed and processed for incident handling, and response should be taken to ensure a continued security environment.
8.2 Incident response readiness
There should be procedures and functionalities in place supporting the detection and recording of security incidents to support later analysis.
NOTE In addition, local laws and regulations might apply
However, due to the nature of security attacks, it might be possible that successful attacks are
not detected as a security incident at all.IEC TR 63069 pdf download.