ISA/IEC 62443: 4 Practical Layers in Industrial Cyber Security

[Cengiz Özemli]

## ISA/IEC 62443: 4 Practical Layers in Industrial Cyber Security

The ISA/IEC 62443 standard transforms uncertainty into a navigable journey for industrial automation and control systems.

A lighthouse does not control the ship's rudder or determine its exact course, but it provides a fixed and reliable reference point that allows captains to position themselves. In difficult sea conditions, this steady light reduces guesswork and eliminates constant doubt among the crew. This allows the ship to proceed confidently without debating where dangers might lie.

Similarly, guiding principles, standards, and best practices like ISA/IEC 62443 serve as a common navigation tool in industrial automation and control system cybersecurity.

ISA/IEC 62443 offers a structured and comprehensive set of references that allows different roles — operators, system integrators, and product suppliers — to navigate the same waters using a common map.

### The Four Practical Layers of ISA/IEC 62443

This series of standards is organized into four layers, reminiscent of maritime training and ship operation:

- Part 1 (General): Learn the Language of the Sea.
A common language and fundamental concepts are established; the focus is on correct decisions, not disagreements over terminology.

- Part 2 (Policies and Procedures): Managing the Ship in Rough Weather.
Operational discipline is ensured; includes practices such as task distribution, record-keeping, drills, and patch management. Cybersecurity here becomes a repeatable process.

- Part 3 (System): Plan the Route and Design the Voyage.
Risk assessment is performed for system security, and security requirements and levels are defined. Safe passage routes for the ship are determined, watch schedules are created, and layers of defense in depth are established.

- Part 4 (Component): Produce Durable and Reliable Parts.
The robustness of each component is important; system components such as the hull, hardware, compass, and radio are designed through secure product development processes.

For Nozomi Networks customers and partners, ISA/IEC 62443 transforms uncertainty into a clear roadmap, allowing participants to meet at a common reference point. This enables teams to move faster, reduce risk, and build resilience in challenging conditions.

Industry professionals often choose to review ISAGCA's ISA/IEC 62443 Quick Start Guide before embarking on the journey.

### References

• ISA/IEC 62443 standard series
• ISAGCA ISA/IEC 62443 Quick Start Guide