Market Research on IIoT Standard Compliance Monitoring Providers and deriving Attributes for IIoT Compliance Monitoring

TL;DR

This paper analyzes IIoT security compliance monitoring providers, identifying key attributes for IEC 62443 standards, and highlights challenges and commonalities to aid automated compliance assessment.

Contribution

It formulates a catalog of monitorable attributes for IEC 62443 in IIoT, based on market analysis and expert knowledge, addressing current gaps in compliance monitoring.

Findings

Identified commonalities in practical implementations

Derived attributes aligned with IEC 62443 standards

Highlighted challenges like lack of formal architecture separation

Abstract

Adapting security architectures to common standards like IEC 62443 or ISO 27000 in the Industrial Internet of Things (IIoT) involves complex processes and compliance reports. Automatic monitoring of compliance status would enhance this process. Despite limited research, practical applications exist. This paper conducts a market study on providers implementing IEC 62443 in IIoT, aiming to formulate a catalog of monitorable attributes aligned with the standard. The study reveals challenges, such as a lack of formal separation in security architectures, limiting visibility. Despite these challenges, practical implementations share commonalities, providing insights into viable monitoring properties. The research serves as a crucial entry point into developing a comprehensive catalog of monitorable attributes for IEC 62443 standards in IIoT. Aligned with the IEC 62443 SR catalog of document 3-3, monitorable attributes are derived based on current research about IIoT security and Expert Knowledge. The provided tables serve as an exemplary extract, not exhaustive, defining three types of attributes based on their origin of creation.