Pass the ISA Cybersecurity ISA-IEC-62443 Questions and answers with CertsForce

In the context of international standards and frameworks, SDO stands for “Standards Development Organization.” SDOs are organizations like ISA, IEC, ISO, and NIST, which are responsible for developing, maintaining, and publishing standards used globally for industrial cybersecurity and other domains.

Secure Sockets Layer (SSL) is no longer considered secure due to known vulnerabilities and cryptographic weaknesses. Modern standards require the use of newer versions of Transport Layer Security (TLS), and similarly, DES is deprecated for strong security. However, the best and most universally referenced example is SSL, as major industry and regulatory bodies recommend disabling SSL entirely in favor of TLS 1.2 or above.

The NIST Cybersecurity Framework (CSF) was developed to enhance the security and resilience of critical infrastructure in the United States by providing a flexible, repeatable, and cost-effective risk-based approach to managing cybersecurity risk. It is designed to complement, not replace, existing standards and guidelines, and is intended for voluntary adoption by critical infrastructure organizations.

 OPC Classic uses DCOM, which dynamically assigns any port between 1024 and 65535. Comprehensive Explanation: OPC Classic is a software interface technology that uses the Distributed Component Object Model (DCOM) protocol to facilitate the transfer of data between different industrial control systems. DCOM is a Microsoft technology that allows applications to communicate across a network. However, DCOM is not designed with security in mind, and it poses several challenges for firewall configuration. One of the main challenges is that DCOM does not use fixed TCP port numbers, but rather negotiates new port numbers within the first open connection. This means that intermediary firewalls can only be used with wide-open rules, leaving a large range of ports open for potential attacks. This makes OPC Classic very “firewall unfriendly” and reduces the security and protection they provide. References:

Tofino Security OPC Foundation White Paper

Step 2 (for client or server): Configuring firewall settings - GE

Secure firewall for OPC Classic - Design World

The ISA/IEC 62443 series of standards is divided into four main parts, each covering a different aspect of industrial automation and control systems (IACS) cybersecurity1:

Part 1: Terminology, Concepts, and Models

Part 2: Policies and Procedures

Part 3: System Requirements

Part 4: Component Requirements The part 4 of the series focuses on the requirements for the secure development and maintenance of products that are used in IACS, such as controllers, sensors, actuators, network devices, software applications, and cloud services. The part 4 consists of two standards1:

The Modbus Application Protocol is a messaging protocol that provides client/server communication between devices connected on different types of buses or networks. It is positioned at level 7 of the OSI model, which is the application layer. The application layer is the highest level of the OSI model and defines the rules and formats for data exchange between applications. The Modbus Application Protocol is independent of the underlying communication layers and can be implemented using different transport protocols, such as TCP/IP, serial, or Modbus Plus. The Modbus Application Protocol defines the function codes, data formats, and error codes for Modbus transactions123 References:

MODBUS APPLICATION PROTOCOL SPECIFICATION V1

Modbus - Wikipedia

Overview of Modbus — EPICS support for Modbus - GitHub Pages

Separation of duties is a security principle that aims to prevent fraud, errors, conflicts of interest, or misuse of resources by dividing critical tasks or functions among different people or teams. It is one of the foundational requirements (FRs) of the ISA/IEC 62443 standards for securing industrial automation and control systems (IACSs). According to the ISA/IEC 62443-2-1 standard, separation of duties includes the following system requirements (SRs):

SR 2.1: Security management policy

SR 2.2: Personnel security

SR 2.3: System development and maintenance

SR 2.4: Incident response and recovery

SR 2.5: Compliance and review

Among these SRs, the one that is most related to the example of system development and maintenance is SR 2.3. SR 2.3 requires that the IACS shall provide the capability to ensure that the development and maintenance of the system and its components are performed in a secure manner. This means that the IACS should have a mechanism to control the access and authorization of developers, testers, integrators, and maintainers who work on the system and its components. It also means that the IACS should have a mechanism to verify and validate the quality and security of the system and its components before, during, and after the development and maintenance processes.

Therefore, an example of separation of duties as a part of system development and maintenance is that changes are approved by one party and implemented by another. This ensures that the changes are authorized, documented, and reviewed by someone who is not involved in the implementation. This reduces the risk of introducing errors, vulnerabilities, or malicious code into the system and its components.

Phishing is a type of cyberattack that relies on a human weakness to succeed. Phishing is the practice of sending fraudulent emails or other messages that appear to come from a legitimate source, such as a bank, a government agency, or a trusted person, in order to trick the recipient into revealing sensitive information, such as passwords, credit card numbers, or personal details, or into clicking on malicious links or attachments that may install malware or ransomware on their devices. Phishing is a common and effective way of compromising the security of industrial automation and control systems (IACS), as it can bypass technical security measures by exploiting the human factor. Phishing can also be used to gain access to the IACS network, to conduct reconnaissance, to launch further attacks, or to cause damage or disruption to the IACS operations. The ISA/IEC 62443 series of standards recognize phishing as a potential threat vector for IACS and provide guidance and best practices on how to prevent, detect, and respond to phishing attacks. Some of the recommended countermeasures include:

Educating and training the IACS staff on how to recognize and avoid phishing emails and messages, and how to report any suspicious or malicious activity.

Implementing and enforcing policies and procedures for email and message security, such as using strong passwords, verifying the sender’s identity, and not opening or clicking on unknown or unsolicited links or attachments.

Applying technical security controls, such as antivirus software, firewalls, spam filters, encryption, and authentication, to protect the IACS devices and network from phishing attacks.

Monitoring and auditing the IACS network and devices for any signs of phishing attacks, such as anomalous or unauthorized traffic, connections, or activities, and taking appropriate actions to contain and mitigate the impact of any incidents. References:

ISA/IEC 62443-1-1:2009, Security for industrial automation and control systems - Part 1-1: Terminology, concepts and models1

ISA/IEC 62443-2-1:2009, Security for industrial automation and control systems - Part 2-1: Establishing an industrial automation and control systems security program2

ISA/IEC 62443-2-4:2015, Security for industrial automation and control systems - Part 2-4: Security program requirements for IACS service providers3

ISA/IEC 62443-3-3:2013, Security for industrial automation and control systems - Part 3-3: System security requirements and security levels4

ISA/IEC 62443-4-2:2019, Security for industrial automation and control systems - Part 4-2: Technical security requirements for IACS components5

Modbus is a serial communications protocol originally published by Modicon (now Schneider Electric) in 1979 for use with its programmable logic controllers (PLCs). It has become a de facto standard protocol for communication between industrial electronic devices. Modbus allows devices, such as sensors and instruments, to communicate their data to a controller or computer. The protocol can operate over serial lines (RS-232, RS-485) and has been extended for TCP/IP networks (Modbus TCP). It is not a programming language, network security standard, or a type of industrial machinery. Its simplicity and open nature have made it widespread in industrial environments, but it has minimal built-in security, which is a significant consideration in cybersecurity for industrial control systems.

The reference model described in ISA/IEC 62443-1-1 (see Figure 2) starts at a high level and encompasses all levels of the ISA-95 model (Levels 0 to 4), which range from field devices up to business logistics systems. This model provides a holistic, layered view of all the equipment, systems, and information flows in industrial automation.