|
ā | Hierarchy I | Hierarchy II |
Criteria | Description | Criteria | Description |
|
ICS security requirements | Network robustness | Require network robustness against external cyberattacks or internal abnormal behavior | Fuzzing test | Require handling capability to sustain the ICS service when receiving abnormal network packet |
Stress test | Require providing ICS service even when overloading the network traffic |
Resource availability | Require resource management procedures, such as backup and recovery, so that resources can perform their normal functions |
Service continuity | Require stable and continuous service | Physical interface protection | Require resource management procedures, such as backup and recovery, so that resources can perform their normal functions |
Event response | Require checking the status of devices, systems, and networks in real-time and responding to failures |
Security functions | Require security features such as component identification, authentication, and access control | Security audit | Require security audits through creating and encrypting audit-logs for major events |
Identification, authentication, and access control | Require separation or restriction about identification and access authority of devices/users with a user authentication procedure |
Data protection | Require confidentiality and integrity of sensitive transmission or stored data |
Security functions management | Require network and security settings of the control software, secure encryption algorithms, and key management |
State management | Require state management such as integrity verification of the execution code, normal operation test, and vulnerability response |
|