|
| ā | Hierarchy I | Hierarchy II |
| Criteria | Description | Criteria | Description |
|
| ICS security requirements | Network robustness | Require network robustness against external cyberattacks or internal abnormal behavior | Fuzzing test | Require handling capability to sustain the ICS service when receiving abnormal network packet |
| Stress test | Require providing ICS service even when overloading the network traffic |
| Resource availability | Require resource management procedures, such as backup and recovery, so that resources can perform their normal functions |
| Service continuity | Require stable and continuous service | Physical interface protection | Require resource management procedures, such as backup and recovery, so that resources can perform their normal functions |
| Event response | Require checking the status of devices, systems, and networks in real-time and responding to failures |
| Security functions | Require security features such as component identification, authentication, and access control | Security audit | Require security audits through creating and encrypting audit-logs for major events |
| Identification, authentication, and access control | Require separation or restriction about identification and access authority of devices/users with a user authentication procedure |
| Data protection | Require confidentiality and integrity of sensitive transmission or stored data |
| Security functions management | Require network and security settings of the control software, secure encryption algorithms, and key management |
| State management | Require state management such as integrity verification of the execution code, normal operation test, and vulnerability response |
|
