13. Introduction to Security Risk Assessment for System Design

Question 1

Define the term “Security level”

Answer 1

The measure of confidence that the IACS is free from vulnerabilities and functions in an intended manner.

Question 2

List the 5 security levels defined in 62443

Answer 2

SL0
SL1
SL2
SL3
SL4

Question 3

Define SL4

Answer 3

Protection against intentional violation using sophisticated means, with extended resources, IACS specific skills and high motivation

Question 4

Define SL3

Answer 4

Protection against intentional violation using sophisticated means, with moderate resources, IACS specific skills and moderate motivation

Question 5

Define SL2

Answer 5

Protection against intentional violation using simple means with low resources, generic skills and low motivation

Question 6

Define SL1

Answer 6

Protection against casual or coincidental violation

Question 7

Define SL0

Answer 7

No specific requirements or security protection necessary

Question 8

Security levels can be broken down into 3 types. List these 3 types.

Answer 8

Target (SL-T)
Achieved (SL-A)
Capability (SL-C)

Question 9

Define SL-T

Answer 9

Target security level
- Desired level of security for a particular system
- This is determined by performing a risk assessment on a system and determining that it needs a particular level of security for correct operation

Question 10

Define SL-C

Answer 10

Capability SL
- This states that a particular component or system is capable of meeting the target SL natively, and without additional measures when properly configured and integrated

Question 11

Define SL-A

Answer 11

Achieved SL
- actual level of security of a particular system
- measured after a system design is available or in place
- used to establish that a system meets the goals set out in the SL-T

Question 12

7 Foundational requirements are defined in 62443-3-3. List them.

Answer 12

FR1 - Identification and Authentication Control (IAC)
FR2 - Use control (UC)
FR3 - System integrity (SI)
FR4 - Data confidentiality (DC)
FR5 - Restrict data flow (RDF)
FR6 - Timely response to events (TRE)
FR7 - Resource availability (RA)

Question 13

Define FR1 - IAC

Answer 13

Identification and authentication control
- control access to selected devices, information, or both
- protect against unauthorized interrogation of the device or information

Question 14

Define FR2 - UC

Answer 14

Use control
- Control use of selected devices, information, or both
- protect against unauthorized operation of the device or use of information

Question 15

Define FR3 - SI

Answer 15

System Integrity
- Ensure the integrity of data on selected communication channels
- protect against unauthorized changes

Question 16

Define FR4 - DC

Answer 16

Data confidentiality
- Ensure the confidentiality of data on selected communication channels
- protect against eavesdropping

Question 17

Define FR5 - RDF

Answer 17

Restrict data flow
- Restrict the flow of data on communication channels
- Protect against the publication of information to unauthorized sources

Question 18

Define FR6 - TRE

Answer 18

Timely response to events
- Respond to security violations
- Notify the proper authority
- Report needed forensic evidence of the violation
- Automatically taking timely corrective action in mission critical or safety critical situations

Question 19

Define FR7 - RA

Answer 19

Resource availability
- Ensure the availability of all network resources
- Protect against denial of service attacks

Question 20

Define the risk equation. Risk = …

Answer 20

Risk = Threat x Vulnerability x Consequence

also

TxV can be simplified to likelihood

therefore Risk = Likelihood x Consequence

Question 21

Define threat in the context of the risk equation

Answer 21

Potential for violation of security, which exists when there is a circumstance, capability, action or event that could breach security and cause harm.

Circumstance or event with the potential to adversely affect operations (mission, functions, image or reputation), assets control systems or individuals via unauthorized access, destruction, disclosure, modification of data and/or denial of service.

Question 22

Define vulnerability in the context of the risk equation

Answer 22

Flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s integrity or security policy

weakness in a system function, procedure, internal control or implementation that could be exploited or triggered by a threat source, either intentionally designed into computer components or accidentally inserted at any time during it’s lifecycle.

Question 23

Define consequence in the context of the risk equation

Answer 23

Result that occurs from a particular incident

condition or state that logically or naturally follows from an event

Question 24

Define likelihood in the context of the risk equation

Answer 24

Quantitative chance that an action, event or incident may occur

Question 25

Which document covers risk assessment of an IACS?

Answer 25

Assessing risks of an IACS is covered in ISA/IEC 62443-3-2

Question 26

Which document lists foundational requirements to address the assessed risks?

Answer 26

ISA/IEC 62443-3-3