Open Access

Karl-Heinz Niemann

• IT security in production plants is becoming increasingly important. Statistics confirm a deteriorating threat situation in the field of industrial automation technology. In future, the European Union will require certain minimum standards for systems in critical infrastructure and other areas via the NIS2 Directive. Planners and operators of production facilities are therefore required to address the IT security of their production facilities (hereinafter referred to as OT security) and systematically integrate it into their processes. The IEC 62443 series of standards was designed specifically for use in production plants and therefore considers the requirements for industrial real-time environments. In addition to requirements for manufacturers of automation components, the standard also defines requirements for planners and operators of automation systems. This document focuses on the role of planners and operators in theOT security process. After a differentiation between OT security and IT security in chapter 2, an introduction to the IEC 62443 standard follows in chapter 3. Chapter 4 then describes the tasks of the system planner. Among other things, the tasks of the system planner, such as the creation of a risk and threat analysis and thedefinition of a defense-in-depth concept , are discussed here. This is followed in chapter 5 by the tasks of the asset owner. These tasks include, for example, setting up an information security management system (ISMS), creating and maintaining an asset inventory and installing software updates (patch management).