Understanding the interconnected models used throughout IEC 62443 to design, analyse and secure Industrial Automation and Control Systems (IACS).
IEC 62443 uses a collection of interconnected models to describe, design and secure Industrial Automation and Control Systems (IACS). Rather than viewing cybersecurity as a collection of independent technical controls, these models provide different perspectives of the same system.
Each model answers a different question and progressively builds towards a secure, well-designed industrial architecture.
Together these models support cybersecurity risk assessments, defence-in-depth, network segmentation, system design and lifecycle management.
Reference: ISA/IEC 62443-1-1, Clause 6.6
The Reference Model provides a generic, technology-independent view of an Industrial Automation and Control System (IACS). It represents a manufacturing or production system as a hierarchy of logical levels.
The ISA99 Reference Model allows engineers to understand how industrial systems are structured, where responsibilities exist, and how information flows between Operational Technology (OT) and Information Technology (IT).
| Level | Purpose | Typical Devices |
|---|---|---|
| 4 | Business Logistics | ERP, Finance, Supply Chain |
| 3 | Operations Management | MES, Historians, Batch Systems |
| 2 | Area Supervisory Control | SCADA, HMI, DCS |
| 1 | Basic Control | PLC, RTU, Controllers |
| 0 | Physical Process | Sensors, Valves, Actuators, Motors |
Reference: ISA/IEC 62443-1-1, Clause 6.2
The Asset Model identifies every cybersecurity-relevant asset within an IACS and defines the relationships between them.
Assets include both physical and logical components such as controllers, servers, HMIs, engineering workstations, field devices, communications equipment and software applications.
The Asset Model supports:
By understanding where assets are located, what they do and how they interact, organisations gain visibility of their operational environment.
Reference: ISA/IEC 62443-1-1, Figure 15
The Reference Architecture Model builds upon the Asset Model by defining how assets are organised and interconnected.
Rather than simply identifying assets, the architecture illustrates:
It becomes the blueprint used when designing or assessing an Industrial Automation and Control System.
Where practical, security zones should align with physical plant boundaries, simplifying both administration and cybersecurity.
Reference: ISA/IEC 62443-1-1, Clause 6.4 and Figure 16
The Zone and Conduit Model applies cybersecurity to the architecture by grouping assets that share common security requirements.
Rather than protecting every device individually, IEC 62443 recommends protecting logical groups of assets called Security Zones.
Communication between security zones occurs through Conduits.
Conduits provide controlled communication paths while maintaining the confidentiality, integrity and availability of communications.
Conduits may be:
Typical conduit security mechanisms include:
Zone and Conduit Models provide the foundation for network segmentation, controlled communications and secure industrial architectures.
Reference: ISA/IEC 62443-1-1, Clause 6.5.1
Reference: ISA/IEC 62443-3-2, Clause 4.7.5
Each model builds upon the previous one, creating a structured approach to designing, operating and maintaining secure Industrial Automation and Control Systems.
Reference: ISA/IEC 62443-1-1, Clause 6.6