← Home

IEC 62443 Models

Understanding the interconnected models used throughout IEC 62443 to design, analyse and secure Industrial Automation and Control Systems (IACS).

Overview

IEC 62443 uses a collection of interconnected models to describe, design and secure Industrial Automation and Control Systems (IACS). Rather than viewing cybersecurity as a collection of independent technical controls, these models provide different perspectives of the same system.

Each model answers a different question and progressively builds towards a secure, well-designed industrial architecture.

Together these models support cybersecurity risk assessments, defence-in-depth, network segmentation, system design and lifecycle management.

Reference: ISA/IEC 62443-1-1, Clause 6.6

Learning Objectives

Summary Infographic

IEC 62443 Models Summary
Overview of the IEC 62443 models and their relationships.

1. Reference Model

The Reference Model provides a generic, technology-independent view of an Industrial Automation and Control System (IACS). It represents a manufacturing or production system as a hierarchy of logical levels.

The ISA99 Reference Model allows engineers to understand how industrial systems are structured, where responsibilities exist, and how information flows between Operational Technology (OT) and Information Technology (IT).

ISA99 Levels

Level Purpose Typical Devices
4 Business Logistics ERP, Finance, Supply Chain
3 Operations Management MES, Historians, Batch Systems
2 Area Supervisory Control SCADA, HMI, DCS
1 Basic Control PLC, RTU, Controllers
0 Physical Process Sensors, Valves, Actuators, Motors

Reference: ISA/IEC 62443-1-1, Clause 6.2

2. Asset Model

The Asset Model identifies every cybersecurity-relevant asset within an IACS and defines the relationships between them.

Assets include both physical and logical components such as controllers, servers, HMIs, engineering workstations, field devices, communications equipment and software applications.

The Asset Model supports:

By understanding where assets are located, what they do and how they interact, organisations gain visibility of their operational environment.

Reference: ISA/IEC 62443-1-1, Figure 15

3. Reference Architecture Model

The Reference Architecture Model builds upon the Asset Model by defining how assets are organised and interconnected.

Rather than simply identifying assets, the architecture illustrates:

It becomes the blueprint used when designing or assessing an Industrial Automation and Control System.

Where practical, security zones should align with physical plant boundaries, simplifying both administration and cybersecurity.

Reference: ISA/IEC 62443-1-1, Clause 6.4 and Figure 16

4. Zone & Conduit Model

The Zone and Conduit Model applies cybersecurity to the architecture by grouping assets that share common security requirements.

Rather than protecting every device individually, IEC 62443 recommends protecting logical groups of assets called Security Zones.

Security Zones

Conduits

Communication between security zones occurs through Conduits.

Conduits provide controlled communication paths while maintaining the confidentiality, integrity and availability of communications.

Conduits may be:

Typical conduit security mechanisms include:

Zone and Conduit Models provide the foundation for network segmentation, controlled communications and secure industrial architectures.

Reference: ISA/IEC 62443-1-1, Clause 6.5.1
Reference: ISA/IEC 62443-3-2, Clause 4.7.5

How the Models Work Together

  1. Reference Model — Understand the industrial system.
  2. Asset Model — Identify the assets.
  3. Reference Architecture — Define how assets connect.
  4. Zone & Conduit Model — Secure communications and segment the network.
  5. Policies, Procedures & Guidelines govern every stage.

Each model builds upon the previous one, creating a structured approach to designing, operating and maintaining secure Industrial Automation and Control Systems.

Reference: ISA/IEC 62443-1-1, Clause 6.6

Key Takeaways