What is an SL according to IEC 62443?
SL stands for Security Level within the international standard IEC 62443, which provides guidelines for Cybersecurity in industrial automation and control systems (IACS). A Security Level indicates how well a system is able to withstand a particular type of attacker.
A higher SL means better protection against more advanced threats.
π― Goal of Security Levels
The SLs make it possible to align cybersecurity measures with the threat level, the criticality of the installation, and the capabilities of potential attackers.
Each SL corresponds to the systemβs ability to defend itself against a particular type of intruder:
| SL level | Description of threat |
|---|---|
| SL 0 | No specific security required |
| SL 1 | Protection against accidental or opportunistic attacks |
| SL 2 | Protection against deliberate but limited attacks |
| SL 3 | Protection against structured attacks with resources |
| SL 4 | Protection against advanced attacks with extensive resources and knowledge (e.g. state actors) |
π Where is SL applied?
The SLs are determined per safety or automation function and may be applied to:
- Equipment (e.g. PLC, HMI, SCADA)
- Networks or segments
- Access management (logical & physical)
- Communications
- Software applications (e.g. Historian, MES)
Each Foundational Requirement (FR) can be assigned its own SL, such as:
| FR code | Security theme |
|---|---|
| FR 1 | IACS perimeter security (e.g. firewalls) |
| FR 2 | User management (access rights) |
| FR 3 | System integrity |
| FR 4 | Data confidentiality |
| FR 5 | Restricting access rights (restrictive flow) |
| FR 6 | Response to events (logging, monitoring) |
| FR 7 | Resource availability (protection against DoS) |
π οΈ How do you determine the right SL?
- Carry out a risk assessment (e.g. zones and conduits model, LOPA, HAZOP)
- Identify critical assets and communication paths
- Define the desired SL per component based on risk, impact, and threat actor
- Design or verify the system against the chosen SLs
- Validate via audits or penetration tests
π Practical example
| Component | Purpose | Desired SL |
|---|---|---|
| SCADA server | Critical for operations, externally accessible | SL 3 |
| Local HMI | Internal access only, limited impact | SL 1 |
| Remote Access | Via VPN with MFA, manages systems remotely | SL 2 or SL 3 |
| Historian | Read-only, no write rights | SL 1β2 |
π In summary
SL (Security Level) is a measure within IEC 62443 for describing the cybersecurity protection level of industrial systems β aligned with the type of threat and the criticality of the Assets.