What does VSE mean in the CSIR model?
Within the CSIR model (Cyber Security Incident Response), technical security measures are classified under the label VSE – Vital System Engineering Requirements. These measures focus on the technical configuration of systems, networks and components within IT and OT environments, with the aim of reducing the likelihood of cyber incidents and limiting their impact.
VSE measures address the concrete technical design of, for example, SCADA environments, PLCs, Remote Access, network segmentation and detection solutions.
🧠 Characteristics of VSE measures
- Technical in nature – Focused on systems, components and network architectures
- Applicable to IT and OT – In particular to industrial control systems (ICS)
- Preventive and detective – Both prevention and early detection of attacks
- Hardware/software-oriented – Often measures at Layers 0–3 of the Purdue Model
- Supportive of VSP – VSE ensures that processes (VSP) are technically feasible and reliable
✅ Examples of VSE measures
| VSE measure | Explanation |
|---|---|
| Network Segmentation | Physical or logical separation of OT, IT and external connections |
| Jump Server | Controlled access to OT from IT or third parties |
| Firewall with DPI | Deep inspection of OT protocols (e.g. Modbus, DNP3) |
| Secure Boot | Protection against tampered firmware on industrial devices |
| Firmware Signing | Only approved firmware versions may be loaded |
| Asset Inventory | Overview of all critical components and their versions |
| Anomaly Detection | Detection of anomalous behaviour at field level |
VSE measures form the foundation of a secure OT infrastructure. Without this technical basis, processes (VSP) and standards (conformance) are difficult to enforce.
🔁 VSE, VSP and Conformance Guidelines
| Label | Focus area | Example measure |
|---|---|---|
| VSE | System engineering | Segmentation, hardening, logging, USB policy |
| VSP | Process and organisation | Patch policy, supplier screening, pen testing |
| Conformance | Guidelines and standards | IEC 62443-3-3, ISO 27001, NIS2 |
The labels are complementary: a sound technical foundation (VSE) supports processes (VSP) and helps meet standards (conformance).
📦 Application of VSE in OT environments
| OT domain | VSE measure |
|---|---|
| Process automation | Firewall between SCADA and MES, hardening of HMIs |
| Remote maintenance | Access only via Jump Server with logging |
| Network communication | VLANs, DPI, OT protocol filtering |
| PLC security | Only signed firmware, write protection enabled |
| Monitoring | Anomaly detection at Layer 1/2 with ICS awareness |
📌 In summary
VSE measures are the system engineering security layers in the CSIR model. They form the technological basis on which process measures (VSP) and standards frameworks (conformance) rest. In OT environments they are crucial for segmentation, protection of components and reliable detection of threats.