What is a Security Level?
A Security Level (SL) is a measure of the security level of a system or component within an industrial environment, based on its resistance to cyber attacks. The concept originates from the IEC 62443 standard and helps determine which security measures are needed per Zone or component.
In OT networks, Security levels are used to set realistic, risk-based requirements for systems such as PLC, SCADA, HMI, and Remote Access applications.
🧠 How does the Security Level model work?
According to IEC 62443-3-3 and IEC 62443-4-2, there are four Security Levels:
| Security Level | Target | Description |
|---|---|---|
| SL 1 | Opportunistic attacker | Basic protection against accidental or erroneous access |
| SL 2 | User with limited resources | Protection against targeted attacks using standard tools |
| SL 3 | Skilled attacker | Protection against attacks by professional hackers or insiders |
| SL 4 | Advanced threat (APT) | High protection against highly targeted, structured attacks |
Each system, component, or zone is assigned a desired SL based on the risk analysis.
🏭 Applying Security Levels in OT environments
- SCADA servers → SL 2–3: high availability and protection required
- PLC controllers in critical processes → SL 2–3
- Engineering Station → SL 3, due to full access to installations
- Historian or MES → SL 1–2, depending on coupling with IT
- Remote Access via VPN or Jump Server → SL 3, with MFA, Logging, Firewall
Allocation is performed per zone and conduit in line with the zones and conduits model from IEC 62443.
🔍 Security Level vs. Safety Integrity Level (SIL)
| Characteristic | Security Level (SL) | Safety Integrity Level (SIL) |
|---|---|---|
| Goal | Resistance to cyber attacks | Reliability of safety functions |
| Standard | IEC 62443 | IEC 61511, IEC 61508 |
| Application | Protection of systems and networks | Functional safety (fail-safe operation) |
| Focus | Intelligent, malicious threat | Unintentional errors and failures |
🔐 Security aspects
- Security Levels determine which technical and organisational measures are needed
- Help guide choices for Access Control, encryption, Audit Logging, patch management
- Support the segmentation of networks into security zones
- Are used in Risk Management and compliance trajectories
- Important in design and procurement (specifications, certifications)
SL is not a product property in itself, but the outcome of context-dependent risk analysis and design.
📌 In summary
Security Levels are a powerful tool within IEC 62443 for classifying OT systems and protecting them against cyber threats. They enable a risk-based, pragmatic, and scalable approach to OT security.