7.1. Presentation

The IEC 62443 standard consists of a family of normative texts aimed at the various cybersecurity actors involved in the lifecycle of an industrial system. Its objective is rather ambitious, as it covers many aspects. The standard was initially developed by the International Society of Automation (ISA) under the name ISA 99. Work began in 2002, the first technical reports were published in 2004 and the first ANSI/ISA standards were published in 2009. This work has integrated the National Institute of Standards and Technology’s main ideas. The convergence of ISA’s work with that of the IEC began in 2011. Development is delegated to a committee of experts with various experiences and fields of activity. Currently, not all texts are final, but the fundamental concepts are defined. The structure of the standard is given in section 7.3.

The target audience for this standard is the industrial control system (ICS) stakeholder community: asset owners and operators, system integrators, product suppliers, service providers, and even government agencies and regulatory bodies with the legal authority to conduct audits to ensure compliance with applicable laws and regulations. Each of them will use the standard on a part of the equipment or at a specific stage of the lifecycle, in particular:

• – operators or owners of assets, to carry out a management of the security and express security requirements for the different parts of ...