Information Security Risk Assessment Methodology for Industrial Systems Supporting ISA/IEC 62443 Compliance

In the context of Industry 4.0, digitalization is one of the key ingredients to foster economic growth and competitiveness of the industrial sector. But the speed in which digitalization is coming into play as well as the growing use of novel technologies such as Cyber Physical Systems (CPSs), Industrial Internet of Things (IIoT) and artificial intelligence techniques, comes hand by hand, with the increase in the attack vectors to these industries. So now, more than ever, there is a need for clear and reusable methodologies that support security experts in identifying the threats as well as the required measures to secure next-generation industrial infrastructures and solutions. This paper presents a risk assessment methodology for security and privacy of industrial solutions which systematises the activities to be carried out in a technology-, system-, and domain-agnostic manner and, thus, it can be reused in multiple types of systems. The methodology supports the compliance with the industrial cybersecurity standard ISA/IEC 62443.