The objective of Security

Let’s start from its definition:

[IEC TS 63074: 2023[ 3.1.19 security

1. measures taken to protect a system
2. condition of a system that results from the establishment and maintenance of measures to protect the system
3. condition of system resources being free from unauthorized access and from unauthorized or accidental change, destruction, or loss
4. capability of a computer-based system to provide adequate confidence that unauthorized persons and systems can neither modify the software and its data nor gain access to the system functions, and yet to ensure that this is not denied to authorized persons and systems
5. prevention of illegal or unwanted penetration of, or interference with, the proper and intended operation of a machinery and its control system

In general terms security is focused mainly on achieving three objectives:

• availability,
• integrity and
• confidentiality

Security objectives are for example:

• availability of machine(s), including safety functions;
• integrity against manipulations;
• confidentiality by means of methods commonly accepted by both the security and industrial automation communities;

For example, an attack on a machine safety function such that it affects the availability of the machine and can result in a safety function being bypassed. Security risks will be evaluated by using a security risk assessment in order to identify the security objectives.

A security risk assessment is based on a product or system in its environment on which threats and known vulnerabilities are identified to derive relevant security countermeasures.