The Security Levels

IEC 62443-3-3 defines a Security Level (SL) as:

[ IEC 62443-3-3: 2013] 3.1.38 security level. Measure of confidence that the IACS is free from vulnerabilities and functions in the intended manner

The associated four SLs are defined as:

• SL 1 – Prevent the unauthorized disclosure of information via eavesdropping or casual exposure.
• SL 2 – Prevent the unauthorized disclosure of information to an entity actively searching for it using simple means with low resources, generic skills and low motivation.
• SL 3 – Prevent the unauthorized disclosure of information to an entity actively searching for it using sophisticated means with moderate resources, IACS specific skills and moderate motivation.
• SL 4 – Prevent the unauthorized disclosure of information to an entity actively searching for it using sophisticated means with extended resources, IACS specific skills and high motivation.

These SL attributes demonstrate an essenstial connection to the Safety Integrity Level (SIL) concept introduced in the IEC 61511 functional safety standards, in that each subsequent security level represents an order of magnitude risk reduction. The specific requirements for achieving a determined SL or SIL are very different.