{"id":34640,"date":"2023-06-13T06:59:24","date_gmt":"2023-06-13T05:59:24","guid":{"rendered":"https:\/\/www.gt-engineering.it\/?post_type=normativa_tecnica&p=34640"},"modified":"2023-07-07T09:27:26","modified_gmt":"2023-07-07T08:27:26","slug":"how-to-address-it-security","status":"publish","type":"normativa_tecnica","link":"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iso-standards\/iso-tr-22100-4-2018-guidance-to-machinery-manufacturers\/how-to-address-it-security\/","title":{"rendered":"How to Address IT Security"},"content":{"rendered":"\n\n \n \n \n
\n\n \n \n \n \r\n\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n <\/picture>\r\n\r\n \r\n\r\n \r\n \r\n <\/div>\n \n
\n \n
\n

The following is guidance on the step by step approach to limiting or restricting IT security threats and vulnerabilities.
\n1) Does it need to be connected?
\n2) Does it need to be connected at continuously?
\n3) Is the connection monitored, for example using a virtual private network (VPN) system?
\n4) Is the connection configurable (e.g. access for authorized persons only)?
\n5) Can the connection be restricted to “read only” mode (without ability to change)?
\nThe following steps are essential to provide effective IT-security for machinery. Depending on the application, several of these steps should not be addressed by the machine manufacturer and system integrator but in the first instance by the machine user.<\/p>\n

a) Identify<\/p>\n

    \n
  • What are the IT security threats and vulnerabilities?<\/li>\n
  • Understanding why would an entity attack the machine control system?<\/li>\n
  • What does the machine user have that is valuable?<\/li>\n
  • What are the vulnerabilities of the machine (e. g. open ports\/external interfaces)?<\/li>\n
  • What are the resources that support critical functions?<\/li>\n<\/ul>\n

    b) Protect<\/p>\n

      \n
    • Develop and implement the appropriate counter measures to protect the machine. The counter measures support the ability to prevent, limit or contain the impact of a potential IT security attack. Examples of counter measures include machine control system design, internet access, access control, awareness and training, data security, information protection processes and procedures, maintenance and protective technology.<\/li>\n<\/ul>\n

      c) Detect<\/p>\n

        \n
      • Develop and implement the appropriate measures to identify the occurrence of an IT security attack. The “detect”-element enables timely discovery of IT- security attacks. Examples include anomalies and IT security incidents, security continuous monitoring and detection processes.<\/li>\n<\/ul>\n

        d) Respond<\/p>\n

          \n
        • Develop and implement the appropriate activities to take action regarding a detected IT-security attack. The “respond” element supports the ability to stop and or contain the impact of a potential IT security attack. Examples include mitigation, response planning, communications, analysis and improvements.<\/li>\n<\/ul>\n

          e) Recover<\/p>\n

            \n
          • Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to an IT-security attack. The “recover” element supports timely recovery to normal operations to reduce the impact from an IT-security attack. Examples include recovery planning, improvements and communications.<\/li>\n<\/ul>\n<\/div> <\/div>\n \n \n
            <\/div>\n \n\n <\/div>\n <\/section>\n\n \n","protected":false},"excerpt":{"rendered":"

            The following is guidance on the step by step approach to limiting or restricting IT security threats and vulnerabilities.<\/p>\n","protected":false},"author":2,"featured_media":38147,"parent":34601,"menu_order":0,"template":"","meta":{"_acf_changed":false,"footnotes":""},"normative-tecniche":[57],"class_list":["post-34640","normativa_tecnica","type-normativa_tecnica","status-publish","has-post-thumbnail","hentry","tipologia_normativa-en-iso-standards"],"acf":{"sottotitolo":"","allegati":null},"yoast_head":"\nHow to Address IT Security - Gt-Engineering<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iso-standards\/iso-tr-22100-4-2018-guidance-to-machinery-manufacturers\/how-to-address-it-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Address IT Security - Gt-Engineering\" \/>\n<meta property=\"og:description\" content=\"The following is guidance on the step by step approach to limiting or restricting IT security threats and vulnerabilities.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iso-standards\/iso-tr-22100-4-2018-guidance-to-machinery-manufacturers\/how-to-address-it-security\/\" \/>\n<meta property=\"og:site_name\" content=\"Gt-Engineering\" \/>\n<meta property=\"article:modified_time\" content=\"2023-07-07T08:27:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.gt-engineering.it\/wp-content\/uploads\/2023\/06\/telecharger.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"474\" \/>\n\t<meta property=\"og:image:height\" content=\"237\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iso-standards\/iso-tr-22100-4-2018-guidance-to-machinery-manufacturers\/how-to-address-it-security\/\",\"url\":\"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iso-standards\/iso-tr-22100-4-2018-guidance-to-machinery-manufacturers\/how-to-address-it-security\/\",\"name\":\"How to Address IT Security - Gt-Engineering\",\"isPartOf\":{\"@id\":\"https:\/\/www.gt-engineering.it\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iso-standards\/iso-tr-22100-4-2018-guidance-to-machinery-manufacturers\/how-to-address-it-security\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iso-standards\/iso-tr-22100-4-2018-guidance-to-machinery-manufacturers\/how-to-address-it-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.gt-engineering.it\/wp-content\/uploads\/2023\/06\/telecharger.jpg\",\"datePublished\":\"2023-06-13T05:59:24+00:00\",\"dateModified\":\"2023-07-07T08:27:26+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iso-standards\/iso-tr-22100-4-2018-guidance-to-machinery-manufacturers\/how-to-address-it-security\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iso-standards\/iso-tr-22100-4-2018-guidance-to-machinery-manufacturers\/how-to-address-it-security\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iso-standards\/iso-tr-22100-4-2018-guidance-to-machinery-manufacturers\/how-to-address-it-security\/#primaryimage\",\"url\":\"https:\/\/www.gt-engineering.it\/wp-content\/uploads\/2023\/06\/telecharger.jpg\",\"contentUrl\":\"https:\/\/www.gt-engineering.it\/wp-content\/uploads\/2023\/06\/telecharger.jpg\",\"width\":474,\"height\":237},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iso-standards\/iso-tr-22100-4-2018-guidance-to-machinery-manufacturers\/how-to-address-it-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.gt-engineering.it\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Technical standards\",\"item\":\"https:\/\/www.gt-engineering.it\/en\/normative-tecniche\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Harmonised European Standards\",\"item\":\"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iso-standards\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"ISO TR 22100-4: 2018 – guide to cyber security aspects\",\"item\":\"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iso-standards\/iso-tr-22100-4-2018-guidance-to-machinery-manufacturers\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"How to Address IT Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.gt-engineering.it\/en\/#website\",\"url\":\"https:\/\/www.gt-engineering.it\/en\/\",\"name\":\"Gt-Engineering\",\"description\":\"bizonweb\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.gt-engineering.it\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Address IT Security - Gt-Engineering","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iso-standards\/iso-tr-22100-4-2018-guidance-to-machinery-manufacturers\/how-to-address-it-security\/","og_locale":"en_US","og_type":"article","og_title":"How to Address IT Security - Gt-Engineering","og_description":"The following is guidance on the step by step approach to limiting or restricting IT security threats and vulnerabilities.","og_url":"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iso-standards\/iso-tr-22100-4-2018-guidance-to-machinery-manufacturers\/how-to-address-it-security\/","og_site_name":"Gt-Engineering","article_modified_time":"2023-07-07T08:27:26+00:00","og_image":[{"width":474,"height":237,"url":"https:\/\/www.gt-engineering.it\/wp-content\/uploads\/2023\/06\/telecharger.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iso-standards\/iso-tr-22100-4-2018-guidance-to-machinery-manufacturers\/how-to-address-it-security\/","url":"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iso-standards\/iso-tr-22100-4-2018-guidance-to-machinery-manufacturers\/how-to-address-it-security\/","name":"How to Address IT Security - Gt-Engineering","isPartOf":{"@id":"https:\/\/www.gt-engineering.it\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iso-standards\/iso-tr-22100-4-2018-guidance-to-machinery-manufacturers\/how-to-address-it-security\/#primaryimage"},"image":{"@id":"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iso-standards\/iso-tr-22100-4-2018-guidance-to-machinery-manufacturers\/how-to-address-it-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.gt-engineering.it\/wp-content\/uploads\/2023\/06\/telecharger.jpg","datePublished":"2023-06-13T05:59:24+00:00","dateModified":"2023-07-07T08:27:26+00:00","breadcrumb":{"@id":"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iso-standards\/iso-tr-22100-4-2018-guidance-to-machinery-manufacturers\/how-to-address-it-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iso-standards\/iso-tr-22100-4-2018-guidance-to-machinery-manufacturers\/how-to-address-it-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iso-standards\/iso-tr-22100-4-2018-guidance-to-machinery-manufacturers\/how-to-address-it-security\/#primaryimage","url":"https:\/\/www.gt-engineering.it\/wp-content\/uploads\/2023\/06\/telecharger.jpg","contentUrl":"https:\/\/www.gt-engineering.it\/wp-content\/uploads\/2023\/06\/telecharger.jpg","width":474,"height":237},{"@type":"BreadcrumbList","@id":"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iso-standards\/iso-tr-22100-4-2018-guidance-to-machinery-manufacturers\/how-to-address-it-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.gt-engineering.it\/en\/"},{"@type":"ListItem","position":2,"name":"Technical standards","item":"https:\/\/www.gt-engineering.it\/en\/normative-tecniche\/"},{"@type":"ListItem","position":3,"name":"Harmonised European Standards","item":"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iso-standards\/"},{"@type":"ListItem","position":4,"name":"ISO TR 22100-4: 2018 – guide to cyber security aspects","item":"https:\/\/www.gt-engineering.it\/en\/technical-standards\/en-iso-standards\/iso-tr-22100-4-2018-guidance-to-machinery-manufacturers\/"},{"@type":"ListItem","position":5,"name":"How to Address IT Security"}]},{"@type":"WebSite","@id":"https:\/\/www.gt-engineering.it\/en\/#website","url":"https:\/\/www.gt-engineering.it\/en\/","name":"Gt-Engineering","description":"bizonweb","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.gt-engineering.it\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/www.gt-engineering.it\/en\/wp-json\/wp\/v2\/normativa_tecnica\/34640","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.gt-engineering.it\/en\/wp-json\/wp\/v2\/normativa_tecnica"}],"about":[{"href":"https:\/\/www.gt-engineering.it\/en\/wp-json\/wp\/v2\/types\/normativa_tecnica"}],"author":[{"embeddable":true,"href":"https:\/\/www.gt-engineering.it\/en\/wp-json\/wp\/v2\/users\/2"}],"version-history":[{"count":10,"href":"https:\/\/www.gt-engineering.it\/en\/wp-json\/wp\/v2\/normativa_tecnica\/34640\/revisions"}],"predecessor-version":[{"id":38152,"href":"https:\/\/www.gt-engineering.it\/en\/wp-json\/wp\/v2\/normativa_tecnica\/34640\/revisions\/38152"}],"up":[{"embeddable":true,"href":"https:\/\/www.gt-engineering.it\/en\/wp-json\/wp\/v2\/normativa_tecnica\/34601"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.gt-engineering.it\/en\/wp-json\/wp\/v2\/media\/38147"}],"wp:attachment":[{"href":"https:\/\/www.gt-engineering.it\/en\/wp-json\/wp\/v2\/media?parent=34640"}],"wp:term":[{"taxonomy":"tipologia_normativa","embeddable":true,"href":"https:\/\/www.gt-engineering.it\/en\/wp-json\/wp\/v2\/normative-tecniche?post=34640"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}