Security Services
Security service is a fundamental concept in all security architectures. The service meets the security objectives identified by the threat-and-risk analysis. Security services are implemented by means of security functions and mechanisms. A confidentiality security service, for example, might be implemented using SNMPv3 with privacy protocol enabled. This, in turn, makes use of encryption mechanisms. The most important security services, according to the IEC 62443 series of standards, are the following:
• Access Control (AC):
Control access to selected devices, information or both to protect against unauthorized interrogation of the device or information.
• Use Control (UC):
Control use of selected devices, information or both to protect against unauthorized operation of the device or use of information.
• Data Integrity (DI):
Ensure the integrity of data on selected communication channels to protect against unauthorized changes.
• Data Confidentiality (DC):
Ensure the confidentiality of data on selected communication channels to protect against eavesdropping.
• Restrict Data Flow (RDF):
Restrict the flow of data on communication channels to protect against the publication of information to unauthorized sources.
• Timely Response to Event (TRE):
Respond to security violations by notifying the proper authority, reporting needed forensic evidence of the violation, and automatically taking timely corrective action in mission-critical or safety-critical situations.
• Resource Availability (RA):
Ensure the availability of all network resources to protect against denial of service attacks.