Modeling Security Requirements and Controls for an Automated Deployment of Industrial IT Systems

Due to the dynamic nature of the Industrial Internet and Industry 4.0, future production systems will be reconfigured frequently and as a part of the engineering process, new system configurations will be deployed automatically. In order to keep pace with this development, it will be required to achieve the needed security level in an automated way and to reduce the current static procedures and manual efforts as much as possible. Therefore, the development and modeling of requirements and capability profiles for all cyber security related aspects is needed. The paper describes an approach for such a modeling based on security requirements and levels of the international standard IEC-62443-3-3 and a system description based on OASIS TOSCA. The approach is applied to a real industrial use-case scenario and an evaluation is performed to demonstrate its feasibility.