Invisible Safety,

Proven by Intelligence

Proving Invisible Safety Through Intelligence.

Tech Note
Discover MDS Intelligence’s technical insights driving change in the IT industry.
Cyber ​​Security & Encryption
What is an Industrial Control System (ICS)? The International Standard IEC 62443
Jan 9, 2026

An Industrial Control System (ICS) refers to facilities such as power plants that generate electricity by rotating turbines via control signals, and manufacturing plants that produce industrial goods. As system integration and connections to external networks have increased in these critical national infrastructure industrial control systems since 2010, the importance of security has also grown.

Therefore, let's explore IEC 62443, the international standard for Industrial Control System security.

IEC 62443 was designed with the aim of minimizing risks through industrial control system networks. It structures all applicable security areas by defining processes across power plants, manufacturing facilities, factories, and systems.

│ Structure of IEC 62443

    IEC 62443 is broadly divided into four parts: General, Policies and Procedures, System, and Components.

    PartDescription
    1. General· General terms and concepts for Industrial Control Systems and security, system security compliance metrics, etc.
    2. Policies and Procedures· Items for establishing system security policies, and their operation and management.
    3. System· Security technologies, security requirements, and security assurance levels for Industrial Control Systems.
    4. Components· Product development requirements and technical security requirements for Industrial Control Systems.

    We will focus on the 'Policies and Procedures' part of IEC 62443. The Policies and Procedures section presents 14 domains of security controls based on the existing ISO 27001. 

    Below is a comparison of security control areas and items between ISO 27001 and IEC 62443. 

    As shown in the figure below, to establish an information security policy, it must include content from the 13 subordinate areas.




    │ IEC 62443 - 14 Domains of Security Controls

    Now, let's describe the 14 domains of security controls.


    Last June, the United Nations Economic Commission for Europe (UNECE) adopted the 'Regulation on Cyber Security Management System (CSMS)' due to the increasing ease of vehicle connectivity and heightened cybersecurity threats.

    Accordingly, new vehicles released in Europe after July 2022 must demonstrate that cybersecurity was considered from product development. IEC 62443-2-1, mentioned above, defines the necessary elements for establishing an IACS Cyber Security Management System (CSMS) and provides guidance on how to develop these elements.