Last edit: 11/08/2023
The security risk assessment relative to an SCS is part of the overall security risk assessment of the machine in its environment and includes consideration of various phases such as design, implementation, commissioning, operation, and maintenance.
As part of the security risk assessment, a vulnerability assessment can be carried out to identify vulnerabilities (that can be exploited by threats) of the machine and the potential influence related to safety. The following information should be available:
- a description of the devices covered by the vulnerability assessment (e.g. mobile panel, or any other device connected to the safety-related control system);
- a description of identified vulnerabilities that can be exploited by threats and result in security risks;
- a description of parts of the SCS (e.g. hardware or software) that should be protected by security countermeasures.
The manufacturer of the machine can make some assumption about the threats in consideration of the foreseen machine installation site and implements security countermeasures6 based on the vulnerability assessment.