Compliance with industrial security standards by implementing Remote Attestation

Abstract

To mitigate the risk of cyber threats on industrial systems, security standards are currently emerging and providing an important framework to ensure security. While security standards define desired se- curity outcomes, they often lack specific implementation strategies. This leads to the application of inconsistent or inadequate security measures. In this work, we focus on a novel security measure called remote attesta- tion, which is capable of verifying the authenticity and integrity of remote devices and systems. We analyze remote attestation and its relation to the industrial security standards IEC 62443, NERC CIP, NIST SP 800, ISO/IEC 27002, and PCI DSS. In detail, we map remote attestation to requirements of the analyzed security standards, highlighting the degree to which these requirements can be fulfilled by remote attestation. The results demonstrate that remote attestation is highly relevant to the an- alyzed security standards and offers both technical mitigation of cyber threats as well as compliance with well-established security standards.