Information-Centric Adoption and Use of Standard Compliant DevSecOps for Operational Technology: From Experience to Design Principles
Haverinen, Henry; Päivärinta, Tero; Vänskä, Jussi; Joutsijoki, Henry (2024-02-09)
Springer
09.02.2024
Haverinen, H., Päivärinta, T., Vänskä, J., Joutsijoki, H. (2024). Information-Centric Adoption and Use of Standard Compliant DevSecOps for Operational Technology: From Experience to Design Principles. In: Hyrynsalmi, S., Münch, J., Smolander, K., Melegati, J. (eds) Software Business. ICSOB 2023. Lecture Notes in Business Information Processing, vol 500. Springer, Cham. https://doi.org/10.1007/978-3-031-53227-6_28
https://creativecommons.org/licenses/by/4.0/
© The Author(s) 2024. This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made. The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
https://creativecommons.org/licenses/by/4.0/
© The Author(s) 2024. This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made. The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
https://creativecommons.org/licenses/by/4.0/
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:oulu-202404222870
https://urn.fi/URN:NBN:fi:oulu-202404222870
Tiivistelmä
Abstract
Secure and agile development of operational technology (OT) and related software in industry is a crucial but challenging issue. Generally recognized standards such as IEC 62443–4-1 set up the requirements for cybersecurity processes for OT and software development. The main challenge of IEC 62443–4-1 resides in its adoption and implementation in practice, which originates from the standard’s complexity. We propose three novel design principles and two subsequent design objectives to be prioritized for future design-research oriented work on standard-compliant DevSecOps. The design principles have been formed after six years of experience and observations in cybersecurity consulting in industry, documented here as a piece of action design research (ADR). As a case study, we describe instantiation of the design principles at Valmet Automation Systems, one of the earliest IEC 62443–4-1 -certified companies. The proposed design principles altogether suggest for the information-centric view on the contextual adoption and use of the IEC 62443–4-1 standard in DevSecOps practices for OT.
Secure and agile development of operational technology (OT) and related software in industry is a crucial but challenging issue. Generally recognized standards such as IEC 62443–4-1 set up the requirements for cybersecurity processes for OT and software development. The main challenge of IEC 62443–4-1 resides in its adoption and implementation in practice, which originates from the standard’s complexity. We propose three novel design principles and two subsequent design objectives to be prioritized for future design-research oriented work on standard-compliant DevSecOps. The design principles have been formed after six years of experience and observations in cybersecurity consulting in industry, documented here as a piece of action design research (ADR). As a case study, we describe instantiation of the design principles at Valmet Automation Systems, one of the earliest IEC 62443–4-1 -certified companies. The proposed design principles altogether suggest for the information-centric view on the contextual adoption and use of the IEC 62443–4-1 standard in DevSecOps practices for OT.
Kokoelmat
- Avoin saatavuus [37744]
Ellei muuten mainita, aineiston lisenssi on https://creativecommons.org/licenses/by/4.0/