Abstract
AbstractSecure and agile development of operational technology (OT) and related software in industry is a crucial but challenging issue. Generally recognized standards such as IEC 62443–4-1 set up the requirements for cybersecurity processes for OT and software development. The main challenge of IEC 62443–4-1 resides in its adoption and implementation in practice, which originates from the standard’s complexity. We propose three novel design principles and two subsequent design objectives to be prioritized for future design-research oriented work on standard-compliant DevSecOps. The design principles have been formed after six years of experience and observations in cybersecurity consulting in industry, documented here as a piece of action design research (ADR). As a case study, we describe instantiation of the design principles at Valmet Automation Systems, one of the earliest IEC 62443–4-1 -certified companies. The proposed design principles altogether suggest for the information-centric view on the contextual adoption and use of the IEC 62443–4-1 standard in DevSecOps practices for OT.
Publisher
Springer Nature Switzerland
Reference16 articles.
1. Akbar, M.A., Smolander, K., Mahmood, S., Alsanad, A.: Toward successful DevSecOps in software development organizations: a decision-making framework. Inf. Softw. Technol. 147, 106894 (2022)
2. Brooks, F.P., Jr.: The Mythical Man-Month. Addison-Wesley, Reading MA (1975)
3. Everest, G.C.: Database Management: Objectives, System Functions, and Administration. McGraw-Hill, New York (1986)
4. Givehchi, O., Landsdorf, K., Simoens, P., Colombo, A.W.: Interoperability for industrial cyber-physical systems: an approach for legacy systems. IEEE Trans. Industr. Inf. 13(6), 3370–3378 (2017)
5. Gregor, S., Chandra Kruse, L., Seidel, S.: Research perspectives: the anatomy of a design principle. J. Assoc. Inf. Syst. 21(6), 1622–1652 (2020)