NE193 “An Information Model for Automation Security Engineering” has been newly published.

The NAMUR Recommendation NE 193 from the WG 1.3 Information Management and Tools has been released and may now be obtained from the NAMUR Office.

Abstract to NE 193 "An Information Model for Automation Security Engineering"

This NAMUR recommendation defines a UML information model for the security engineering of automation systems (Automation Security Engineering), i.e. analysing security problems, taking security decisions, and developing security solutions for automation systems.

• Information exchange between security-related planning tools: Security-relevant information exists in many different software tools and/or files.
• Model-based security engineering and security by design: An information model is the basis for enabling model-based security engineering and generating flexible visualisations.
• Taking security-related decisions during operation: Security require contextual information typically from different sources.
• Management of standard configurations: Efficiency gains in the operation of security solutions are often the result of standardising components and their configurations.

The information model described in this NAMUR recommendation can be used for automation security engineering in the design and operating phase of an automation system. It can be used by manufacturers, integrators and operators alike and is independent of industry or location.

The scope of application of the information model is to document information that is used and/or generated during the security engineering of an automation system. Hence, it documents the security of automation systems. This NAMUR recommendation does not consider the security of the information in the information model.