In the OSI model, the Data Link layer (Layer 2) is responsible for error detection/correction and for assigning and handling MAC (Media Access Control) addresses, which are unique identifiers for network interfaces. This layer ensures reliable transmission of data frames between devices on the same local network. The Network layer (Layer 3) handles IP addressing and routing, not MAC addresses.

Separation of duties is a security principle that aims to prevent fraud, errors, conflicts of interest, or misuse of resources by dividing critical tasks or functions among different people or teams. It is one of the foundational requirements (FRs) of the ISA/IEC 62443 standards for securing industrial automation and control systems (IACSs). According to the ISA/IEC 62443-2-1 standard, separation of duties includes the following system requirements (SRs):

SR 2.1: Security management policy

SR 2.2: Personnel security

SR 2.3: System development and maintenance

SR 2.4: Incident response and recovery

SR 2.5: Compliance and review

Among these SRs, the one that is most related to the example of system development and maintenance is SR 2.3. SR 2.3 requires that the IACS shall provide the capability to ensure that the development and maintenance of the system and its components are performed in a secure manner. This means that the IACS should have a mechanism to control the access and authorization of developers, testers, integrators, and maintainers who work on the system and its components. It also means that the IACS should have a mechanism to verify and validate the quality and security of the system and its components before, during, and after the development and maintenance processes.

Therefore, an example of separation of duties as a part of system development and maintenance is that changes are approved by one party and implemented by another. This ensures that the changes are authorized, documented, and reviewed by someone who is not involved in the implementation. This reduces the risk of introducing errors, vulnerabilities, or malicious code into the system and its components.

 Safety management staff are stakeholders of the CSMS, which stands for Cybersecurity Management System. The CSMS is a framework for managing the cybersecurity of industrial automation and control systems (IACS) based on the ISA/IEC 62443-2-1 standard1. The CSMS defines the objectives, policies, metrics, and governance for the overall ICS security program2. The CSMS also includes the processes for risk assessment, security design, implementation, monitoring, and improvement3. Safety management staff are involved in the CSMS development and implementation, as they are responsible for ensuring the safety of the IACS and the people, environment, and assets that depend on it. Safety management staff need to coordinate with the security management staff to align the safety and security requirements, identify and mitigate the safety risks arising from cyber threats, and monitor and respond to safety incidents caused by cyberattacks. References:

1: ISA/IEC 62443-2-1: Establishing an Industrial Automation and Control Systems Security Program, ISA, 2010.

2: A Practical Approach to Adopting the IEC 62443 Standards - ISAGCA

3: ISA ISA-IEC-62443 ISA/IEC 62443 Cybersecurity Fundamentals Specialist Online Training - Exam4Training

[4]: Using the ISA/IEC 62443 Standards to Secure Your Control System, ISA, 2018.

ISA/IEC 62443 references OPC technologies as common industrial communication mechanisms that must be secured appropriately. OPC Unified Architecture (OPC UA) was designed specifically to overcome the limitations of OPC Classic while improving interoperability and security.

Step 1: Need for structured data modeling

Modern IACS environments require standardized, vendor-neutral data exchange across heterogeneous devices. OPC UA introduces a browsable namespace that organizes data into objects, folders, variables, methods, and relationships.

Step 2: Alignment with security and architecture goals

The browsable namespace enables consistent access control, integrity protection, and secure session management, aligning with ISA/IEC 62443 principles of controlled data flow and least privilege.

Step 3: Why other options are incorrect

OPC tunneling addresses connectivity, not data modeling.

DCOM-based firewalls relate to legacy OPC Classic.

OLE/COM technologies lack platform independence and modern security features.

Thus, OPC UA’s browsable namespace is the correct feature.

ISA/IEC 62443 recognizes that some industries require sector-specific interpretations of cybersecurity controls. For the energy sector, ISO/IEC 27019 fills this role.

Step 1: Scope of ISO/IEC 27019

ISO/IEC 27019 provides information security controls specifically tailored for energy utility process control systems, including power generation, transmission, and distribution.

Step 2: Alignment with ISA/IEC 62443

ISO/IEC 27019 complements ISA/IEC 62443 by adapting ISMS-based controls to OT and ICS environments, addressing availability, safety, and real-time constraints.

Step 3: Why other options are less suitable

ISO/IEC 27001 is general-purpose and not ICS-specific. NIST SP 800-53 is broad and IT-centric. IEC PAS documents are not comprehensive sector standards.

Therefore, ISO/IEC 27019 is the most appropriate choice.

A key distinguishing factor between IT (Information Technology) and IACS (Industrial Automation and Control Systems) environments is the **requirement for cybersecurity to consider safety in IACS systems.

From ISA/IEC 62443-1-1, Clause 4.3:

“In contrast to traditional IT environments, where the primary concern is confidentiality, the primary concerns in IACS environments are often availability, integrity, and most critically — safety.”

Any cybersecurity failure in IACS environments can result in physical consequences, such as equipment damage, environmental harm, or loss of human life — making safety a critical consideration.

Incorrect Options:

A. Integrity is important, but availability and safety are usually higher priorities.

B. IT prioritizes confidentiality, not availability.

D. Routers are indeed used in IACS networks, often hardened or industrial-grade.

According to ISA/IEC 62443-2-4, which defines security requirements for IACS service providers, four maturity levels (ML1–ML4) are established as evaluation criteria for measuring the maturity of cybersecurity practices.

These are:

ML1 – Initial

ML2 – Managed

ML3 – Defined

ML4 – Improving

“This standard defines four maturity levels (ML1 through ML4) to assess the extent of cybersecurity process implementation for service providers.”

— ISA/IEC 62443-2-4:2015, Clause 5.1 – Maturity Level Overview

These maturity levels are used to benchmark and certify service provider practices across different domains like patching, access control, and incident response.