ThreatGet: Ensuring the Implementation of Defense-in-Depth Strategy for IIoT Based on IEC 62443

Security engineering is a major challenge in the distributed and heterogeneous nature of the Industrial Internet of Things (IIoT). While IEC 62443 is available as a security engineering standard for the industrial domain, the increased complexity and dynamic of combining IoT with industrial sys-tems challenges approaches without automation. Security analy-sis in the IIoT with a model-based engineering tool is essential to ensure the proper method is applied to protect the system model. This work follows the Defense-in-depth strategy presented by IEC 62443, then adapted for IIoT applications. We use ThreatGet threat modeling tool to show how this strategy could be implemented in the IIoT domain using threat modeling. The research findings demonstrate how the threat modeling approach ensures the implementation of a defense-in-depth strategy in the IIoT domain.