AR devices inherit many security challenges typically associated with mobile devices, including logging, auditing, malware detection, and incident response requirements. In order to achieve consistent and comprehensive security across AR devices in the enterprise, both host-based protection and image management should be used. Once a secure configuration has been built in a test environment, that device image should be used across all devices.
The lifecycle policy of the device (commission, provision, normal usage, alert state, remediation state and decommission) should cover other building blocks, in particular, identity management.
FIGURE 1-10: AR Device Lifecycle.
The International Electrotechnical Commission (IEC) is an internationally-recognized non-profit organization that publishes standards for electrical, electronic and related technologies. IEC 62443-3-3, Security for industrial automation and control systems – System security requirements and security levels, defines four security levels for rating cyber threat protection elements, providing guidance on how to evaluate the protection levels for different security functions.
IEC security protection levels.
| IEC Security Protection Level | Description |
| SL1 | Protection against casual violation |
| SL2 | Protection against intentional violation using simple means |
| SL3 | Protection against intentional violation using sophisticated means |
| SL4 | Protection against intentional violation using sophisticated means with extended resources |
The following items are required for SL >1
The following items are required for SL >2
System protection on the AR device should include both protection from malware, and compartmentalization of processes at the lowest reasonable level. Devices should run applications and operating environments at standard user privilege levels with device protection and configuration run at root levels. Due to the use of standard operating systems in most AR devices, compatible malware detection and endpoint protection solutions should be used which also take into account both standard and AR-unique characteristics, if available.
The International Electrotechnical Commission (IEC) is an internationally-recognized non-profit organization that publishes standards for electrical, electronic and related technologies. IEC 62443-3-3, Security for industrial automation and control systems – System security requirements and security levels, defines four security levels for rating cyber threat protection elements, providing guidance on how to evaluate the protection levels for different security functions.
IEC security protection levels.
| IEC Security Protection Level | Description |
| SL1 | Protection against casual violation |
| SL2 | Protection against intentional violation using simple means |
| SL3 | Protection against intentional violation using sophisticated means |
| SL4 | Protection against intentional violation using sophisticated means with extended resources |
The following items are required for SL >0
The following items are required for SL >1
The following items are required for SL >2
The following items are required for SL >3
You must be an AREA subscriber and logged in to access this content. Please login or click below to create your free AREA subscriber account and access this valuable content today.
Need more advice on the types of membership you cant get? Click here for our FAQ section on memberships.