ISA/IEC 62443-2-1 defines SP Element 4 as covering component hardening, malware protection, and the secure use of portable and mobile media. Malware introduced through USB devices is a well-known attack vector in IACS environments, and the standard addresses this risk explicitly through preventive controls rather than only reactive measures.
Step 1: Nature of the threat
Portable media such as USB drives bypass network-based defenses and can introduce malware directly into critical control systems. ISA/IEC 62443 recognizes this as a high-risk vector, especially in air-gapped or semi-isolated systems.
Step 2: SP Element 4 scope
SP Element 4 requires asset owners to implement technical controls such as:
Restrictions on the use of portable media
Use of dedicated, controlled media
Malware scanning before use
Hardening of endpoints to prevent unauthorized execution
Step 3: Why other SP Elements are secondary
SP Element 1 focuses on anomaly detection, not prevention.
SP Element 2 concerns inventory accuracy.
SP Element 7 applies after an incident has occurred.
Step 4: Preventive emphasis
The standard prioritizes prevention of malware introduction through controlled media usage, making SP Element 4 the most relevant.
