Resumen
Nowadays, software and system development is a more complex process than ever was and it faces challenges, where security became one of the most crucial. Based upon co-engineering in the AQUAS project, complex standards covering development processes regarding safety, but performance and security are missing. In the paper, the representative standard for Industrial Automation and Control Systems (IACS) is selected for gap analysis, both as examples of issues in co-engineering in security and performance, and possibly for evolution and extension in security standards. For IACS, the ANSI/ISA 62443 defines procedures for implementing security requirements. Based upon co-engineering in the AQUAS project and experience from the real implementation of security by TrustPort practitioners of this domain, the paper introduces the 62443 standard gaps analysis with the goal to identify the missing part. Based on this analysis, the possible recommendations for extending 62443-3-3 are proposed.