The basic concepts from IEC 62443 such as Defense-In-Depth, Zones and Conduits and Security Level explained
"The importance of industrial security in the automation context is increasing, both due to serious security incidents (e.g. ransomware) and increasing regulation (e.g. EU Cybersecurity Act (CSA)). It may still be possible to avoid the issue at present, but every project, whether before or after commissioning, is soon caught up in it. For this reason, the following questions are increasingly being asked during the project initiation phase:
What is a resilient and sustainable approach to industrial security?
How can you prove that those responsible have fulfilled their duty?
How should one deal with the constantly changing parameters and attack vectors?
Are there measures that must always be implemented regardless of the scenario?
There is also the question of how measures can be prioritized in the first place." - www.sichere-industrie.de