SL 2

SL 2 commonly refers to Security Level 2 in industrial control system cybersecurity models, such as those aligned with IEC 62443. It indicates a target level of protection for systems or zones against a defined class of threat actors and attack methods.

What SL 2 means in industrial environments

In regulated manufacturing and other industrial operations, SL 2 typically characterizes environments where:

• Threat actors are assumed to have some technical skills but rely on generally available tools and techniques.
• Cybersecurity controls go beyond basic good practice and address deliberate misuse, not just accidental errors.
• Network segmentation, managed access control, and monitored remote access are expected.
• Security responsibilities and procedures are defined and consistently applied across OT and supporting IT systems.

SL 2 is usually considered appropriate for systems where disruption would be significant but not catastrophic, or where higher levels (SL 3 or SL 4) would introduce disproportionate complexity given the actual risk and system constraints.

What SL 2 typically includes and excludes

While exact criteria vary by standard and implementation, an SL 2 target commonly includes:

• Role-based or least-privilege user access instead of shared, unrestricted accounts.
• Hardened configurations and controlled changes to PLCs, HMIs, MES interfaces, and supporting servers.
• Authenticated and, where feasible, encrypted communications between critical components.
• Basic security monitoring and logging to detect abnormal or unauthorized activity.

SL 2 usually does not assume:

• Defense against highly resourced, targeted, and sophisticated attackers (typically SL 3 or SL 4).
• Complete redesign of legacy or brownfield systems solely to reach higher security levels.
• Controls that would materially impair required availability or deterministic timing of control systems.

Operational use in manufacturing systems

In manufacturing, SL 2 is often used as a design and assessment target for:

• OT networks connecting PLCs, DCS, and SCADA to MES or historian systems.
• Interfaces between plant-floor systems and corporate IT or cloud services.
• Critical quality or batch records infrastructure that must be protected against basic tampering.

Risk assessments, zoning and conduit design, and security requirements for new equipment or software may all reference SL 2 as a baseline expectation for certain classes of assets.

Common confusion

• SL 2 vs. general security “maturity levels”: SL 2 is a targeted cybersecurity strength level against a defined threat profile, not a general process maturity or audit score.
• SL 2 vs. safety integrity levels (SIL): SL 2 is about cybersecurity and resistance to cyber threats. Safety Integrity Levels relate to functional safety performance for safety instrumented functions and use different criteria and numbering.
• SL 2 vs. SL 3 or SL 4: SL 2 does not imply weak security. It reflects a deliberate tradeoff between risk, system criticality, and feasible controls, especially in mixed-vendor or legacy environments.

Relation to risk-based security levels

In risk-based cybersecurity programs, SL 2 is selected when analysis shows that controls aligned with this level adequately address likely threats and consequences without over-specifying requirements. Not all systems need to target SL 3 or SL 4; SL 2 can be an appropriate and intentional choice for many industrial zones and conduits, particularly where legacy constraints, integration complexity, and validation effort must be balanced against risk.