MQTT (MQ Telemetry Transport) is an open OASIS and ISO standard (ISO/IEC PRF 20922) lightweight, publish-subscribe network protocol that transports messages between devices. (From https://en.wikipedia.org/wiki/MQTT)
The international standard IEC 61499, addressing the topic of function blocks for industrial process measurement and control systems, was initially published in 2005. The specification of IEC 61499 defines a generic model for distributed control systems and is based on the IEC 61131 standard. (see https://en.wikipedia.org/wiki/IEC_61499 and IEC 61499 - International Electrotechnical Commission.
The ISA/IEC 62443 standard specifies security capabilities for (industrial) control system components. Developed by the ISA99 committee and adopted by the International Electrotechnical Commission (IEC), provides a framework to address and mitigate security vulnerabilities in industrial automation and control systems (IACSs). it is based upon the input and knowledge of IACS security experts from across the globe to develop consensus standards that are applicable to all industry sectors and critical infrastructure. Central is the application of IACS security zones and conduits (isolation & segmentation), which were introduced in 62443-1-1,
ISA-62443-4-2, Security for Industrial Automation and Control Systems: Technical Security Requirements for IACS Components, provides the cybersecurity technical requirements for components that make up an IACS, specifically the embedded devices, network components, host components, and software applications.
Based on the IACS system security requirements of ISA/IEC 62443‑3-3, System Security Requirements and Security Levels, 4-2 specifies security capabilities that enable a component to mitigate threats for a given security level without the assistance of compensating countermeasures.
ISA/IEC 62443-4-1, Product Security Development Life-Cycle Requirements, specifies process requirements for the secure development of products used in an IACS and defines a secure development life cycle for developing and maintaining secure products. The life cycle includes security requirements definition, secure design, secure implementation (including coding guidelines), verification and validation, defect management, patch management, and product end of life.
ISA/IEC 62443-3-2, Security Risk Assessment, System Partitioning and Security Levels, is based on the understanding that IACS security is a matter of risk management. 3-2 will define a set of engineering measures to guide organizations through the process of assessing the risk of a particular IACS and identifying and applying security countermeasures to reduce that risk to tolerable levels.
By aligning the identified target security level with the required security level capabilities 3‑3, System Security Requirements and Security Levels it takes the earlier 1-1 standard a step further. 2-3, Patch Management in the IACS Environment addresses the installation of patches, also called software updates, software upgrades, firmware upgrades, service packs, hot fixes, basic input/output system updates, and other digital electronic program updates that resolve bug fixes, operability, reliability, and cybersecurity vulnerabilities. It covers many of the problems and industry concerns associated with IACS patch management for asset owners and IACS product suppliers. It also describes the effects poor patch management can have on the reliability and operability of an IACS.