Embedded controller framework approved
The ISA Security Compliance Institute (ISCI) has been working hard to help ensure the security of control systems throughout the industry. One significant milestone in the past month is the approval of the ISASecure Embedded Controller Security Assurance (ECSA) test specification framework, which establishes the scope of the ISASecure test specification and identifies the embedded controller testing approach and high level criteria for passing or failing the ISASecure tests.
Embedded controllers are the “last line of defense in the cyber security paradigm,” said Bryan Singer, principal consulting engineer at Kenexis Consulting in Pelham, Ala. “While networks and host system protection comprise primary defenses, the reliability and robustness of the end devices is critical to maintaining safe and efficient operation. The embedded controller is a single-purpose device with on-board operating systems that control production equipment in real time. If an attacker on an industrial process makes it through all the independent protection layers of defense and gets to the embedded controller (the last line of defense), the ISASecure designation gives you a demonstrable and verifiable assurance of how resistant a certified device will be to anomalous network events or intentional attack.”
The ECSA approval signifies a key milestone in developing the ISASecure industrial cyber security certification program for suppliers, owner, and operators, as well as smart grid customers. With loyal followers and newcomers, the interest among companies highlights a consensus-based effort by the industrial automation controls community to achieve this important milestone.
ISCI was established by leaders from major organizations in the industrial automation controls community seeking to improve the cyber security posture of critical infrastructure for generations to come. Founding members include Chevron, ExxonMobil Research and Engineering, Honeywell, Invensys Process Systems, Siemens, and Yokogawa. Key technical members include exida, Mu Dynamics, Rockwell Automation, and Wurldtech Security Technologies.
Find a publicly available version of the ISASecure ECSA Framework describing the ECSA certification program at www.isa.org/ISASecure.
ISA Wireless Compliance Institute adds members
In August, ISA announced two new members to the ISA100 Wireless Compliance Institute: Gastronics and Wilson-Mohr. Gastronics, a supplier of wireless gas sensors, pioneered the wireless gas monitor by developing what is now known as true wireless gas detection, a standard for many companies due to its high reliability and significant cost savings. The companies are mentioning the ISA100.11a industrial wireless standard more frequently, and “it just seemed like the right time to look into it,” said Bud Dungan, president of Gastronics. “The concept of an industrial wireless communication standard with true interoperability and mesh networking capabilities is compelling. We are anxious to add ISA100.11a capabilities to our gas sensors and have high expectations for market uptake of these products.”
Wilson-Mohr, a provider of building automation and industrial process control solutions, serves the chemical, oil and gas, utility, pulp and paper, and commercial building development industries in the energy region of the U.S. “Our customers’ operating sites are seeking operational excellence and improved effectiveness through the use of leading technologies and practices, and early adopters are asking for industrial control products based on ISA100.11a industrial wireless technology,” said Andrew Neeb, the company’s wireless business leader. “We believe the characteristic of interoperability and the ISA100 standards evolution plans provide huge advantages of product innovation and established the technology foundation for the future of industrial controls.”
ISCI maintains their original plan to develop and maintain consensus-based ICS cyber security test specifications only; not test tools and laboratories. ISCI encourages test agencies, auditors, and test-tool vendors to develop products and services and test to the ISASecure specification.