association news | Highlights and Updates
ISA fully engaged in cybersecurity
Presidential Executive Order on Critical Infrastructure Cybersecurity draws comprehensive response from ISA and AF
By Bill Lydon, Editor in Chief
U.S. Presidential Executive Order 13636, announced in President Obama’s 2013 State of the Union address and signed on 12 February, is intended to confront the growing threats and risks of destructive and potentially deadly cyber-attacks on the nation’s critical infrastructure. The Executive Order calls for development of a national Cybersecurity Framework that includes “standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks,” and “help owners and operators of critical infrastructure identify, assess, and manage cyber risk.” The National Institute of Standards and Technology (NIST) of the U.S. Department of Commerce is charged with developing the Framework.
NIST has recognized the efforts of the Automation Federation (AF) to ensure that language is included in the Cybersecurity Framework to address the protection of industrial automation and control systems (IACS). Key NIST staff asked to meet with AF and ISA subject matter experts immediately prior to the first of four NIST Cybersecurity Framework workshops to discuss the central role that ISA99 industry standards for IACS security might play in the Framework.
The first NIST Cybersecurity Framework workshop was held at the offices of the U.S. Department of Commerce in Washington, D.C., on 3 April. Attendees included Leo Staples, 2013 Automation Federation Energy Committee chair; Eric Cosman, co-chair of ISA99 Security Committee; Johan Nye, chairman, Governing Board of the ISA Security Compliance Institute; Steve Mustard, member of the Automation Federation Government Relations Committee; and Mike Marlowe, Automation Federation managing director and government relations director.
Following the workshop, AF agreed to a request from NIST to help identify a location for one of three additional national Cybersecurity Framework workshops, to be held in September on the Raleigh campus of North Carolina State University. The other NIST workshops are planned for May 29–31 at Carnegie Mellon University, and in July at a time and location to be determined.
ISA cybersecurity initiatives
In response to a NIST open request for information on the Cybersecurity Framework, AF submitted comprehensive responses in early April from both the ISA99 standards development committee and the ISA Security Compliance Institute (ISCI). ISA99 and ISCI have been developing IACS multi-industry consensus standards and conformity assessment programs, respectively, to protect vital industrial and critical infrastructure. The application of automation to increase productivity, reduce costs, and share information in real time across multiple industrial and enterprise systems is vital in maintaining and increasing industrial competitiveness. In order to meet industry competitiveness objectives and protect IACS from cyber threats, the NIST Cybersecurity Framework, like the ISA99 standards, is intended to apply across multiple industry sectors. Cyber-attacks on industrial operations continue to be a great concern, but at the same time management demands are increasing for real-time communications between automation and business systems. In addition, the decreasing number of experienced automation experts is driving the need for remote plant operations over the Internet, raising vulnerability concerns.
These are some of the major reasons that ISA and AF have taken the lead to address IACS cybersecurity. Read about the key initiatives, find out about training courses in cybersecurity, and view the full article online at www.isa.org/intech/201306web1.
ARC names ISA108 in top technologies report
The work of the ISA108 committee was described as important to intelligent device management in a recent ARC Insights Report May 16, 2013 titled, Top Technologies for 2013. “Vice President Dave Woll believes that once finalized, ISA108 will provide best practices that enable industrial organizations to extract maximum value from their intelligent devices.”
For more information on ISA108, visit www.isa.org/link/ISA108. ARC subscribers can view the full ARC Insights Report by logging into the ARC account at www.isa.org/link/ARCInsightsReport or visit www.arcweb.com.