THE AUTOMATION FEDERATION NEWS RELEASE
Contact: Jennifer Infantino
The Automation Federation Joins Control Systems Security Certification Initiative
Research Triangle Park, NC (18 July 2006) - The Automation Federation has made a commitment to support a new initiative aimed at evaluating the feasibility of creating a set of well-engineered specifications and processes for the security testing and certification of critical control systems products. The Automation Federation will provide financial and personnel support for the initial feasibility study project.
Over the past few years, research has shown that SCADA and control systems products often have serious security vulnerabilities. These vulnerabilities leave the control systems exposed to viruses, hackers and possibly terrorist activities from around the world. Industry standards like those arising from ISA-SP99 and NERC CIP-2-9 and the work of the OMAC MSMUG group have been addressing this issue from an end-user prospective, but this initiative aims to help define methods by which suppliers of products can validate that their products afford the necessary level of secure operation.
Industry leaders from major control system operators and manufacturers are initiating this effort to create a set of well-engineered specifications and processes for the testing and certification of critical control systems products. With this program, control system suppliers would be able to offer products that are proven to meet a standard set of minimum security requirements.
To effectively frame the opportunity, Wurldtech Analytics Inc. will lead a detailed evaluation and development of a formal proposal. This will result in a well-defined model for the creation and operation of the security certification organization. Joann Byres, Director of Applied Research of Wurldtech Analytics Inc. said, "The deliverables for the study will include:
Investigation of critical success factors in industrial certification organizations
An incorporation model designed to best meet the needs of industry (e.g. non-profit or for-profit)
A proposed accreditation model and guidelines for interaction with standards bodies
Governance, membership, code of conduct and voting model
Legal and property rights guidelines
Proposed budget and membership fee model
A multiyear time line and milestones for the setup and operation of the organization
Long-term sustainability of the organization
Estimation of member commitment requirements in time and people
We expect the proposal will be completed by September 2006 and an organization could be launched in early 2007."
"Our vision is that any certification organization that arises will work very closely with existing standards groups. We'd give them both the draft documents that can be formulated as standards and the supporting research to enable informed decisions on security standards. We welcome The Automation Federation's support, especially because of the work of ISA and OMAC in the security standards arena, and we're looking forward to a close partnership," said Eric Byres, Director of Wurldtech Analytics, Inc., a research group leading the initiative.
The ISA-SP99 Committee has been working on establishing standards for implementing electronically secure manufacturing and control systems. The committee is focused on security practices and assesses electronic security performance. Guidance is directed towards those responsible for designing, implementing, or managing manufacturing and control systems and would also apply to users, system integrators, security practitioners, and control systems manufacturers and vendors.
OMAC formed the Microsoft Manufacturing User Group (MSMUG) in 1999 to address issues that arise when applying Microsoft technology in manufacturing. One part of the group focuses solely on reliability and security by developing best practices for configuring Windows in a control system environment.
"The Automation Federation's participation helps to broaden the visibility and level of end user support. Our collaboration with The Federation staff in identifying the various business and legal issues involved will really benefit the initiative," said Joann Byres, Director of Applied Research for Wurldtech.
"When we created The Automation Federation, this is the type of work we envisioned participating in. All of the member organizations can coordinate their support in a collaborative way, and really make a difference in an important venture," said ISA President Ken Baker.
Founded in 1945, ISA (www.isa.org) is a leading, global, nonprofit organization that is setting the standard for automation by helping over 30,000 worldwide members and other professionals solve difficult technical problems, while enhancing their leadership and personal career capabilities. Based in Research Triangle Park, North Carolina, ISA develops standards; certifies industry professionals; provides education and training; publishes books and technical articles; and hosts the largest conference and exhibition for automation professionals in the Western Hemisphere. ISA is the founding sponsor of The Automation Federation (www.automationfederation.org).
WBF provides an open forum for the exchange of information related to the management, operation, and automation of manufacturing processes. Created in 1994, members of the non-profit, professional organization include end-users, vendors, consultants and academics. WBF provides organization, management, and structure to facilitate networking among its members and sharing of knowledge and information related to manufacturing processes. WBF documents best practices and guidelines for implementation of standards that apply to batch control and the exchange of batch data, as well as conducting technical conferences and technical training programs. WBF is a founding charter member of The Automation Federation (www.automationfederation.org). More information about WBF is available at www.wbf.org.
OMAC–The Open Modular Architecture Controls Users’ Group (www.omac.org) is an affiliate organization of ISA- The Instrumentation, Systems and Automation Society- and works to collectively derive common solutions for both technical and non-technical issues in the development, implementation, and commercialization of open, modular architecture control (OMAC) technologies, and to facilitate the accelerated development and convergence of industry and government developed OMAC technology guidelines to one set that satisfies common use requirements. OMAC has about 500 member representatives from end-user companies, OEM's, and technology providers and integrator companies. OMAC currently operates three Work Groups: Packaging Machinery, Manufacturing Infrastructure, and Machine Tool. OMAC is a founding charter member of The Automation Federation (www.automationfederation.org).