ISA NEWS RELEASE
Contact: Jennifer Infantino
ISA Control Systems Cyber Security Committee Launches Major New Effort While Nearing Completion of First Two Industry Standards
Houston, Texas (18 October 2006) - In meetings at ISA EXPO this week, the ISA-SP99 Industrial Automation and Control Systems Security committee focused on preparations to issue its first two standards and an updated guideline for committee voting -- while launching a new working group to develop another key standard in the ISA-99 series.
The committee decided to issue its Part 1 draft standard in November for what is expected to be a final round of committee voting. This standard, "Security for Industrial Automation and Control Systems: Concepts, Terminology and Models," will define the concepts, terminology, and models of industrial automation and control systems security, establishing the basis for the remaining standards in the ISA-99 series.
"Previous reviews and voting on the Part 1 draft generated over 250 comments from control system security experts across industry," stated ISA-SP99 Principal Editor Eric Cosman of Dow Chemical Company. "This input has considerably strengthened the draft, and we are very confident our upcoming ballot will lead to publication of Part 1 as an American National Standard in early 2007," he added.
Prior reviews and voting on the Part 2 draft standard, "Establishing an Industrial Automation and Control Systems Security Program," resulted in a similar influx of comments that are being factored into a revised draft planned for committee balloting in early 2007. "As with Part 1, the review and commenting process has strengthened the Part 2 draft considerably," stated Part 2 editor James Gilsinn of the National Institute of Standards and Technology (NIST). The Part 2 standard will provide detailed guidance for developing a management system and program for the cyber security of industrial automation and control systems.
"The ISA-SP99 collaboration is meeting vital industry needs for standards that define procedures for implementing electronically secure industrial automation and control systems and security practices, and for assessing electronic security performance," said ISA-SP99 chairman Bryan Singer of Rockwell Automation. "Compliance with the ISA-99 standards and guidelines will ultimately improve the electronic security of these systems, and will help identify vulnerabilities and address them."
The ISA-SP99 committee made two additional major announcements at ISA EXPO:
Launch of a new working group to develop the ISA-99 Part 4 standard, Specific Security Requirements for Industrial Automation and Control Systems, which will provide the details of how security levels can be measured and established for specific systems, hardware and software. Johan Nye of ExxonMobil and Tom Phinney of Honeywell will serve as co-chairs of the working group. Automation industry consultant Dick Oyen will serve as Part 4 editor.
The impending release for committee voting of an update of ISA-TR99.00.01, Security Technologies for Industrial Automation and Control Systems, which provides an evaluation and assessment of current types of electronic security technologies and tools that may be employed by end-user companies for securing these systems against cyber attack. Major input for this revision of the well-received 2004 ISA technical report has been provided by a group of security experts from NIST and the US National Laboratories, led by Robert Evans of Idaho National Laboratory, with key support from the US Department of Energy and US Department of Homeland Security.
For further information about ISA-SP99, visit www.isa.org/community/SP99.
For information on other ISA standards committees, visit www.isa.org/standardscommittees.
Founded in 1945, ISA (www.isa.org) is a leading, global, nonprofit organization that is setting the standard for automation by helping over 30,000 worldwide members and other professionals solve difficult technical problems, while enhancing their leadership and personal career capabilities. Based in Research Triangle Park, North Carolina, ISA develops standards; certifies industry professionals; provides education and training; publishes books and technical articles; and hosts the largest conference and exhibition for automation professionals in the Western Hemisphere. ISA is the founding sponsor of The Automation Federation (www.automationfederation.org).