ISA Security Compliance Institute News Release
The ISA Security Compliance Institute and Wurldtech Collaborate to Raise the Bar on Industrial Control System Cybersecurity
Research Triangle Park, North Carolina, USA (25 October 2010) –The ISA Security Compliance Institute (ISCI) and Wurldtech Security Technologies, Inc. announced the completion of a collaborative project for converging the Wurldtech Achilles Level 1 TM certification test specifications with the ISASecure™ Embedded Device Security Assurance (EDSA) communication robustness test (CRT) specifications.
The objective of this initiative is to raise the bar for ensuring the security of industrial automation controls through a more comprehensive cybersecurity certification specification.
The converged Achilles TM and ISASecure CRT specifications were approved by the ISCI Technical Steering Committee this month after a lengthy technical review and making the updated ISASecure EDSA certification requirements available for download on the ISCI website, www.isasecure.org.
ISCI will offer the upgraded ISASecure CRT test as one of three elements of the ISASecure EDSA certification, which also includes a device Functional Security Assessment (FSA) and organizational Software Development Security Assessment (SDSA).
Wurldtech will offer an Achilles TM Level 2 test suite as part of its Achilles TM Satellite test platform and submit it to ISCI for formal recognition in compliance with the ISO/IEC Guide 65 process. This formal recognition will allow vendors to begin CRT testing and certification activities with the ISCI-recognized test suite.
ISCI and Wurldtech have also agreed to merge additional CRT specifications in a future release of the ISASecure CRT specification with the same goal in mind. ”It just made sense for two organizations working separately towards the same goal to find a way to collaborate,” stated Andre Ristaino, ISCI managing director. “The integration of the Achilles TM Level 1 specification into the ISASecure program will provide increased value to industry stakeholders looking to improve the security of their industrial operations,” he added.
The Achilles test suites play an important role in improving the network resiliency and robustness of global critical infrastructures," said Dr. Nate Kube, Wurldtech CTO. “Our collaboration with ISCI will raise the bar once again, providing industrial stakeholders with additional criteria for designing resilient industrial control systems,” he concluded.
About ISASecure EDSA Certification
The ISASecure program has been developed by the ISA Security Compliance Institute (ISCI) with a goal to accelerate industry-wide improvement of cybersecurity for Industrial Automation and Control Systems (IACS). It achieves this goal by offering a common industry-recognized set of device and process requirements that drive device security, simplifying procurement for asset owners and device assurance for equipment vendors.
ISASecure Embedded Device Security Assurance Certification (ISASecure EDSA), the first ISASecure certification, focuses on security of embedded devices and addresses device characteristics and supplier development practices for those devices. Through this certification, an embedded device that meets the requirements of the ISASecure specifications receives the ISASecure EDSA certification—a trademarked designation that provides instant recognition of product security characteristics and capabilities. ISASecure EDSA offers three certification levels for a device based on increasing levels of device security assurance: ISASecure Level 1 for Devices, ISASecure Level 2 for Devices, and ISASecure Level 3 for Devices.
The ISASecure EDSA certification is an ISO/IEC Guide 65 conformance scheme supporting ISCI’s goal to operate a globally recognized industrial automation controls cybersecurity certification program. This third-party accreditation by ANSI/ACLASS enhances the credibility and value of the ISASecure certification by attesting to the competence and qualification of ISCI certification bodies and laboratories. Visit www.ansi.org/isasecure for details on the ISASecure ANSI/ACLASS accreditation process.
About Wurldtech Security Technologies
Wurldtech Security Technologies provides proactive technology solutions designed to identify the presence of, and mitigate against, cyber vulnerabilities that can impact safe, secure and reliable industrial operations.
Wurldtech's product portfolio is designed for suppliers of industrial devices, systems and applications used in, and the end users/operators of, high-availability process control networks primarily in critical infrastructure sectors such as energy (oil and gas) and power (electric utilities, nuclear).
About the ISA Security Compliance Institute
Founded in 2007, the ISA Security Compliance Institute’s mission is to provide the highest level of assurance possible for the cyber security of industrial automation control systems.
The Institute was established by thought leaders from major organizations in the industrial automation controls community seeking to improve the cyber security posture of Critical Infrastructure for generations to come. Founding Members include Chevron, ExxonMobil Research and Engineering, Honeywell, Invensys, Siemens, and Yokogawa. Key Technical Members include Exida, Mu Dynamics, and Rockwell Automation.
The Institute’s goals are realized through industry standards compliance programs, education, technical support, and improvements in suppliers’ development processes and users’ life cycle management practices. The Institute’s ISASecure™ designation ensures that industrial automation control products conform to industry consensus cyber security standards, providing confidence to users of ISASecure™ products and systems and creating product differentiation for suppliers conforming to the ISASecure™ specification. www.isasecure.org