International Society of Automation News Release
ISA99 Launches Cyber Threat Gap Analysis Task Group
Research Triangle Park, North Carolina, USA - (3 March 2011) – The International Society of Automation (ISA) announces that the ISA99 standards committee on Industrial Automation and Control Systems Security has formed a task group to conduct a gap analysis of the current ANSI/ISA99 standards with respect to the rapidly evolving threat landscape, as demonstrated by the highly publicized Stuxnet malware. The purpose is to determine if companies following the ISA99 standards would have been protected from such sophisticated attacks and to identify changes needed, if any, to the standards being developed by the ISA99 committee. The new task group intends to produce a technical report summarizing the results of its analysis by mid-2011.
Stuxnet is a highly sophisticated computer worm that was first disclosed in the summer of 2010. It is the first known malware to have been specifically written with the intent to compromise a control system and sabotage an industrial process. Stuxnet’s capabilities are being well documented in the press, and some of these capabilities may migrate into new threats. Going forward, automation systems must be able to detect and either block or be able to recover from advanced Stuxnet-like threats.
The ANSI/ISA99 standards address the vital issue of cybersecurity for industrial automation and control systems. The standards describe the basic concepts and models related to cybersecurity, as well as the elements contained in a cybersecurity management system for use in the industrial automation and control systems environment. They also provide guidance on how to meet the requirements described for each element.
The ANSI/ISA99 standards form the base documents for the IEC 62443 series of industrial automation (sometimes generically labelled "SCADA," or supervisory control and data acquisition) security standards. Over the next few years, these standards will become core international standards for protecting critical industrial infrastructures that directly impact human safety, health, and the environment; and, likely will be extended to other areas of application, even broader than those generically labelled "SCADA." Based on this, it is essential that industrial companies following IEC 62443 standards know they will be able to stop the next Stuxnet. The work of the new ISA99 task group will have a significant impact on ensuring that automation facilities are secure in the future.
For more information on the Stuxnet threat and industrial cybersecurity, see these two recent articles from InTech magazine:
The new task group, designated ISA99 WG5 TG2, is open to all cybersecurity subject matter experts. Interested parties are asked to contact Eric Byres, email@example.com. Cybersecurity experts interested in joining the ISA99 committee are asked to visit http://isa99.isa.org/ISA99%20Wiki/Home.aspx and to contact Charley Robinson, firstname.lastname@example.org.
Founded in 1945, the International Society of Automation (www.isa.org) is a leading, global, nonprofit organization that is setting the standard for automation by helping over 30,000 worldwide members and other professionals solve difficult technical problems, while enhancing their leadership and personal career capabilities. Based in Research Triangle Park, North Carolina, ISA develops standards, certifies industry professionals, provides education and training, publishes books and technical articles, and hosts conferences and exhibitions for automation professionals. ISA is the founding sponsor of the Automation Federation (www.automationfederation.org).