International Society of Automation News Release
Contact: Jennifer Infantino
Receive practical guidance on how to improve cybersecurity
of industrial automation and control systems at ISA Automation Week 2013
This press release is fourth in a series showcasing the event’s six educational tracks
Research Triangle Park, North Carolina, USA (24 September 2013) – Given the increasing concerns about cyberwarfare and the serious damage cyberattack can cause to industry and national infrastructure, the International Society of Automation (ISA) today announces that an educational track at ISA Automation Week 2013 will provide practical guidance on how to improve cybersecurity of industrial automation and control systems (IACS).
“The risk of a cyber event is very real, regardless of how much you may want to discount the possibility of a targeted attack,” asserts Eric C. Cosman, a nationally recognized expert on industrial systems cybersecurity and chair of the Industrial Network Security educational track. “Virtually any computer-based system is vulnerable to incidental attack by malicious software. And physical separation from the Internet doesn’t ensure protection. An attack can come through means as simple as a shared storage device.”
Virtually all experts agree that America’s industrial production settings and infrastructure environments are woefully under-prepared to address cyberwarfare. If industrial control systems and critical infrastructure—such as a power plant, water treatment facility, or transportation grid—are attacked, the result could be significant equipment impairment, production loss, regulatory violations, environmental damage, and public endangerment.
Industrial Network Security is one of six educational tracks offered at ISA Automation Week 2013, the premier annual event for automation and control professionals worldwide, to be held 5-7 November 2013 in Nashville, Tennessee, USA. Leading automation and control experts, authors, innovators and thought leaders across the globe will come together at the conference to demonstrate how to fully leverage the power and potential of automation solutions.
This press release is the fourth in a series showcasing the event’s six educational tracks. The first press release, distributed early in July, showcased the Creating Business Value through Automation educational track. The second release, distributed in late July, focused on the Asset Lifecycle Management and Optimization/Strategy educational track. The third release, posted in late-August, highlighted The Connected Enterprise educational track. In the coming weeks, ISA will profile the remaining two educational tracks:
“Perhaps the biggest challenge,” Cosman points out, “facing professionals striving to secure their IACS is navigating through the diverse, often conflicting information in order to find the tried-and-true guidance and dependable advice that can be applied now.”
Attendees of this educational track will be able to quickly get up to speed on the latest cybersecurity trends and approaches, and the most recent developments in standards and practices so that they can take some immediate steps to safeguard their systems.
Separate sessions within the Industrial Network Security track include:
Effective cybersecurity, Cosman says, requires applying the right mixture of technology, standards, people, business acumen and attention to safety.
“Comprehensive industrial network security must integrate all these factors. In fact, the development of the ANSI/ISA99, Industrial Automation and Control Systems Security standards (also known globally as IEC 62443) is specifically based on a solid footing in people, process, safety and technology. Safety considerations support the business imperative behind effective security simply because an insecure control system can result in unsafe processes.
Too often, Cosman explains, these multi-faceted interrelationships among key organizational processes and objectives are not fully grasped when implementing a major automation-based initiative, such as cybersecurity.
“Safe processes directly impact business operations because they avoid the costs and impact of business interruption, eroded customer relationships and, of course, personal injury. The primary focus of industrial cybersecurity is protecting the integrity and availability of the underlying process, ensuring safe and reliable operation.
“In addition, cybersecurity involves employing technology and standards in a manner that drive consistent and effective practices. These practices are executed and monitored by people who have the skills, experience and context-specific perspective.”
Of course, technology plays a key role in cybersecurity, Cosman says, because industry and manufacturers need to continue to leverage technical improvements while also improving the processes used to develop and deliver new technologies.
“This is called ‘security by design’ and while major strides have been made in this area, there is considerable room for improvement.”
Cosman, a consulting engineer at Dow Chemical Company, is regarded throughout the global automation community as an expert in industrial systems cybersecurity, and on assessing the implications of cybersecurity on manufacturing operations. He is a founding member and the current co-chairman of the ISA99 committee on industrial automation and control systems security and the Vice President of Standards and Practices at ISA.
He served as a member of the Steering Team for the Chemical Sector Cyber Security program, which is associated with the American Chemistry Council, and represents the chemical sector coordinating council in the Industry Control Systems Joint working group with the US Department of Homeland Security. He was one of the authors of the Chemical Sector Cyber Security strategy for the US, originally published in 2002 and updated in 2006.
In his position at Dow Chemical, Cosman specializes in the application of IT to all areas of manufacturing and engineering. His responsibilities include defining policies and practices, system and technical architecture, and technology management and integration planning processes for manufacturing and engineering systems globally.
With more than 30 of experience, he has held process engineering, process systems software development, telecommunications, IT operations, architecture definition and consulting positions in both Canada and the US.
Cosman has represented Dow and the chemical sector on various standards committees, industry focus groups and advisory panels. He has written and spoken on a variety of topics, such as technology lifecycle management, and the use of standards as a basis for a manufacturing information systems architecture and operational excellence.
Visit www.isaautomationweek.org to gain more details about ISA Automation Week 2013, including the full technical program, author resources, solutions providers, attendee resources, the complete conference schedule, hotel arrangements and registration. For immediate assistance, call +1 919-549-8411.
Founded in 1945, the International Society of Automation (www.isa.org) is a leading, global, nonprofit organization that is setting the standard for automation by helping over 30,000 worldwide members and other professionals solve difficult technical problems, while enhancing their leadership and personal career capabilities. Based in Research Triangle Park, North Carolina, ISA develops standards; certifies industry professionals; provides education and training; publishes books and technical articles; and hosts conferences and exhibitions for automation professionals. ISA is the founding sponsor of The Automation Federation (www.automationfederation.org).