HomeProducts & ServicesStandards

Security committee sets goals at May meeting

The ISA99 Industrial Automation and Control Systems (IACS) Security met this month at the National Institute of Standards and Technology (NIST) in Gaithersburg, Maryland, to assess the current status of committee work products, and establish objectives and goals for the next 12 to 24 months. Several committee work groups expect to issue new or revised drafts for review, comment and a possible ballot by the end of 2012. To do this, the committee first needs to define, understand, and accept some Fundamental Concepts, addressing a few questions as a the basis for the more detailed standards. Some of these questions include:

• How is the security of instrumentation and control system (IACS) security related to and different from “typical” IT security?
• What are the steps or phases in the lifecycle for IACS security?
• What are zones and conduits, and how do I define them for my networks?
• How are security levels defined and applied?

The committee has standards and technical reports in various stages of development, ranging from preliminary drafts to approved committee drafts and published documents. The committee’s work plan includes provisions for sharing activities and results with other groups, including but not limited to the International Instrument Users Association (WIB), the International Organization for Standardization (ISO), and the International Electrotechnical Commission (IEC). The intent is to draw on these relationships to produce a single set of standards, addressing the subject of IACS security.

Check our Wiki site for more notes from the meeting, discussions of the above concepts, and detailed information about our plans and directions at http://isa99.isa.org. Visit the site often, review our materials, and submit questions or comments. We would love to hear from you!