This content is courtesy of Automation.com
- ISA Global Cybersecurity Alliance debuts
- In memoriam
- New ISA book identifies ‘hackable scenarios’ to protect against industrial cyberattack
- Process Industry Conference focuses on oil, gas, chemical company challenges
ISA, which developed the ANSI/ISA 62443 series of automation and control systems cybersecurity standards adopted by the International Electrotechnical Commission and endorsed by the United Nations, has created an open, collaborative forum to advance cybersecurity awareness, readiness, and knowledge sharing.
Industrial sectors, including manufacturing, commercial buildings, and critical infrastructure facilities, need to explore new ways to better prevent, mitigate, and respond to catastrophic threats and attacks on their safety- and mission-critical assets, operations, and applications. The ISA Global Cybersecurity Alliance will bring together a global group of stakeholders from end-user companies, control system vendors, information technology (IT) and operational technology (OT) infrastructure providers, system integrators, and others affiliated with global industry.
"Several leading automation and other technology providers have engaged ISA to explore how they can work with us to proactively increase awareness and adoption of cybersecurity best practices, standards, and compliance in all relevant sectors," said ISA executive director Mary Ramsey. "As an independent nonprofit organization dedicated to improving operational excellence, ISA is uniquely able to fulfill the need for open, collaborative discussions and knowledge sharing."
Among its defined objectives, the Global Cybersecurity Alliance will work to proliferate adoption of and compliance with global standards. The acceleration and expansion of standards will help address technology-related gaps and set best practices for managing processes within an open architecture, said Ramsey. The Alliance will also develop certification and education programs for industry professionals, drive advocacy and thought leadership, and facilitate new levels of knowledge sharing among its members. Member companies will identify and prioritize initiatives, ensuring that the alliance's approach is multifaceted.
"The ICS cybersecurity threat landscape is becoming more complex, with more direct attacks on control system, IT, and OT infrastructure," said Larry O'Brien, vice president of research for ARC Advisory Group. "Frequently backed by hostile nation-states, malevolent actors are becoming more sophisticated at targeting specific aspects of industrial control systems that have the potential to wreak havoc in the physical world, such as process safety systems. Standards and frameworks are valuable, but end users also need the resources to take the guidance provided by standards and put it into practice in real-world plant and OT environments. ARC applauds this effort to increase the security of industrial facilities."
ISA plans to announce the initial members of the Global Cybersecurity Alliance in late July, and end users, companies, and industry organizations are invited to join. For more information, visit https://isaautomation.isa.org/cybersecurity-alliance.
Louis Grover Good, former ISA president and lifetime member of The Instrument Society of America (now The International Society of Automation), and The American Society of Mechanical Engineers, died on 7 July 2019. He was 97 years old.
Born 7 August 1922 in Glen Alum, Mingo County, W.Va., Good served as ISA regional vice president, vice president, and treasurer, before becoming president in 1981. He also was elected a Fellow in The British Institute of Measurement and Control. After President Nixon opened the door to China, Good led a delegation of engineers to meet with The Chinese Instrument Society with a goal of technology exchange.
Good served in the U.S. Army during WWII in England, France, and Belgium and was honorably discharged in 1946 with the rank of first sergeant. During his tour of duty, he invented a multistage orifice flowmeter used for fuel flow measurements by the U.S. Army's Armored Tank Division to ready tank performance for desert and artic conditions.
Good graduated from Virginia Tech in 1948 with a degree in mechanical engineering. He also attended West Virginia University, the University of Kentucky, and did graduate work at Northwestern University.
Good was formerly employed by the North Carolina Pulp Co. in Plymouth, N.C. as an instrument engineer, and later became vice president of Panellit Service Corp. in Skokie, Ill. He founded Systems Service Corp. and Control Industries of Charlotte, N.C. in 1961. He also founded Good Equipment Company in Marion, N.C., and Hickory, N.C. He retired in 1989. His hobbies were playing bluegrass music, hunting, and fishing.
Good, preceded in death by his wife of 69 years, Helen Mae Bailey Good, is survived by a son, daughter-in-law, daughter, son-in-law, and numerous grandchildren and great grandchildren. Donations in his memory can be made to Tragedy Assistance Program for Survivors, Inc. (TAPS).
Today's industrial automation and control systems deliver much-improved performance and features compared to their analog counterparts, but also come with more vulnerability to cyberattack. Security PHA Review for Consequence-Based Cybersecurity is a new book published by ISA that provides an easy-to-follow, cost-effective methodology for safeguarding critical infrastructure and process industry facilities from cyberwarfare and other forms of cyberrisks.
The book illustrates how a security process hazards analysis (PHA) review identifies hackable scenarios, ranks them appropriately, and pinpoints nonhackable safeguards, such as relief valves and current overload relays, that are not vulnerable to cybersecurity threats. It was written by Edward Marszal, PE, and James McGlone, two globally recognized experts in process safety, industrial cybersecurity, and the ISA/IEC 62443 series of industrial automation and control systems security standards.
McGlone says he and his co-author were prompted to write the book because "industry and cybersecurity practitioners are still unsure of what to do and why. The prevailing approach in industrial cybersecurity focuses on network devices such as computers, Level 3 switches, and firewalls instead of on the processes and machines that could be damaged or cause damage if control is lost," he says.
By analyzing the cause of and safeguards for cybersecurity weaknesses, it is possible to determine consequences, says McGlone. "Any consequence that is not protected by existing safeguards or that can be caused by a cybersecurity attack is assigned an ISA/IEC 62443-based security level target to be implemented, or it is assigned an alternative safeguard or redesign to eliminate all or some of the cybersecurity risk," he explains.
Focusing on hazard and operability study designated scenarios, it is possible to identify hackable scenarios, rank them appropriately, and design nonhackable safeguards, such as relief valves and current overload relays that are not vulnerable to the cybersecurity threat vector. "Where inherently secure safeguard design is not feasible, the appropriate cybersecurity countermeasures must be deployed," says McGlone.
The modifications or redesign may involve choosing a different type of technology to remove the cyberattack vulnerability. In many cases, the fix involves "a device with a spring or gear instead of a microprocessor," he adds. For more information or to order the book, visit www.isa.org/securitypha.
The best and brightest minds in the process industries will return to Houston this fall to present solutions to the most pressing challenges in energy processing and process manufacturing. ISA's 2019 Process Industry Conference will be held 4-6 November at The Westin Houston Memorial City. It is designed for engineers, automation professionals, business owners, and others in the midstream and downstream sectors of the oil, gas, and chemical industries.
This year's event has been expanded to deliver more comprehensive technical content and best-practice advances, particularly in the areas of instrumentation/control; cybersecurity and safety systems; open architecture and infrastructure; and operational improvement.
ISA is proud to have representatives from the following organizations participating as part of this year's event. Each entity will be providing sessions and subject-matter experts unique to their missions:
- The Society for Underwater Technology (www.sut.org)
- The Open Process Automation Forum (www.opengroup.org)
- The Center for Operator Performance (www.operatorperformance.org)
Early bird registration discounts and special hotel rates are available. To register or find out more information, visit the conference website, https://isaautomation.isa.org/pic2019/#about.
We want to hear from you! Please send us your comments and questions about this topic to InTechmagazine@isa.org.