- May 31, 2020
- Association News
- ISA and Newsweek publish cyberrisk white paper
- New CAPs and CCSTs
- Anniversary snapshot: ISA members celebrate via Zoom, Instagram
- Pledge to make a difference: #ISAGivesBack
- New certification verifies skills of mission-critical operations professionals
ISA and Newsweek publish cyberrisk white paper
Newsweek Vantage recently published an independent report on cyberrisks to critical infrastructure—and ISA served as its expert partner. Titled “Weathering the Perfect Storm: Securing the Cyber-Physical Systems of Critical Infrastructure,” the report surveyed 415 executives at critical infrastructure organizations to learn whether they are taking a holistic approach to security for operations technology (OT) and information technology (IT).
Among other takeaways, the survey found that a holistic approach is a priority for most—and that more than a third of respondents said a cybersecurity breach was the motivating factor. Key points of the report include:
- The design of a secure cyber-physical system depends on a clear threat analysis. The biggest sources of vulnerability are current and former employees—more so, even, than cybercriminals.
- A comprehensive approach to security is required to protect critical infrastructure against cyberthreats from within and without. Almost nine in 10 respondents have integrated some or all of their IT, OT, and physical systems. But this does not mean they are doing so to enhance security; only a few said this was the purpose. Instead, most aim to take advantage of the greater responsiveness and enhanced operational control that comes from a holistic approach.
The implementation of a holistic approach to securing cyber-physical systems faces both internal and external obstacles. The internal hurdles are largely the result of differing perspectives among IT and OT professionals, according to the report. Those internal hurdles were rated as the top technical and organizational obstacle. Externally, security standards for cyber-physical systems are available but not widely used.
New CAPs and CCSTs
Below is a list of individuals who have recently passed either ISA’s Certified Automation Professional (CAP) exam, or one of the three levels of Certified Control Systems Technician (CCST) exam. For more about either program, visit www.isa.org/training-and-certifications/isa-certification.
Certified Automation Professionals
- Ethan Stephens, U.S.
- Khalid Ismail, Saudi Arabia
- Jose Guevara, U.S.
Certified Control System Technicians
- Frank Giacinto, U.S.
- Lamar Atwood, U.S.
- Edward Egan, U.S.
- Robert McDonald, U.S.
- Steven Nisbet, U.S.
- Scott Okasaki, U.S.
- Michael Patton, U.S.
- Nathaniel Ross, U.S.
- Wessley Wissinger, U.S.
- Scott Breschini, U.S.
- Jonathon Chandler, U.S.
- Derrick Mire, U.S.
- David Stanford, U.S.
- Jeffrey Rodewald, U.S.
- Steve Morrison
- Manuel Aguilar Morales, Mexico
- Michael Schmoll, U.S.
Anniversary snapshot: ISA members celebrate via Zoom, Instagram
Zoom meeting happy hour. On 28 April, the date of ISA’s founding 75 years ago, Ashley Weckwerth organized a virtual happy hour over Zoom to celebrate. Invitations were sent via ISA LinkedIn groups, email, ISA Connect, and WhatsApp, and soon about 30 participants were toasting their favorite association from their desks or home offices in the U.S., Canada, Brazil, Ireland, Colombia, and elsewhere.
Pledge to make a difference: #ISAGivesBack
As part of its 75th anniversary celebration, ISA is challenging members to each give 7.5 hours in service to their community this year. The ISA Gives Back program encourages members to pledge and log the completion of service hours through the ISA 75th Anniversary website at www.isa.org/75in2020. Through 21 May, 152 hours had been pledged.
Service hours can take many forms. Members may want to consider activities specific to the coronavirus pandemic, or online opportunities that allow you to volunteer while practicing appropriate social distancing. Ideas include:
- Find or transport personal protective equipment and other supplies.
- Help your local school district get involved in the Cyber Robotics Coding Competition (CRCC.io), a cloud-based robotics competition that uses simulation of virtual 3D robots that perform complex tasks and missions.
- Build disposable face shields using hardware store items or reusable face shields or mask ear protectors using a 3D printer.
- Donate blood to local health facilities that are in need.
- Tutor students in science, technology, engineering, and math (STEM) topics through organizations like www.etutorworld.com/stem-tutoring.html.
Get other ideas for helping with neighborhood enhancement, the environment, senior citizens, special needs kids, and more at SignUpGenius.com.
New certification verifies skills of mission-critical operations professionals
By Steve Mustard
As a result of various demographic and cultural changes, there is an acute shortage of suitably qualified and experienced individuals to work in mission-critical systems design and operation. The term “mission critical” relates to any activity, system, or equipment whose failure can result in the failure of an organization’s operations. Depending on the organization, the consequences of failure can be very wide ranging.
ISA believes that mission critical applies to the operational technology (OT) that is an integral part of oil and gas, water and wastewater, electricity generation and transmission, food and beverage, and the other critical infrastructure sectors defined by the U.S. Department of Homeland Security (DHS). However, information technology (IT) systems, such as those in data centers also can be mission critical, since their failure can severely impact operations. This is especially true as businesses shift their infrastructure to cloud providers such as Microsoft, Google, and Amazon.
The Automation Federation, founded by ISA, has been working with the U.S. Department of Labor since 2008 on the development and ongoing maintenance of an automation competency model (ACM). The model identifies the knowledge and skills needed in mission-critical systems design and operation.
ISA offers a range of certifications and certificate programs that provide verification of key skills and knowledge defined in the ACM. The latest is the Certified Mission Critical Professional (CMCP) certification. This is an important certification for mission-critical professionals. It is a means to verify the knowledge required for those entering the workforce. And it ensures that new workers have the essential foundations for a successful career.
The automation competency model was used by the National Center for Mission Critical Operations to define a two-year degree program for mission-critical professionals who can enter the workforce already prepared to contribute. ISA developed the certification exam that mission-critical professionals can take to achieve independent verification of their knowledge. The certification is managed by Global Skills Exchange, a nationally recognized developer of skill standards and measurement tools.
CMCP covers seven core areas:
- Concepts – what makes mission-critical operations unique, such as the high availability demands and the conflicting demands of security and accessibility.
- Standards – what standards, regulations, and guides apply to mission-critical systems.
- Technology – what devices and systems are commonly used in mission-critical operations, such as distributed control systems, programmable logic controllers, networking equipment, and cybersecurity-related hardware and software.
- Operations – what is involved in mission-critical operations, including standard operating procedures, troubleshooting, performance objectives, monitoring, and change management.
- Safety and physical security – what professionals need to be aware of when working in mission-critical environments, including the use of personal protective equipment, lockout/tagout procedures, safety data sheets, and hazardous area classification.
- Risk management – what methodologies will be used to determine the risks associated with mission-critical operations, and how these risks will be managed.
- Emergency response – what preparation goes into ensuring that emergency situations are dealt with safely and with minimal disruption to the organization and its surrounding environment.
The CMCP credential is open to anyone who:
- Has a two-year degree (with course work in an IT or an OT field), including a minimum of six months (two quarters) of related co-op experience or an equivalent apprenticeship of at least six months.
- Two years of related work experience in a mission-critical field, such as information technology, operational technology, engineering, cybersecurity, or military.
- Any combination of the requirements above, totaling two years of experience or education, provided that the minimum requirement of six months of work experience is met.
The importance of CMCP is clear. As the 16 critical infrastructure sectors grow, demographic research reveals there will be an even greater need to fill vacancies with professionals who are fully prepared to avert and avoid any and all mission-critical threats. CMCP seeks to help validate that those working in mission-critical positions have the requisite skills and knowledge needed to handle mission-critical threats, whether they are natural disasters, manmade threats, or accidents.
Steve Mustard has been in the engineering profession for 30 years. Much of his current work involves assessing the cybersecurity readiness of critical infrastructure organizations.
We want to hear from you! Please send us your comments and questions about this topic to InTechmagazine@isa.org.