• May 02, 2023
  • Association News

ISA Cybersecurity Summit Debuts in Scotland

OT Cybersecurity Summit logo
ISA is hosting its new OT Cybersecurity Summit in Aberdeen, Scotland. Focused on the rapid growth of operational technology (OT) cybersecurity challenges and opportunities, the live event on 31 May and 1 June 2023 will include global perspectives on supply chain and threat intelligence. Related training sessions will be available on 29 and 30 May at the same location: the Ardoe House Hotel & Spa.

Much of the oil and gas production from the UK Sector of the North Sea is considered critical infrastructure. Because of its importance to the security and prosperity of the UK, these operations are coming under increased regulatory scrutiny. “Aberdeen is an ideal location to bring together stakeholders from across the oil and gas industry and its supply chains for a productive and informative conversation about how to identify and mitigate cybersecurity vulnerabilities,” said Claire Fallon, ISA executive director.

The OT Cybersecurity Summit is an opportunity for operators, service companies, regulators, and equipment providers to meet face-to-face. This two-track, two-day event is organized around two major topics, supply chain and threat intelligence, with additional panel discussions on supply chain risk management and understanding ISA/IEC 62443.

Megan Samford and Cheri Caddy
Megan Samford and Cheri Caddy
Keynote speakers for the event include Cheri Caddy, Deputy Director at the US Office of the National Cyber Director, and Megan Samford, Vice President and Chief Product Security Officer for Energy Management at Schneider Electric. Additional speakers include subject matter experts from Saudi Aramco; Johns Manville; US Department of Homeland Security; UK National Cyber Security Centre; UK Department of Digital Culture, Media, and Sport; ENGIE Electrabel; and Au2mation.

“The ISA community is comprised of the world’s leading voices on industrial cybersecurity, and we are proud to have developed ISA/IEC 62443, the standard behind the most robust and secure operational technologies,” said Fallon. “The ISA OT Cybersecurity Summit stands apart from other cybersecurity events as a venue where attendees can gain practical knowledge about the standard and best practices for its implementation."

In addition to developing and maintaining the ISA/IEC 62443 standards, ISA offers training and credentialing on cybersecurity; certifies products, processes, and systems through its ISASecure certification; and raises awareness about the importance of OT cybersecurity through its membership consortium, the ISA Global Cybersecurity Alliance (ISAGCA).

ISA Business Academy: Delivering a Mini-MBA for Automation Professionals

ISA has announced its newest resource for ISA members: a 10-week, fully virtual program with content based on an MBA curriculum. The ISA Business Academy is designed for current and future leaders of the automation industry to master the skills of organizational leadership, people management, and business finance.

The ISA Business Academy program includes more than 20 hours of video, a private learning community, and a resources library. After joining the ISA Business Academy, students receive access for a year to:

  • 6 hours of live facilitated expert coaching
  • More than 350 modules within the self-paced online learning
  • Connection to a cohort of fellow business leaders
  • Downloadable companion worksheets and materials
  • 20 interactive tools for implementing what is learned
  • “Knowledge checks” to build competency
  • Access to video modules and additional resources

ISA Business Academy is a fully virtual program designed for automation professionals who want to improve their organizational leadership, people management, and business finance skills.
ISA Business Academy is a fully virtual program designed for automation professionals who want to improve their organizational leadership, people management, and business finance skills.
ISA is known for its world-class training and quality instructors. ISA Business Academy instructors include automation business expert Eddie Habibi and automation finance expert Scott Reynolds, PE, CISSP.

ISA Executive Board Member Eddie Habibi founded and led PAS, an industrial automation software company, through 2020. He is the co-author of two popular best-practices books on industrial operator effectiveness: The Alarm Management Handbook and The High-Performance HMI Handbook. Prior to establishing PAS, Habibi held various positions at Schlumberger and Honeywell International. He holds an Engineering degree from the University of Houston and an MBA from the University of St. Thomas.

ISA Past-Treasurer Scott Reynolds is an experienced IT/OT manager with a demonstrated history of working in both municipal and manufacturing environments with a focus on industrial cybersecurity. Scott is passionate about IT/OT collaboration, workforce development, strategic planning, and development of reasonable and useful corporate standards for process control networks. His current role is as senior security and networking engineering manager at Johns Manville in Denver.

ISA created the ISA Business Academy with the help of John Cioffi, who has spent 30 years coaching hundreds of clients to success through his GoalMakers “master manager” programs. Cioffi previously ran a subsidiary of Amoco Oil and held executive positions at several other companies. He received his MBA from The Wharton School and holds a Master’s from Dartmouth.

The first 20-week program begins 31 August 2023. More information is available on the website.

International Automation Professionals Celebrated in April

For the second year in a row, the International Society of Automation (ISA) honored automation professionals with a digital celebration through the entire month of April.

Each year, ISA and its global community celebrate 28 April as International Automation Professionals Day. The day commemorates ISA’s founding on 28 April 1945, and celebrates the wide range of folks engaged in industrial automation and cybersecurity that the association serves.

Because this is a digital celebration, automation professionals around the world participated in International Automation Professionals Day all month long. Career-established individuals, entry-level personnel, and automation students were encouraged to engage with ISA on social media (#IAPD or #AutomationProDay) with images and testimonials that feature them on the job, studying for their automation-related major, or giving statements about why they enjoy their line of work and why they believe automation is changing the world.

ISA Executive Director Claire Fallon said that the automation field is vital to many sectors, and the day celebrates the hard work of professionals who are instrumental in keeping society safe and secure.

“I want all automation professionals to know that they make the world a better place,” she said. “Because of them, the world is safer, more efficient, and more effective. Professionals are the people, not the machines, that creatively look at a problem and tenaciously tackle it from every angle until the best solution is found.”

ISA President Marty Bince said that those in automation play a vital factor in life’s modern-day conveniences, and he is happy to highlight their achievements. “This will be a time to celebrate all the outstanding opportunities that automation professionals have and the contributions they make,” he said. “From power production to smart manufacturing, instrumentation, and digitalization, automation professionals play a crucial role in ensuring the reliability, safety, efficiency and competitiveness of our businesses for all the things that make life wonderful.”

ISA Security Compliance Institute Welcomes IriusRisk SL

The ISA Security Compliance Institute (ISASecure) announced that IriusRisk SL has joined ISCI as a Technical Member in support of the ISASecure Cybersecurity Conformance Scheme.

IriusRisk has worked with several organizations to help them overcome the complexity of manual threat modeling with the IriusRisk Automated Threat Modeling platform, an automation engine that incorporates extensive security standards and integration with major issue trackers. As a result, engineering teams using the platform have access to a selfservice tool for designing secure applications.

Andre Ristaino, ISA Managing Director of Consortia and Conformance Programs, said, “Companies like IriusRisk are key to enabling adoption of the ISA/IEC 62443 standards for supplier companies. Commercial tools that simplify the threat analysis and compliance tasks during product development remove barriers to applying the ISA/ IEC 62443 standards.”

The ISASecure certification program is an industry-led effort by leading stakeholders in the process industry. It assesses ICS products and systems to ensure that they are robust against network attacks, free from known vulnerabilities, and meet the security capabilities defined in the ISA/IEC 62443 standards.

Charles Marrow, Head of Center of Excellence at IriusRisk, considers ISCI’s pursuit of better security standards across a broad range of industries “important work.”

“All organizations operating in the industrial, automotive, transport, and medical industries should be doing [threat modeling and risk assessments] on a regular basis, building in security from the very beginning of the software development lifecycle,” Marrow said.

ISA Standards and the International Standards System

ISA actively participates in the world’s primary international standards system as sanctioned by the United Nations and operated by the Geneva-based International Electrotechnical Organization (IEC) and International Organization for Standardization (ISO). This relationship with IEC and ISO adds a layer of complexity to the sometimes confusing world of standards. InTech asked ISA Senior Director of Standards Charley Robinson to explain.

Much of the confusion arises from the fundamentally different member structures nvolved in ISA standards development, as opposed to IEC/ISO. Participation in ISA standards is based strictly on individuals and is open to automation professionals from any country, not just the United States. IEC and ISO programs, in contrast, are based on participation by and through countries acting as single members.

That difference means that ISA cannot participate directly in the IEC/ISO systems, but rather must channel its input through a specific country to do so. That country is the United States by way of the American National Standards Institute (ANSI). ISA is accredited by ANSI to develop industry standards following approved processes that ensure openness and balance. ISA is one of 250+ standards developing organizations based in the United States, such as ASTM, ASME, and UL, that are accredited in this way by ANSI.

In relation to the IEC and ISO, ANSI serves as the official “national standards body” of the United States. That is, ANSI acts as the official representative (“National Committee”) to the IEC and ISO of those 250+ accredited U.S. standards developers. Similarly, other IEC and ISO members are the national standards bodies of participating countries such as Brazil (ABNT), the UK (BSI), Japan (JISC), Canada (SCC), and Germany (DKE).

Because of the topic division between the IEC and ISO, ISA’s primary areas of standards development are covered by the IEC. Through ANSI as the “US National Committee to the IEC,” several ISA standards series have been submitted to the IEC to become the basis of major IEC standards series with the same titles (see box for a list).

This development of ISA standards into IEC standards is the primary, but not only, means of interaction between ISA and IEC—occasionally, ISA standards committees decide, through review and voting, that existing IEC standards are suitable for adoption (sometimes with modification) as ISA standards. For example, in 2018, the ISA84 committee adopted IEC 61511-2016 (which had been developed by IEC committee SC65A with substantial input from ISA84 members) as ISA-61511.

This type of adoption of an IEC standard by an ISA committee can create another source of confusion for ISA members. A major attraction and benefit of ISA membership is free viewing of ISA-copyrighted standards. However, when ISA standards committees decide to adopt an existing IEC standard as an ISA standard, such as the example of ISA84 and IEC 61511), the controlling copyright of the adopted standard (ISA-61511 in the example) remains with the IEC. For that reason, ISA members do not have free viewing access to IEC standards that have been adopted by ISA (ISA-61511 in the example). This restriction, which applies only to the small number of ISA standards adopted from the IEC, is driven by copyright law.

Have more questions about standards? Visit the website.

ISA Standards That Are Also IEC Standards

  • IEC 62682: Management of Alarm Systems for the Process Industries (ISA-18)

  • IEC 61511: Functional Safety—Safety Instrumented Systems for the Process Industry Sector (ISA-84)

  • IEC 61512: Batch Control (ISA-88)

  • IEC 62264: Enterprise-Control System Integration (ISA-95)

  • IEC 62443: Security for Industrial Automation & Control Systems (ISA-99)

  • IEC 62734: Wireless Systems for Industrial Automation (ISA-100)

  • IEC 63303: Human-Machine Interfaces for Process Automation Systems (ISA-101)

Reader Feedback

We want to hear from you! Please send us your comments and questions about this topic to InTechmagazine@isa.org.

Like This Article?

Subscribe Now!

About The Author