UL panel upholds ISA appeal of UL cybersecurity standard

An appeal panel formed by Underwriters Laboratories (UL) has ruled in favor of an ISA appeal against a UL cybersecurity standard. ISA's appeal was brought against UL 2900-2-2, Standard for Software Cybersecurity for Network-Connectable Devices, Part 2-2: Particular Requirements for Industrial Control Systems, for which UL was seeking approval as an American National Standard. ISA's successful appeal means the UL standard will not gain that status at this time.

ISA's appeal was driven by an underlying principle of standards development-to avoid burdening users with overlapping and duplicating standards from different standards developers. Based on reviews by cybersecurity experts, ISA was concerned about UL overlap with the ISA/IEC 62443 series of standards, which are developed by the ISA99 standards committee as American National Standards with simultaneous review and adoption by the Geneva-based International Electrotechnical Commission (IEC). ISA99 draws on the input of cybersecurity experts from across the globe in developing the widely used standards, which are applicable to all industry sectors and critical infrastructure.

ISA's successful appeal asserted that UL failed to follow a key clause in the UL accredited standards procedures that is intended to prevent duplication and overlap. Prior to the appeal, UL had acknowledged that it missed earlier opportunities to identify potential overlap and duplication.

Without approval as an American National Standard, the UL standard will not be eligible to become an internationally recognized standard through the IEC. IEC leaders from TC65, the primary IEC committee working with ISA99, had previously indicated that the UL standard would have a very low chance of achieving that status in any event.

The ISA/IEC 62443 series is cited throughout the U.S. NIST Cybersecurity Framework. In late 2018, the United Nations Economic Commission for Europe confirmed it will integrate the ISA/IEC 62443 series in its Common Regulatory Framework on Cybersecurity, which will serve as an official UN policy position statement for Europe.

For information on the ISA/IEC 62443 standards and related training and learning resources, contact Eliana Brazda, ISA Standards, ebrazda@isa.org.

Have an idea for an ISA standard, book, training course, conference topic, or other product or service? Send it to idea@isa.org.

More Standards

United Nations commission to integrate ISA/IEC 62443 into Cybersecurity Regulatory Framework

Updated fire and gas technical report completed by ISA84

ISA to provide end-user perspective in new smart manufacturing program

2018 ISA Standards Department award winners

New ISA/IEC 62443 standard specifies security capabilities for control system components

ISA84 approves IEC 61511, moves ahead on key supporting guidelines

Alarm Philosophy Technical Report supports ISA-18 standard

New ISA99 standard on developing products that are cybersecure by design

Awards cap productive year for ISA standards

New ISA guidelines for managing a calibration program

New ISA technical report on work processes in continuous process automation

Hazardous area installation challenges and solutions

See all Standards Articles

Your Thoughts

Please feel free to send your thoughts about this topic to Bill Lydon at InTechmagazine@isa.org.