News about NIST

    Pat Gouhin, Executive Director and CEO of ISA, was invited to speak at a recent National Institute of Standards and Technology (NIST) Cybersecurity Framework workshop hosted by the Automation Federation at North Carolina State University in Raleigh, NC, USA.  Gouhin noted the collaborative work between the ISA-99 standards committee and the IEC to develop globally recognized cybersecurity standards. He advocated a two-part approach to industrial cyber security, beginning with voluntary industry adoption of industrial cybersecurity standards and complemented by standards conformance certification programs. As a starting point, asset owners can insist upon products and components that have been certified to those standards by including the ISASecure certification requirements in their procurement specifications.

    The recent NIST workshop is the latest in a series established to engage stakeholders in the drafting of the preliminary Cybersecurity Framework called for by President Obama. At NIST's request, both ISA and its sister organization, the Automation Federation, have served as advisors to the US government in the development of the framework draft and have actively participated in all NIST workshops. 

    ISCI adds new members

    The Control System Security Center (CSSC) in Sendai, Japan recently joined the ISA Security Compliance Institute (ISCI) as an Associate member. CSSC, already on track to become an ISCI Chartered Lab, recognized the value of participating in the development of ISASecure certification requirements.  As an ISCI member, CSSC can contribute to future ISASecure certification schemes and provide recommendations for improving existing ISASecure certifications.

    Codenomicon, a Finland-based cybersecurity testing products and consulting services company, has joined ISCI as a technical member. The founders of Codenomicon-Ari Takanen, Rauli Kaksonen, and Mikko Varpiola-were researchers in the 1990's at VTT Technical Research Centre of Finland  and the University of Oulu in Finland, two institutes whose work has become foundational for much of today's protocol testing.

    ISASecure Program Update: New tool available for ISASecure Communications Robustness Testing (CRT)

    The ISA Security Compliance Institute (ISCI) recently announced that the Codenomicon ISASecure™ Testing Solution, consisting of the Codenomicon Defensics and the Codenomicon Load Testing platforms, is now recognized as an approved CRT (Communication Robustness Testing) tool for ISASecure control systems certification programs. The ISCI CRT tool recognition process ensures that all recognized tools provide consistent and credible test results when utilized by the ISCI Chartered Labs for certifying industrial control systems and components. 

    In support of its global initiatives for reducing cybersecurity risk in critical infrastructure, Codenomicon now offers their Codenomicon Load Testing suite as a free download for internal cybersecurity analysis and CRT testing. 

    Cybersecurity a consistent theme at ISA Automation Week 2013

    Significant trends and advances in cybersecurity were highlighted at ISA Automation Week 2013, held recently in Nashville, Tennessee, USA. Andre Ristaino, the Managing Director of the Automation Standards Compliance Institute (ASCI), delivered a presentation that showcased the ISASecure Program  and covered the global adoption of ISASecure specifications and conformance schemes.  The presentation included a high-level description of the recently announced system-level product certification called the System Security Assurance (SSA)  and the organizational cybersecurity lifecycle process certification called Security Development Lifecycle Assurance (SDLA).

    Presentations mentioned in this article and additional information about ISCI and ISASecure can be found at www.isasecure.org.