• ISA Security Compliance Institute (ISCI)

    ISASecure Program Update - ISCI just released a System level cybersecurity certification and announced upcoming availability of a cybersecurity development and support lifecycle processes certification.

    The ISA Security Compliance Institute (ISCI) announced availability of a system-level cybersecurity certification for industrial automation and control systems (IACS) products at the February 2014 ARC World Forum in Orlando, FL. ISCI also announced Q2 2014 availability of an organizational certification which ensures that suppliers are following cybersecurity development and support lifecycle processes for IACS products. 

    The new product certification is the System Security Assurance (ISASecure SSA) which assesses the cybersecurity of off-the-shelf industrial control systems and certifies conformance to IEC 62443-3-3. The objective of this certification is to ensure cybersecurity robustness for off-the-shelf control systems and to certify that the systems are free from known vulnerabilities. The SSA program description and certification specifications are available for download in PDF format from the ISCI website at www.isasecure.org.

    The new organizational certification is the Security Development Life Cycle Assurance (SDLA) certification which ensures that a supplier's product development organization has institutionalized cybersecurity into their product development and support lifecycle processes and follows them consistently on an ongoing basis. The objective of this certification is to ensure that cybersecurity is designed into IACS products from the beginning and is followed throughout all product development and support lifecycle phases.

    ISCI has been certifying embedded devices under the Embedded Device Security Assurance certification (ISASecure EDSA) scheme. EDSA, the first ISASecure certification, assures cybersecurity for off-the-shelf embedded devices and lists certified devices from prominent suppliers such as Honeywell and Yokogawa.

    The ISASecure™ program has been developed by the ISA Security Compliance Institute (ISCI) with a goal to accelerate industry-wide cybersecurity improvement for IACS. ISASecure certifications are based upon international cybersecurity standards including the IEC 62443 series, ISO 27001 and other relevant industry-consensus standards.   

    The ISASecure IACS cybersecurity certification program is an ISO/IEC Guide 65 conformance scheme supporting ISCI's goal to operate a globally recognized IACS cybersecurity certification program. Independent third-party accreditation by IEC accreditation bodies (AB), such as ANSI/ACLASS and JAB, ensures the credibility and value of the ISASecure certification by objectively attesting to the competence and qualification of ISCI certification bodies (CB) and laboratories.

    Supplier organizations are encouraged to contact an ISASecure-accredited lab for details on these new certifications and the steps for certifying IACS products and their organization's product development and support lifecycle processes. 

    Yokogawa Achieves ISASecure™ certification for Safety Instrumented System

    Yokogawa recently received the ISASecure™ EDSA certification for its ProSafe-RS safety instrumented system.  To satisfy customers who are increasingly careful to check a products cybersecurity features prior to purchasing SIS products, Yokogawa choose the ISASecure™  program, and the EDSA certification.  The EDSA certification provides proof that the ProSafe-RS system is robust against cybersecurity threats. 

    First released in February 2005, the ProSafe-RS safety instrumented system helps prevent accidents by detecting abnormal conditions in plant operations and initiating emergency actions such as plant shutdown. Unlike conventional safety instrumented systems and distributed control systems, which are regarded as having different roles and functions and operate separately, the operation of ProSafe-RS and Yokogawa's CENTUM series integrated production control system can be fully integrated.  For more details about ProSafe-RS, please refer to the following website.  http://www.yokogawa.com/iss/iss-en_safty001.htm

    ISCI Membership Grows

    Globecomm, a pioneer in the design and integration of high quality satellite communications systems, has joined ISCI as an informational member and Aramco Services, the North American arm of Saudi Aramco joined ISCI as a technical member in Q4 2013.