• Recent ISA press release draws attention to ISA’s leadership in industrial cybersecurity standards and workforce development strategy

    On Thursday, 25 September 2014, ISA distributed a press release that showcased the Society’s comprehensive industrial cybersecurity standards and resources as well as its strategy to train a new wave of workers capable of leveraging these standards and resources to better protect critical infrastructure from cyberattack.

    The press release summarizes a letter 2014 ISA President Peggie Koon, Ph.D., sent to the Pell Center for International Relations and Public Policy—which has called for a unified US national workforce development strategy addressing the threats of cyberwarfare—and includes comments by ISA’s Executive Director and CEO, Patrick Gouhin.

    While a link to the press release is included in this month’s ISA Insights press release section, the significance of the content communicated merits highlighting it below.

    After all, establishing and maintaining ISA as a global authority on cybersecurity is one of the Society’s five strategic goals. Given ISA’s leadership in developing industrial cybersecurity standards (designated as the IEC 62443 series) and its diverse range of cybersecurity training courses, certification and certificate programs, publications, and conferences, the Society is well positioned to fulfill this objective.

    Included below is the core content of the press release.

    -------------------------

    ISA recently responded to a widely circulated report from the Pell Center for International Relations and Public Policy that calls for a unified US national strategy to address the serious workforce development needs presented by the multi-dimensional threats of cyber attacks.  

    While commending the Pell Center for bringing greater attention to this vital challenge, 2014 ISA President Peggie Koon, Ph.D., emphasizes in a letter to the center that a comprehensive workforce development strategy is being implemented to train and prepare those responsible for protecting the critical and industrial infrastructure that forms the foundation of modern economies, and serves as the greatest potential target of cyber terrorists and the greatest risk of potential damage from cyber attack.

    The Framework for Improving Critical Infrastructure Cybersecurity, published in early 2014 by the US National Institute of Standards and Technology, sets forth guidelines to help owners and operators involved in the critical and industrial infrastructure identify, assess and manage cyber risk. The Framework is based on the input of leading cybersecurity experts from government and multiple industry sectors.

    Cited throughout the Framework, Dr. Koon notes, is a series of standards on industrial automation and control systems security that are being developed by ISA in an international effort involving experts from more than 200 companies and organizations representing energy, water and wastewater, food and beverage processing, chemicals,  petroleum refining and other vital industry sectors. The standards, designated the ISA 62443 series, are being adopted as they are completed by the Geneva-based International Electrotechnical Commission (IEC) as the IEC 62443 series, assuring recognition by industries and governments across the globe.  

    The Pell Center report, Professionalizing Cybersecurity: A Path for Universal Standards and Status, makes the important point that the technology for combating cyber attacks is only as good as the people who develop, implement and maintain it. However, for those responsible for protecting the critical infrastructure and industrial base, the required expertise extends well beyond the tools and technology of cybersecurity, Dr. Koon points out: “They require an understanding of the engineering interactions of complex automation and control systems - in which cyber vulnerabilities exploited in sectors such as energy production and distribution, water treatment, refining and chemicals can disrupt and damage multiple sectors, with potentially severe consequences for public health and welfare, and on a vast and interconnected economy.”

    “As the leading professional association for automation and control systems engineers and practitioners, ISA represents the very people who must meet the great and challenging demands for knowledge and expertise in protecting the industrial and critical infrastructure,” states Patrick Gouhin, ISA Executive Director and CEO. 

    “ISA’s leadership in industrial cybersecurity extends well beyond the standards by leveraging the vast expertise and knowledge from the ISA/IEC 62443 program,” Gouhin adds. “This has led to programs for the training, certification, and continuing education of those who must understand the complexities and interactions of advanced automation and control systems while protecting critical infrastructure and the industrial base.”

    These programs include: 

    Professional certification and certificate programs

    • Certified Automation Professional® (CAP®) Certification, which demonstrates proficiency in all aspects of industrial automation and control systems including network and control systems security 
    • Industrial Cybersecurity Certificate Program, which demonstrates proficiency in understanding and applying the ISA/IEC 62443 international standards 
    • Study courses and preparation materials in support of the Control Systems Engineering (CSE) program, a specialized Professional Engineering (PE) license recognized in the US and administered by the National Council of Examiners for Engineering and Surveying, which includes coverage of network and control systems security  

    Competency-based workforce development 

    • The Automation Competency Model (ACM), developed by the Automation Federation, the umbrella organization of ISA, in conjunction with the US Department of Labor, establishes what individuals need to know to successfully perform the tasks required in automation occupations, including network and control systems security.

    Training classes, publications and conferences on:

    • Basic and advanced cybersecurity for industrial automation and control systems
    • Understanding and implementing the ISA/IEC 62443 standards 


    For more information, visit the ISA cybersecurity resources web page.