Codenomicon Defensics earns formal recognition as an ISCI CRT Tool for use in the ISASecure™ industrial control systems cybersecurity certification scheme

Research Triangle Park, North Carolina, USA  (14 November 2013) - The ISA Security Compliance Institute (ISCI) announced today that the Codenomicon ISASecure™ Testing Solution, consisting of the Codenomicon Defensics and the Codenomicon Load Testing platforms, is now recognized as an approved CRT (Communication Robustness Testing) tool for ISASecure control systems certification programs.

CRT testing tools must meet a rigorous set of ISCI requirements to ensure consistent and credible test results when utilized by the ISCI Chartered Labs for certifying industrial control systems and components.  ISCI Chartered Labs are now authorized to use the Codenomicon CRT tool for use in the communication robustness test element of ISASecure product certifications. Suppliers seeking ISASecure certifications can be confident that the Codenomicon tool will properly reflect expected CRT test results from ISCI Chartered Labs.

"We are very pleased to offer our expertise and comprehensive set of load and fuzz testing tools to the ICS community, and look forward to working with ISCI, helping stakeholders achieve better security by including robustness and load testing in their solutions," said Codenomicon CEO David Chartier.

"Codenomicon approached this project with great enthusiasm from the very beginning.  We are impressed with their offering and dedication to the ISASecure program.  We look forward to working with Codenomicon as we expand the coverage of ISASecure certifications," said Andre Ristaino, ISCI Managing Director.

Codenomicon has chosen to offer the Codenomicon Load Testing platform as a free download for anyone wishing to use the software package to load test devices for internal analysis and in preparation for the CRT element of the ISASecure certification.

"This is something we felt comfortable in releasing as a free tool to all stakeholders.  We recognize the need to elevate awareness of potential security issues, and encourage stakeholders to use the free tool to learn the value of comprehensive testing of devices used in critical infrastructure," Chartier added.

For more information about the Codenomicon ISASecure Testing Solution, contact Mike Ahmadi, Global Director of Energy and ICS Security, at [email protected]

About ISASecure™ EDSA Certification

The ISASecure™ program has been developed by the ISA Security Compliance Institute (ISCI) with a goal to accelerate industry-wide improvement of cybersecurity for Industrial Automation and Control Systems (IACS). It achieves this goal by offering a common industry-recognized set of device and process requirements that drive device security, simplifying procurement for asset owners and device assurance for equipment vendors.

ISASecure Embedded Device Security Assurance Certification (ISASecure EDSA), the first ISASecure certification, focuses on security of embedded devices and addresses device characteristics and supplier development practices for those devices. Through this certification, an embedded device that meets the requirements of the ISASecure specifications receives the ISASecure EDSA certification-a trademarked designation that provides instant recognition of product security characteristics and capabilities. ISASecure EDSA offers three certification levels for a device based on increasing levels of device security assurance: ISASecure Level 1 for Devices, ISASecure Level 2 for Devices, and ISASecure Level 3 for Devices.

The ISASecure EDSA certification is an ISO/IEC Guide 65 conformance scheme supporting ISCI's goal to operate a globally recognized industrial automation controls cybersecurity certification program. This third-party accreditation by ANSI/ACLASS enhances the credibility and value of the ISASecure certification by attesting to the competence and qualification of ISCI certification bodies and laboratories. Visit for details on the ISASecure ANSI/ACLASS accreditation process.

About the ISA Security Compliance Institute

Founded in 2007, the ISA Security Compliance Institute's mission is to provide the highest level of assurance possible for the cyber security of industrial automation control systems.

The Institute was established by thought leaders from major organizations in the industrial automation controls community seeking to improve the cyber security posture of Critical Infrastructure for generations to come. Founding Members include Chevron, ExxonMobil Research and Engineering, Honeywell, Invensys, Siemens, and Yokogawa. Key Technical Members include exida, IPA-Japan, CSSC and, RTP Corp.

The Institute's goals are realized through industry standards compliance programs, education, technical support, and improvements in suppliers' development processes and users' life cycle management practices. The Institute's ISASecure™ designation ensures that industrial automation control products conform to industry consensus cyber security standards, providing confidence to users of ISASecure products and systems and creating product differentiation for suppliers conforming to the ISASecure specification.

ISASecure EDSA Certification is a trademark of the ISA Security Compliance Institute.

ISCI press contact:
Andre Ristaino