New ISA white paper outlines what executives need to know about industrial cybersecurity

  • January 26, 2016
  • Research Triangle Park, North Carolina

Results of a recent survey by the Pew Research Center predicted that a major industrial cyberattack will occur in the US sometime within the next 10 years that will cause “widespread harm”—defined as significant loss of life or property losses/damage/theft in the tens of billions of dollars.

Despite these types of expert predictions and ongoing calls for improved security, not nearly enough is being done in the US and around the world to implement basic industrial cybersecurity measures, most notably best-practice standards, and reinforce them through proper staff training.

One reason for this is many corporate and industry executives are not fully aware of the real-world risks and dangers associated with industrial cyberattack as well as the critical differences between IT cybersecurity and operational technology (OT) cybersecurity.  

To improve industrial cybersecurity understanding and awareness, the International Society of Automation (ISA) has developed a new white paper, "What Executives Need to Know About Industrial Control Systems Cybersecurity." The white paper was written by Joseph Weiss, PM, CISM, CRISC, a widely recognized industry expert on control system cybersecurity who has advised the US Congress on the growing threat of industrial cyberattack.

Weiss, Managing Partner of Applied Control Solutions, LLC, also serves as Managing Director of the ISA99 standards development committee, which has established the world’s only consensus-based series of industrial cybersecurity standards (ISA/IEC 62443). The ISA99 committee includes a cross-section of international cybersecurity subject-matter experts from industry, government and academia.

“Today’s operational technologies—such as sensors, SCADA systems, software and other controls that drive modern industrial processes—are vulnerable to cyberattack. The risk of serious damage or compromise to power and chemical plants, oil and gas facilities, chemical and water installations and other vital critical infrastructure assets is real,” states Patrick Gouhin, ISA Executive Director and CEO. “This new white paper provides clarity on the fundamental issues and challenges to consider and delivers a cogent rationale for implementing a comprehensive industrial cybersecurity plan.”

Learn more about the entire spectrum of ISA industrial cybersecurity resources, including training, certificate programs, books, articles and other publications, by visiting ISA’s Cybersecurity Resources web page.

More about ISA/IEC 62443

The ISA/IEC 62443 set of standards define requirements and procedures for implementing electronically secure automation and control systems and security practices, and assessing electronic security performance.

Representing a comprehensive approach to cybersecurity, the ISA/IEC 62443 series of standards are designed to prevent and mitigate industrial control system security vulnerabilities across all key industry sectors and critical infrastructure. Reducing these vulnerabilities is crucial since they can open the door to potentially devastating cyber damage to the industrial plant systems and networks used in power generation, water treatment, refineries and other essential industrial facilities.

The ISA/IEC 62443 cybersecurity standards are integral components of the US government’s current and future plans to combat industrial cyberattack.

More about the author

Joseph Weiss provides strategic consulting to optimize and secure Industrial Control Systems (ICSs). A widely acclaimed expert and author on industrial cybersecurity, he serves as a member of numerous organizations related to control system security and has published more than 100 papers on instrumentation, controls, and diagnostics.

Weiss was recently featured in the NOVA documentary, CyberWar Threat, which was broadcast on PBS in October 2015.

Visit the Applied Control Solutions website to learn more about his extensive and well-documented expertise in ICS.

About ISA

The International Society of Automation ( is a nonprofit professional association that sets the standard for those who apply engineering and technology to improve the management, safety, and cybersecurity of modern automation and control systems used across industry and critical infrastructure. Founded in 1945, ISA develops widely used global standards; certifies industry professionals; provides education and training; publishes books and technical articles; hosts conferences and exhibits; and provides networking and career development programs for its 40,000 members and 400,000 customers around the world.

ISA owns, a leading online publisher of automation-related content, and is the founding sponsor of The Automation Federation (, an association of non-profit organizations serving as "The Voice of Automation." Through a wholly owned subsidiary, ISA bridges the gap between standards and their implementation with the ISA Security Compliance Institute ( and the ISA Wireless Compliance Institute (