ISA publishes white paper designed to help small- and medium-sized businesses recognize their risks of industrial attack and develop an effective cybersecurity plan

  • June 24, 2017
  • Research Triangle Park, North Carolina

The International Society of Automation (ISA), at the request of the US Department of Homeland Security, has developed a white paper designed to help small- and medium-sized businesses (SMBs) recognize their vulnerability to industrial cyberattack and forge an effective cybersecurity plan based on established standards and practices.

“Effective cybersecurity management is essential for all organizations, regardless of size,” emphasizes Bill Joss, ISA’s Senior Business Development Manager. “However, most medium- and smaller-sized companies that manage industrial processes and employ some level of automation are unaware of the cyber-risks they face, and are not adequately prepared to implement the proven cybersecurity standards and practices that are available to them.”

“Industrial Cybersecurity for Small and Medium Sized Businesses” leverages ISA’s in-depth knowledge of industrial automation and control systems (IACS) and subject-matter expertise in industrial cybersecurity.

“SMBs need to fully understand their cybersecurity risk and take action to reduce this risk, just as they do with other business risks,” Joss says. “The absence of previous incidents, or the belief that the organization is not a likely target, is not sufficient justification for ignoring this issue.”

SMBs—just like large manufacturing operations—are at risk from a wide variety of threats, including amateur and professional hackers, environmental activists, disgruntled employees or contractors and even nation states or terrorists. In addition, many cybersecurity incidents are a result of accidents or unintentional actions. A company does not have to be a specific target to be affected.

The white paper provides a thorough overview of industrial cybersecurity, covering:

  • Risk assessment
  • Essential cybersecurity initiatives, including: Identification, Protection, Detection, Response and Recovery
  • Awareness and training
  • Continuous improvement
  • Additional references

The document was co-written by two prominent ISA cybersecurity experts: Steve Mustard, a consultant who has developed cybersecurity management systems, procedures and training for many critical infrastructure organizations throughout the world; and Eric Cosman, a manufacturing operations and control systems consultant and Co-Chair of the ISA99 Committee on industrial cybersecurity standards and practices.

For more information

To learn more about the ISA/IEC 62443 series of cybersecurity standards, ISA cybersecurity training and certificate programs, and ISA’s wide range of industrial cybersecurity resources, click here or contact Heidi Cooke, Sr. Learning Consultant, at +1 -919-990-9405 or via email at

About ISA’s global leadership in industrial cybersecurity

ISA protects the IACS used in critical infrastructure and manufacturing from potentially catastrophic cyberattack through its ISA99 (ISA/IEC 62443) series of security standards—the world’s only consensus-based series of industrial security standards.

Because most IACS are not designed to ensure resilience against cyber warfare, an IACS cyberattack can impair and disable safe operations of industrial facilities. The consequences—which can include plant shutdowns, widespread power blackouts, explosions, chemical leaks, and more—can place national and economic security as well as lives, personal safety and the environment at risk.

As a flexible framework for addressing IACS security weaknesses across all key industry sectors, the ISA/IEC 62443 series are integral components of the US government’s current and future plans to combat industrial cyberattack.

ISA has harnessed its standards to develop a comprehensive set of industrial cybersecurity training courses and aligned certificate programs—covering the complete lifecycle of IACS assessment, design, implementation, operations and maintenance.

For the past two years, the US National Guard has contracted with ISA to provide industrial cybersecurity training at its national Cyber Shield cyber-operations exercises. These exercises are designed to develop, train and test cyber-capable forces of the Army National Guard, Air National Guard, and U.S. Army Reserve cyberspace operations personnel and threat analysis and response teams.

About ISA

The International Society of Automation ( is a nonprofit professional association that sets the standard for those who apply engineering and technology to improve the management, safety, and cybersecurity of modern automation and control systems used across industry and critical infrastructure. Founded in 1945, ISA develops widely used global standards; certifies industry professionals; provides education and training; publishes books and technical articles; hosts conferences and exhibits; and provides networking and career development programs for its 40,000 members and 400,000 customers around the world.

ISA owns, a leading online publisher of automation-related content, and is the founding sponsor of The Automation Federation (, an association of non-profit organizations serving as "The Voice of Automation." Through a wholly owned subsidiary, ISA bridges the gap between standards and their implementation with the ISA Security Compliance Institute ( and the ISA Wireless Compliance Institute (