Our Black Friday Week sale is now live! Take 30% off ISA training, standards, and print books. Use code BFCM22 at checkout.

The International Electrotechnical Commission Designates ISA/IEC 62443 as a Horizontal Standard

  • November 17, 2021
  • Research Triangle Park, North Carolina

The International Society of Automation (ISA) and the ISA Global Cybersecurity Alliance (ISAGCA) are proud to announce that the International Electrotechnical Commission (IEC) has officially designated the IEC/ISA 62443 series of standards as “horizontal,” meaning that they are proven to be applicable to a wide range of different industries.

According to the IEC decision, “The IEC Technical Committee 65 (TC 65) publishes IEC 62443 for operational technology found in industrial and critical infrastructure, including but not restricted to power utilities, water management systems, healthcare, and transport systems. These horizontal standards, also known as base standards, are technology independent. They can be applied across many technical areas.”

“The ISA99 committee of the International Society of Automation (ISA) and IEC Technical Committee 65 Working Group 10 have been collaborating on the development of the ISA/IEC 62443 cybersecurity standards for industrial automation and control systems (IACS) cybersecurity for many years. While broad applicability has always been the intent, there has been a common perception that they were most appropriate for process industries such as chemicals and refining,” explained ISA99 Co-Chair Eric Cosman. “Despite that perception, there have been several examples of successful applications in other sectors, such as transportation, building automation, metals and mining, and discrete manufacturing. It’s ultimately best for users if they can rely on one set of sector-agnostic standards, and we are very happy to receive the IEC decision to designate the ISA/IEC 62443 series as horizontal standards.”

The ISA/IEC 62443 series of standards is the world’s only consensus-based cybersecurity standard for automation and control system applications. These standards codify hundreds of years of operational technology and IoT cybersecurity subject matter expertise. Using the ISA/IEC 62443 series of standards as a foundation, companies can focus on adopting security as part of the operations lifecycle, ensuring compliance with various aspects of the standards across their supply chains, and including cybersecurity in operational risk-management profiles.

“While this news might seem like a procedural detail, it will have significant implications,” said Cosman. “Various other IEC technical committees that represent the needs and interests of specific sectors will presumably base their cybersecurity-related efforts on what is in the 62443 standards, focusing on defining how they should be interpreted and applied in a given set of circumstances. This will almost certainly lead to the creation of a set of sector-specific profiles for this purpose. To help in this effort, TC65 WG10 is developing guidance on how to develop such profiles, rather than pursue sector-specific and perhaps inconsistent standards. Guidelines, frameworks, training materials, and other resources can also take on a more general focus, incorporating the needs of many sectors.”

The designation of the ISA/IEC 62443 series as a horizontal standard will have many benefits to stakeholders:

  • Asset owners who have a presence in or exposure to more than one sector will be able to align their cybersecurity programs, leveraging ISA/IEC 62443 as the one single source for the fundamental principles and requirements of automation cybersecurity
  • Automation system suppliers will be able to certify their products for a broader range of applications, using a common set of conformance specifications based on 62443
  • IEC TC 65 WG 10 and the ISA99 committee will be able to focus their efforts on collaboration and advancement of the series of standards, especially around current demands in areas such as IIoT, sensor-level security, and supply chain risks
  • The ISA Global Cybersecurity Alliance (ISAGCA) and its 50+ member companies will partner with asset owners and suppliers to build relevant, applications-focused materials to enable companies in different sectors around the world to adopt and implement the series of standards at scale

“The member companies of the ISA Global Cybersecurity Alliance have long believed in the broad applicability of the ISA/IEC 62443 series of standards,” said ISAGCA Chair Megan Samford. “We could not be more excited to see this news from IEC, because it echoes and confirms the work we’ve done. This series of standards is the only complete set of practices and security capabilities that can be applied to consistently assess and improve cybersecurity for operational technology systems, and our members stand ready to help companies all over the globe implement it successfully.”

About ISA
The International Society of Automation (ISA) is a non-profit professional association founded in 1945 to create a better world through automation. ISA advances technical competence by connecting the automation community to achieve operational excellence. The organization develops widely used global standards; certifies industry professionals; provides education and training; publishes books and technical articles; hosts conferences and exhibits; and provides networking and career development programs for its members and customers around the world.

ISA created the ISA Global Cybersecurity Alliance (isa.org/ISAGCA) to advance cybersecurity readiness and awareness in manufacturing and critical infrastructure facilities and processes. The Alliance brings end-user companies, automation and control systems providers, IT infrastructure providers, services providers, system integrators, and other cybersecurity stakeholder organizations together to proactively address growing threats.

ISA owns Automation.com, a leading online publisher of automation-related content, and is the founding sponsor of The Automation Federation (automationfederation.org), an association of non-profit organizations serving as “The Voice of Automation.” Through a wholly-owned subsidiary, ISA bridges the gap between standards and their implementation with the ISA Security Compliance Institute (isasecure.org) and the ISA Wireless Compliance Institute (isa100wci.org).

About ISAGCA

The ISA Global Cybersecurity Alliance (ISAGCA) is a collaborative forum of member companies that aim to advance cybersecurity awareness, education, readiness, and knowledge sharing industry-wide, on a global scale. The alliance’s objectives include expanding the development and use of the ISA/IEC 62443 series of standards, knowledge-sharing in an open environment, providing best practice tools to help companies secure their infrastructure, creating education and certification programs, and advocating for cybersecurity awareness and sensible approaches with world governments and regulatory bodies.

About ISAGCA Members

The ISA Global Cybersecurity Alliance is made up of 50+ member companies, representing more than $1.5 trillion in aggregate revenue across more than 2,400 combined worldwide locations. Automation and cybersecurity provider members serve 31 different industries, underscoring the broad applicability of the ISA/IEC 62443 series of standards. Current members of ISAGCA include 1898 & Co. (Burns McDonnell), ACET Solutions, aeSolutions, Baserock IT Solutions, Bayshore, Carrier Global, Claroty, ConsoleWorks, Coontec, CyberOwl, CyPhy Defense, Deloitte, Digital Immunity, Dragos, Eaton, exida, Ford Motor Company, Fortinet, Honeywell, Idaho National Laboratory, Idaho State University, ISASecure, Johns Manville, Johnson Controls, KPMG, LOGIIC, Mission Secure, MT4 senhasegura, Munio Security, Nova Systems, Nozomi Networks, PAS, PETRONAS, Pfizer, Radiflow, Redacted, Red Trident, Rockwell Automation, Schneider Electric, Surge Engineering, TDI Technologies, Tenable, TI Safe, Tripwire, TXOne Networks, UL, Wallix, WisePlant, Xage Security, and Xylem. For more information about ISAGCA, visit isa.org/isagca.