- February 07, 2023
- Durham, N.C.
First-of-its-kind program aims to demonstrate operating site compliance with the international standard ISA/IEC 62443
Today, the International Society of Automation (ISA), along with the ISA Security Compliance Institute (ISCI), has announced its intention to create an all-new conformity assessment scheme for automation systems deployed at operating sites—a critical and long overdue addition to the landscape of operational technology (OT) cybersecurity solutions.
Based on the world’s only consensus-based automation and control systems cybersecurity standards—ISA/IEC 62443—the OT cybersecurity site assessment scheme will apply to all types of automation and control systems in industries ranging from traditional process industries to critical infrastructure such as oil and gas, chemicals, and water/wastewater.
Suppliers have broadly adopted the leading international standard for OT cybersecurity, ISA/IEC 62443, as well as its certification scheme, ISASecure, for commercial off-the-shelf (COTS) automation and control system products and supplier’s security development practices. ISASecure recently released an IIOT component and gateway certification program (ICSA) to remain current with new technology advances. However, asset owners and plant managers have yet to coalesce around a single cybersecurity assessment scheme for OT deployed at operating sites, relying instead upon a patchwork of third-party specifications that may not promote industrial control system (ICS) security best practices, leaving operating sites vulnerable.
“The proposed site assessment scheme will have a critical role in the OT cybersecurity landscape—the automation systems at the operating site itself,” said Brandon Price, ExxonMobil Senior Principal Engineer for ICS Cybersecurity and current ISCI Board Chairman. “This standards-based program is unique, and we anticipate it will become the global specification used by operating sites, certification bodies, internal auditors, and public policy makers.”
The program will encourage the broad industry adoption of the ISA/IEC 62443 operating site cybersecurity standards and best practices. ISA and ISCI plans include building and overseeing a related training and credentialing program for site assessors. ISA and other training organizations already offer training for the ISA/IEC 62443 operating site standards.
“We are inviting companies who are interested in supporting and promoting this program to participate; particularly end-users whose support is critical to this program’s success. Supporters may participate in specification development, provide funding, or simply provide public support,” said Andre Ristaino, Managing Director of ISA Consortia and Conformity Assessment Programs.
“We anticipate a development schedule of 12–14 months and expect to formally launch the program in Q4 2024 or early 2025,” said Ristaino.
To learn more and to get involved, visit https://isasecure.org/isasecure-site-assessment-0.
An informational webinar will also be held on 28 February at 11 am Eastern — to register, visit https://register.gotowebinar.com/register/8957191695766506073.
The International Society of Automation (ISA) is a non-profit professional association founded in 1945 to create a better world through automation. ISA’s mission is to empower the global automation community through standards and knowledge sharing. ISA develops widely used global standards and conformity assessment programs; certifies professionals; provides education and training; publishes books and technical articles; hosts conferences and exhibits; and provides networking and career development programs for its members and customers around the world. Learn more at www.isa.org.
Founded in 2007, the ISA Security Compliance Institute’s (ISCI) mission is to provide the highest level of assurance possible for cybersecurity of automation and control systems. ISCI has been conducting ISASecure certifications on automation and control systems since 2011 through its network of ISO/IEC 17065 accredited certification bodies.
The Institute was established by thought leaders from major organizations in the automation controls community seeking to improve the cybersecurity posture of critical Infrastructure for generations to come. Prominent ISASecure supporters include Chevron, ExxonMobil, Saudi Aramco, Shell, Honeywell, Schneider Electric, JCI, Carrier Corp., Amazon Web Services, TUV Rheinland, TUV-SUD, Yokogawa, YPF, exida, GE Digital, Synopsis, Bureau Veritas, CSSC, DNV, FM Approvals, and others.
The Institute’s goals are realized through ISASecure compliance programs, education, technical support, and improvements in suppliers’ development processes and users’ life cycle management practices. The ISASecure designation ensures that automation products conform to industry consensus cybersecurity standards such as ISA/IEC 62443, providing confidence to users of ISASecure products and systems and creating product differentiation for suppliers conforming to the ISASecure specification. Learn more at www.isasecure.org.