March 2008

Government secure in ISA knowledge

The buzz is big surrounding cyber security in industrial automation and control systems (IACS), whose vulnerability is apparent in laboratory demonstrations and in actual cyber incidents. Consequently, government agencies and regulators are working with industry to protect critical infrastructures.

ISA officials spoke with Representative David Price during his visit to the Society (see InTech's February Association News at, offering to help ensure informed decisions to government policy makers and leaders. ISA's offer included advice and guidance from Society member experts in industrial automation and control systems cyber security. This service could include review and comment on proposed regulations, expert testimony before congressional and regulatory committees, participation on special commissions, and definition and development of government supported initiatives in technology development and research.

"The primary focus on cyber security is the IP communications and the Internet. However, the industrial community still primarily utilizes serial communications with control system protocols. That's what we should be focusing on because we're the ones who know and understand these systems," said Joe Weiss of Applied Control Solutions, LLC in Cupertino, Calif. "We understand the systems, we use the networks, we add or subtract systems to the control system networks. So we should be involved, not just handing control system network security over the fence to IT."

"As a nonprofit engineering association of 30,000 automation and control systems professionals, ISA is uniquely positioned to bring together this wide-ranging expertise," said Patrick Gouhin, ISA executive director.  ISA has harnessed this multi-sector expertise in two ongoing industrial cyber security initiatives: ISA99 Standards Development Committee, developing American national standards and guidelines on IACS cyber security technologies, and the ISA Security Compliance Institute, supporting effective implementation of industry standards via compliance testing, market awareness, technical support, and education.