January/February 2010

ISA99: Charting a security standards roadmap into a risky new decade

By Charley Robinson

Not that we needed the reminder, but the near-miss bombing of Delta/Northwest flight 253 in the waning days of 2009 underscored what we all know: Murderous forces in the world seek vulnerabilities wherever they can find them. Those who work in industrial automation can tell you many manufacturing and processing operations can also present such opportunities for those who know what they are doing.

And so as ISA Standards enters its seventh decade, a major focus continues on standards and guidelines to reduce the possibilities and limit the impacts of cyber threats to industrial systems and critical infrastructure. This work is performed primarily by the ISA99 committee on Industrial Automation and Control Systems Security, but draws from and impacts work across the ISA standards world and beyond.

The ISA99 roadmap

In the past year, ISA99 has established a roadmap that calls for delivering at least 14 standards and technical reports addressing vital aspects of industrial control systems security. These documents will build on ANSI/ISA-99.00.01, Security for Industrial Automation and Control Systems: Concepts, Terminology and Models. That standard was followed by ANSI/ISA-99.02.01, Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program.

Work is underway on the roadmap in areas including system security requirements and security assurance levels, target security assurance levels for zones and conduits, compliance metrics, and patch management. Also in progress is an update of a key 2007 technical report, ANSI/ISA-TR99.00.01, Security Technologies for Manufacturing and Control Systems. It provides an assessment of cyber security tools, mitigation countermeasures, and technologies that may be applied to industrial automation and control systems regulating and monitoring numerous industries and critical infrastructures.

In support of the roadmap, ISA99 has established three new working groups on cyber security with other key ISA standards committees. These include joint working groups with ISA100 on wireless automation, ISA67 on the special requirements of nuclear plants, and ISA84 on functional safety.

The joint working group with ISA84 highlights the importance of understanding the impact of cyber security on the safe operation of industrial processes. As technologies such as wireless, Ethernet, and computer information systems gain increased usage in industrial automation, the need for design strategies and methodologies to identify and mitigate risk is clear.

The joint working group leverages the expertise found in the ISA84 and the ISA99 committees to address these challenges. The leading work of ISA84 in functional safety has been a foundation of the widely used International Electrotechnical Commission (IEC) standards on safety in the process industries. "The ISA84 work, and subsequent work in IEC 61508 and IEC 61511, identifies cyber security as a potential threat to safe operation, but the scope of ISA84 focuses mostly on hardware faults and device reliability," said ISA84 Chair William Johnson of DuPont. "The ISA99 joint working group with ISA84 represents a significant complement to our work, as it addresses faults and emerging threats today that jeopardize safe operations in ways that many were less concerned about even just a few years ago."

The ISA99-84 joint working group's initial work has focused on:

  • Developing a security assurance level methodology for cyber security, similar to that of the current safety integrity levels (SIL) defined in ISA84
  • Defining and developing processes for identifying intentional and systematic threats that can expose process hazards

"Today when we consider only the probability of hardware failures in a hazards analysis, we can miss significant sources of risk to process safety," said ISA99 co-chair Eric Cosman, engineering solutions architect with The Dow Chemical Company. "This can be a dangerous assumption in the modern interconnected and software-driven plant, when considering intentional threats such as viruses, malware, and hackers, but also unintentional systematic faults such as poor network performance or network failures."

Another roadmap

The ISA99 work has also been recognized within the Framework and Roadmap for Smart Grid Interoperability Standards released by the U.S. National Institute of Standards and Technology (NIST) in September 2009. NIST's intent is to identify existing and draft standards vital to the success of the highly publicized Smart Grid program. All ISA99 published and draft documents are being made readily available for access by U.S. state utility commissions, the Federal Energy Regulatory Commission, and the National Association of Regulatory Utility Commissioners, who will be reviewing the content of all identified standards for regulatory purposes.

ABOUT THE AUTHOR

Charley Robinson (crobinson@isa.org) is manager of Standards and Technology at ISA.

RESOURCES