The ISA99 standards committee brings together cyber security experts from across the globe to develop consensus standards that apply to all industry sectors and critical infrastructure. ISA99, in conjunction with IEC TC 65 WG 10 produced — and continues to develop— the ISA/ IEC 62443 series of standards and technical reports which provide a comprehensive framework to address and reduce existing and future security vulnerabilities in industrial automation and control systems (IACS).
Below you will see the official scope and purpose of ISA99. The work continues to expand, along with necessary updates, and new participants are always welcome and you need not be a member of ISA to participate.
For the latest information on ISA99 and the ongoing development of the ISA/IEC 62443 series , please contact Eliana Brazda.
The ISA99 committee addresses industrial automation and control systems whose compromise could result in any, or all, of the following situations:
- endangerment of public or employee safety
- loss of public confidence
- violation of regulatory requirements
- loss of proprietary or confidential information
- economic loss
- impact on national security.
The concept of manufacturing and control systems electronic security is applied in the broadest possible sense, encompassing all types of plants, facilities, and systems in all industries. Manufacturing and control systems include, but are not limited to:
- hardware and software systems such as DCS, PLC, SCADA, networked electronic sensing, and monitoring and diagnostic systems
- associated internal, human, network, or machine interfaces used to provide control, safety, and manufacturing operations functionality to continuous, batch, discrete, and other processes.
Physical security is an important component in the overall integrity of any control system environment, but it is not specifically addressed in this series of documents.
The ISA99 committee establishes standards, recommended practices, technical reports, and related information that defines procedures for implementing electronically secure manufacturing and control systems and security practices and assessing electronic security performance. Guidance is directed toward those responsible for designing, implementing, or managing manufacturing and control systems and shall also apply to users, systems integrators, security practitioners, and control systems manufacturers and vendors.
The Committee's focus is to improve the confidentiality, integrity, and availability of components or systems used for manufacturing or control and to provide criteria for procuring and implementing secure control systems. Compliance with the Committee's guidance will improve manufacturing and control systems electronic security, and will help identify vulnerabilities and address them, thereby reducing the risk of compromising confidential information or causing manufacturing control systems degradation or failure.