The ISA99 standards development committee brings together industrial cyber security experts from across the globe to develop ISA standards on industrial automation and control systems security. This original and ongoing ISA99 work is being utiilized by the International Electrotechnical Commission in producing the multi-standard IEC 62443 series.
Below you will see the official scope and purpose of ISA99, and the complete list of experts currently on the committee. New participants are always welcome — and you need not be a member of ISA to participate.
For the latest information on ISA99 and the ongoing development of the ISA/IEC 62443 series of standards on the cyber security of industrial automation and control systems, please contact Eliana Brazda.
The ISA99 committee addresses industrial automation and control systems whose compromise could result in any, or all, of the following situations:
- endangerment of public or employee safety
- loss of public confidence
- violation of regulatory requirements
- loss of proprietary or confidential information
- economic loss
- impact on national security.
The concept of manufacturing and control systems electronic security is applied in the broadest possible sense, encompassing all types of plants, facilities, and systems in all industries. Manufacturing and control systems include, but are not limited to:
- hardware and software systems such as DCS, PLC, SCADA, networked electronic sensing, and monitoring and diagnostic systems
- associated internal, human, network, or machine interfaces used to provide control, safety, and manufacturing operations functionality to continuous, batch, discrete, and other processes.
Physical security is an important component in the overall integrity of any control system environment, but it is not specifically addressed in this series of documents.
The following diagram depicts the status of the various work products in the ISA/IEC 62443 series of IACS standards and technical reports.
The ISA99 committee will establish standards, recommended practices, technical reports, and related information that will define procedures for implementing electronically secure manufacturing and control systems and security practices and assessing electronic security performance. Guidance is directed toward those responsible for designing, implementing, or managing manufacturing and control systems and shall also apply to users, systems integrators, security practitioners, and control systems manufacturers and vendors.
The Committee's focus is to improve the confidentiality, integrity, and availability of components or systems used for manufacturing or control and provide criteria for procuring and implementing secure control systems. Compliance with the Committee's guidance will improve manufacturing and control systems electronic security, and will help identify vulnerabilities and address them, thereby reducing the risk of compromising confidential information or causing manufacturing control systems degradation or failure.