Industrial control system requirements defined by new cyber security standard

Sponsored by

RESEARCH TRIANGLE PARK, NC, Aug. 20, 2013 -- A new ISA99 standard addresses risks arising from the growing use of business information technology (IT) cyber security solutions to address industrial automation and control systems (IACS) cyber security in complex and dangerous manufacturing and processing applications.

The ISA-62443 series of standards, being developed by the ISA99 committee of the International Society of Automation (ISA) and adopted globally by the International Electrotechnical Commission (IEC), is designed to provide a flexible framework to address and mitigate current and future vulnerabilities in IACS.

IACS cyber security goals typically focus on control system availability, plant protection, plant operations, and time-critical system response. IT security goals, in contrast, often focus more on protecting information than physical assets. For this reason, use of IT cyber security solutions to address IACS security must be implemented knowledgably to prevent unintended vulnerabilities that could lead to potentially disastrous health, safety, environmental, financial, and/or reputational impacts in deployed control systems.

The new ISA99 standard addresses this concern with an approach to defining system requirements that is based on a combination of functional requirements and risk assessment, and an awareness of operational issues. The standard provides detailed technical control system requirements associated with seven foundational requirements described in the groundbreaking first ISA99 standard, ISA‑62443‑1‑1 (99.01.01), including defining the requirements for control system capability security levels. Those responsible for IACS cyber security will use these requirements in developing the appropriate control system target security levels for specific assets.

"This standard provides highly relevant and practical direction to asset owners, system integrators and suppliers by describing the major system-level technical requirements for a secure IACS," stated ISA99 Co-Chair Eric C. Cosman of the Dow Chemical Company. "It serves as a cornerstone in the ISA-62443/IEC 62443 series, complementing other standards including ISA-62443-2-1, which addresses the processes and procedures needed for security."

The ISA99 committee drew on the input and knowledge of IACS security experts from across the globe in developing the standard. Unlike programs targeted at a single industry, ISA99 is applicable to all industry sectors and critical infrastructure in recognition of the interrelated nature of industrial computer networks in which cyber vulnerabilities exploited in one sector can impact multiple sectors and infrastructure.

"The new standard represents a collaborative effort of experts from multiple industries around the world," stated the ISA99 task group leader for the project, Jeff Potter of Emerson Process Management. "Our intensive series of revise-and-review cycles has resulted in a rigorously reviewed standard reflecting the best current thinking in control systems security. Our joint work with IEC experts provides users with further assurance that this is a truly global standard that can be used to design, build, operate and regulate with full confidence in its longevity and cross-national applicability."

ANSI/ISA-62443-3-3-2013 was approved as an American National Standard on 13 August 2013. An essentially identical version will be published by the IEC later this year as IEC 62443-3-3.

The standard is available here (select ‘62443’ from the drop-down list and scroll down) or by calling +1 919-990-9200.

About ISA99

ISA99 is a multi-national, multi-industry standards development initiative of the International Society of Automation (ISA), the world’s leading member association for automation professionals (www.isa.org).  Like all ISA standards committees, ISA99 conducts its work in an open consensus process that is accredited by the American Standards Institute.

The near-simultaneous adoption of the ISA99 standards by the International Electrotechnical Commission (IEC) reflects a long and productive collaboration through which many original ISA standards have been adopted to become widely used IEC global standards in vital areas including industrial cyber security, enterprise-control system integration, batch process control and process safety.

The expertise and input of ISA99 is also evident in ISA’s close cooperation with key leaders from the White House National Security Staff on Cyber Security, US Department of Homeland Security, and US National Institute of Standards and Technology in the ongoing development of a US national cyber security framework. The framework is a key element in the Executive Order signed by President Obama in February 2013, which called for the US government to work closely with key industry partners, including ISA and its umbrella organization, the Automation Federation, to protect critical infrastructure.

###

Sponsored by

TODAY'S HEADLINES

Construction of first tunnel under SF Bay completed; provides reliable drinking water source

The San Francisco Public Utilities Commission has joined with Dave Pine, president of the San Mateo County Board of Supervisors, to celebrate the completion of the first tunnel under San Francisco Bay at the location where the first Hetch Hetchy water enters Crystal Springs Reservoir.

India desalination plant to receive high-capacity ultrafiltration technology

Ultrafiltration membrane technology specialist inge GmbH recently secured the largest project in the company's history and will supply high-capacity UF technology for a desalination plant in the city of Jamnagar, India.  

Article discusses nation's connection to water, pricing schemes, steps toward sustainable future

A new article explores the nation's vital connection to water amidst a backdrop of crumbling infrastructure, significant waste and ongoing droughts. It examines the history of pricing schemes and the role of agriculture and presents a series of steps to a sustainable water future.

U.S. Water Alliance now accepting nominations for 2015 U.S. Water Prize

The U.S. Water Alliance has officially announced that it is now accepting nominations for the 2015 U.S. Water Prize.  

FOLLOW US ON SOCIAL MEDIA