ISA responds to recent Pell Center report on cybersecurity workforce development
The International Society of Automation has responded to a report from the Pell Center for International Relations and Public Policy that calls for a unified U.S. national strategy to address the serious workforce development needs presented by multi-dimensional cyber-attack threats.
RESEARCH TRIANGLE PARK, NC, Sept. 26, 2014 -- The International Society of Automation (ISA) has recently responded to a widely-circulated report from the Pell Center for International Relations and Public Policy -- titled "Professionalizing Cybersecurity: A Path for Universal Standards and Status" -- that calls for a unified U.S. national strategy to address the serious workforce development needs presented by the multi-dimensional threats of cyber attacks.
While commending the Pell Center for bringing greater attention to this vital challenge, 2014 ISA President Peggie Koon, Ph.D., emphasizes in a letter to the center that a comprehensive workforce development strategy is being implemented to train and prepare those responsible for protecting the critical and industrial infrastructure that forms the foundation of modern economies, and serves as the greatest potential target of cyber terrorists and the greatest risk of potential damage from cyber attack.
The Framework for Improving Critical Infrastructure Cybersecurity, published in early 2014 by the U.S. National Institute of Standards and Technology, sets forth guidelines to help owners and operators involved in the critical and industrial infrastructure identify, assess and manage cyber risk. The Framework is based on the input of leading cybersecurity experts from government and multiple industry sectors.
Koon noted that a series of standards on industrial automation and control systems security are cited throughout the Framework that are being developed by ISA in an international effort involving experts from more than 200 companies and organizations representing energy, water and wastewater, food and beverage processing, chemicals, petroleum refining, and other vital industry sectors. The standards, designated the ISA 62443 series, are being adopted as they are completed by the Geneva-based International Electrotechnical Commission (IEC) as the IEC 62443 series, assuring recognition by industries and governments across the globe.
The report makes the point that the technology for combating cyber attacks is only as good as the people who develop, implement and maintain it. However, for those responsible for protecting the critical infrastructure and industrial base, the required expertise extends well beyond the tools and technology of cybersecurity, Koon said.
"They require an understanding of the engineering interactions of complex automation and control systems," he said, "in which cyber vulnerabilities exploited in sectors such as energy production and distribution, water treatment, refining, and chemicals, can disrupt and damage multiple sectors, with potentially severe consequences for public health and welfare, and on a vast and interconnected economy."
Patrick Gouhin, ISA executive director and CEO, added, "ISA's leadership in industrial cybersecurity extends well beyond the standards by leveraging the vast expertise and knowledge from the ISA/IEC 62443 program. This has led to programs for the training, certification and continuing education of those who must understand the complexities and interactions of advanced automation and control systems while protecting critical infrastructure and the industrial base."
These programs include:
Professional Certification and Certificate Programs
- Certified Automation Professional® (CAP) Certification: This demonstrates proficiency in all aspects of industrial automation and control systems, including network and control systems security.
- Industrial Cybersecurity Certificate Program: This demonstrates proficiency in understanding and applying the ISA/IEC 62443 international standards.
- Certified Mission-Critical Professional (CMCP) Certification: In development under a U.S. Department of Labor grant to Cleveland Community College, this focuses on the skills and knowledge to combat cyber and other threats in industrial operations.
- Study courses and preparation materials in support of the Control Systems Engineering (CSE) program: A specialized Professional Engineering (PE) license recognized in the U.S. and administered by the National Council of Examiners for Engineering and Surveying, this includes coverage of network and control systems security.
Competency-Based Workforce Development
- The Automation Competency Model (ACM): Developed by the Automation Federation, the umbrella organization of ISA, in conjunction with the U.S. Department of Labor, this establishes what individuals need to know to successfully perform the tasks required in automation occupations, including network and control systems security.
Training Classes, Publications and Conferences
- Basic and advanced cybersecurity for industrial automation and control systems
- Understanding and implementing the ISA/IEC 62443 standards
Founded in 1945, the International Society of Automation (www.isa.org) is a global, nonprofit organization that is setting the standard for automation by helping over 30,000 worldwide members and other professionals solve difficult technical problems, while enhancing their leadership and personal career capabilities. Based in Research Triangle Park, North Carolina, ISA develops standards; certifies industry professionals; provides education and training; publishes books and technical articles; and hosts conferences and exhibitions for automation professionals. ISA is the founding sponsor of The Automation Federation (www.automationfederation.org).