Industrial cybersecurity experts of the International Society of Automation (ISA), the Automation Federation (ISA’s umbrella organization), and the US and UK governments, and global business leaders gathered in London 18 May 2017 to share common experiences and consider strategies to combat common threats.
The one-day meeting was co-sponsored by the Automation Federation and TechUK (an association of more than 950 member companies in the UK) at the request of the British government and the US Department of Homeland Security. The objective of the gathering was to examine operational technology/Industrial Internet of Things (IIoT) cybersecurity challenges facing both the US and the UK. Meeting speakers and participants discussed shared experiences and obstacles and explored potential opportunities for collaboration.
Douglas Maughan, Cyber Security Division Director within the US Department of Homeland Security, Science and Technology Directorate (S&T), explained in his presentation how industry and government within both countries can work together to improve industrial cybersecurity defenses.
Also presenting and participating were: Steve Mustard, an independent automation consultant and industrial cybersecurity subject-matter expert of ISA and the Automation Federation; James Keaveney, 2016 ISA President and 2017 Chairman of the Automation Federation; and Andre Ristaino, Managing Director of the ISA Security Compliance Institute.
Mustard pointed to ISA’s series of industrial automation and control system (IACS) security standards— adopted internationally as ISA/IEC 62443—as a flexible framework for preventing and limiting potentially devastating cyber damage to the industrial systems and networks used in critical infrastructure and other industrial environments.
Developed by leading international cybersecurity experts from industry, government and academia, ISA/IEC 62443 addresses industrial cybersecurity vulnerabilities across all key industry sectors and is regarded as the world’s only consensus-based series of IACS security standards.
Keaveney provided an overview of ISA’s integrated range of standards-based industrial cybersecurity training courses and related certificate programs. ISA has harnessed the ISA/IEC 62443 standards to develop a comprehensive set of industrial cybersecurity training courses and aligned certificate programs—covering the complete lifecycle of IACS assessment, design, implementation, operations and maintenance. ISA’s cybersecurity certificate programs are open to those who successfully complete the requirements of ISA’s related cybersecurity courses.
Ristaino, in a panel discussion, provided an overview of the ISA Security Compliance Institute (ISCI). ISCI manages the ISASecure™ conformance certification program, which ensures that control systems conform to relevant ISA/IEC 62443 cybersecurity standards and that IACS products and systems are robust against network attacks and free from known vulnerabilities.
To learn more about ISA/IEC 62443, ISA’s standard-based training and certificate programs, and other industrial cybersecurity resources offered by ISA, click here.
Prior to the meeting, on 16-17 May, ISA and Automation Federation representatives also attended and participated in the “Global Cybersecurity Innovation Summit,” which was presented by the Security Innovation Network (SINET) and co-sponsored by the British government and the US Department of Homeland Security, S&T. The focus of the summit was to help foster a more cohesive, worldwide cybersecurity community and accelerate innovation through collaboration.
The International Society of Automation (www.isa.org) is a nonprofit professional association that sets the standard for those who apply engineering and technology to improve the management, safety, and cybersecurity of modern automation and control systems used across industry and critical infrastructure. Founded in 1945, ISA develops widely used global standards; certifies industry professionals; provides education and training; publishes books and technical articles; hosts conferences and exhibits; and provides networking and career development programs for its 40,000 members and 400,000 customers around the world.
ISA owns Automation.com, a leading online publisher of automation-related content, and is the founding sponsor of The Automation Federation (www.automationfederation.org), an association of non-profit organizations serving as “The Voice of Automation.” Through a wholly owned subsidiary, ISA bridges the gap between standards and their implementation with the ISA Security Compliance Institute (www.isasecure.org) and the ISA Wireless Compliance Institute (www.isa100wci.org).
About the Automation Federation
The Automation Federation is a global umbrella organization of twenty (20) member organizations and seven working groups engaged in automation activities. The Automation Federation enables its members to more effectively fulfill their missions, advance the science and engineering of automation technologies and applications, and develop the workforce needed to capitalize on the benefits of automation. The Automation Federation is the “Voice of Automation.” For more information about the Automation Federation, visit www.automationfederation.org.
About the ISA Security Compliance Institute (ISCI)
Founded in 2007, the ISA Security Compliance Institute’s mission is to provide the highest level of assurance possible for the cyber security of industrial automation control systems (IACS).
The Institute was established by thought leaders from major organizations in the industrial automation controls community seeking to improve the cyber security posture of critical Infrastructure for generations to come. ISCI Members include Chevron, ExxonMobil, Aramco Services, Honeywell, Schneider Electric, Yokogawa, exida, Codenomicon, CSSC, and IPA-Japan.
The Institute’s goals are realized through industry standards compliance programs, education, technical support, and improvements in suppliers’ development processes and users’ life cycle management practices. The ISASecure® designation ensures that IACS products conform to industry consensus cyber security standards such as IEC 62443, providing confidence to users of ISASecure products and systems and creating product differentiation for suppliers conforming to the ISASecure specification. www.isasecure.org