15 September 2020
New ISA/IEC Standard Provides Auditable Approach to Assessing Cybersecurity Risk
RESEARCH TRIANGLE PARK, N.C. (15 September 2020)—The widely used ISA/IEC 62443 Industrial Automation and Control Systems (IACS) Security standards, developed primarily by the ISA99 standards development committee with simultaneous review and adoption by the International Electrotechnical Commission (IEC), provide a flexible framework to address and mitigate current and future IACS security vulnerabilities. The ISA99 committee draws on the input and knowledge of IACS security experts from across the globe to develop consensus standards that are applicable to all industry sectors and critical infrastructure.
A vital new standard in the series is based on the understanding that each organization that owns and operates an IACS has its own tolerance for risk—and that each IACS represents a unique risk depending on the threats it is exposed to, the likelihood of those threats arising, the inherent vulnerabilities in the system, and the consequences if the system were to be compromised. The new standard, ISA/IEC 62443-3-2: Security Risk Assessment for System Design, defines a comprehensive set of engineering measures to guide organizations through the essential process of assessing the risk of a particular IACS and identifying and applying security countermeasures to reduce that risk to tolerable levels.
The new standard can be effectively applied across all industry and critical infrastructure sectors that depend on secure IACS operations. Moreover, it provides much-needed guidance to all key stakeholder categories, including asset owners, system integrators, product suppliers, service providers, and compliance authorities.
“Currently, there is wide degree of variability in how industry defines and conducts IACS risk assessments,” says John Cusimano of aeSolutions, who led the ISA99 subgroup that wrote the standard. “ISA/IEC 62443-3-2 establishes fundamental requirements for an IACS risk assessment without being overly prescriptive. The result is a standard that will bring uniformity across industry while still allowing IACS owners and operators to apply any methodology that is compliant with the standard.”
The new standard is the latest in a string of notable milestones in the ongoing development and growing global application of the ISA/IEC 62443 series. This included a decision by the United Nations Economic Commission for Europe to integrate the widely used standards into its Common Regulatory Framework on Cybersecurity, which serves as an official UN policy position statement for Europe. It also included completion of several key additional standards, including:
Other standards in the ISA/IEC 62443 series cover terminology, concepts, and models; establishing an IACS security program; patch management; and system security requirements and security levels. All may be accessed at www.isa.org/findstandards.
For more information on ISA99 and the ISA/IEC 62443 series of standards, contact Eliana Brazda, ISA Standards, at email@example.com or +1-919-990-9200.
ISAGCA in the News
The ISA Global Cybersecurity Alliance is garnering attention from every corner of the world. Featured in more than 2,200 publications in 30 countries, the ISAGCA continues to make an impact in the media. Here are a few examples:
16 January 2020 ISA Global Cybersecurity Alliance Triples Membership Info Security, United States
20 November 2019 New ISA Global Cybersecurity Alliance reduces threats through collaboration Enterprise Channels MEA, United Arab Emirates
20 November 2019 Effective cybersecurity is a team sport Control Global, United States
18 November 2019 ISA Cybersecurity Standards in Smart Cities: ARC Smart City Podcast ARC Viewpoints Blog Sites, United States
14 November 2019 Is cybersecurity embedded in your organisation? Engineering News, South Africa
31 October 2019 Triconex and Foxboro user group meetings in Austin for Schneider Electric’s Processes The Statesman Examiner - FinancialContent, United States
28 October 2019 Certification Emphasizes Cybersecurity of Schneider Electric’s Processes Press Releases - Digital Journal, Canada
23 October 2019 Cybersecurity experts offer best practices Control Global, United States
17 October 2019 Schneider Eectric inAugusturates digital transformation of smart distribution centre in Brazil MEP Middle East, United Arab Emirates
15 October 2019 Creating a More Secure Digital Ecosystem By Connecting The Dots Industrial Automation Asia, Singapore
9 October 2019 Cybersecurity Alliance Helps Reduce Threats Through Collaboration Nutesla - The Informant, Italy
19 September 2019 Interview: What will ISA's Global Cybersecurity Alliance actually do? Tech Wire Asia, United Kingdom
18 September 2019 ISA Forms ISAGCA to Promote ISA 62443 Cybersecurity Standard ARC Viewpoints Blog Sites, United States
12 September 2019 Rockwell announced as founding member of ISA Global Cybersecurity Alliance Controls, Drives & Automation, United Kingdom
3 September 2019 Global Cybersecurity Alliance: Schneider Electric membro fondatore Information Technology Intelligent Software, Italy
22 August 2019 Honeywell Advances Cybersecurity Efforts as Founding Member of New ISA Alliance BISInfotech, India
20 August 2019 Advancing cybersecurity efforts to enhance the development and adoption of cybersecurity standards ELE Times, India
16 August 2019 ISA Global Cybersecurity Alliance Welcomes Schneider Electric As a Founding Member Digital Journal, Canada
16 August 2019 ISA Global Cybersecurity Alliance Welcomes Schneider Electric As a Founding Member Boston Herald - FinancialContent, United States
14 August 2019 Cybersecurity Concerns Could be Cause for IoT Pause – RTInsights RT Insights, United States
14 August 2019 ISA Global Cybersecurity Alliance Welcomes Schneider Electric as founding member Data Economy, United Kingdom
6 August 2019 Schneider Electric joins ISA Global Cybersecurity Alliance Trade Arabia, Bahrain
5 August 2019 Honeywell joins Global Cybersecurity Alliance Homeland Preparedness News, United States
Copyright © 2020