FIND OUT MORE

ISAGCA Updates

15 September 2020
New ISA/IEC Standard Provides Auditable Approach to Assessing Cybersecurity Risk

RESEARCH TRIANGLE PARK, N.C. (15 September 2020)—The widely used ISA/IEC 62443 Industrial Automation and Control Systems (IACS) Security standards, developed primarily by the ISA99 standards development committee with simultaneous review and adoption by the International Electrotechnical Commission (IEC), provide a flexible framework to address and mitigate current and future IACS security vulnerabilities. The ISA99 committee draws on the input and knowledge of IACS security experts from across the globe to develop consensus standards that are applicable to all industry sectors and critical infrastructure.

A vital new standard in the series is based on the understanding that each organization that owns and operates an IACS has its own tolerance for risk—and that each IACS represents a unique risk depending on the threats it is exposed to, the likelihood of those threats arising, the inherent vulnerabilities in the system, and the consequences if the system were to be compromised. The new standard, ISA/IEC 62443-3-2: Security Risk Assessment for System Design, defines a comprehensive set of engineering measures to guide organizations through the essential process of assessing the risk of a particular IACS and identifying and applying security countermeasures to reduce that risk to tolerable levels.  

The new standard can be effectively applied across all industry and critical infrastructure sectors that depend on secure IACS operations. Moreover, it provides much-needed guidance to all key stakeholder categories, including asset owners, system integrators, product suppliers, service providers, and compliance authorities.

“Currently, there is wide degree of variability in how industry defines and conducts IACS risk assessments,” says John Cusimano of aeSolutions, who led the ISA99 subgroup that wrote the standard. “ISA/IEC 62443-3-2 establishes fundamental requirements for an IACS risk assessment without being overly prescriptive. The result is a standard that will bring uniformity across industry while still allowing IACS owners and operators to apply any methodology that is compliant with the standard.”  

The new standard is the latest in a string of notable milestones in the ongoing development and growing global application of the ISA/IEC 62443 series. This included a decision by the United Nations Economic Commission for Europe to integrate the widely used standards into its Common Regulatory Framework on Cybersecurity, which serves as an official UN policy position statement for Europe. It also included completion of several key additional standards, including:

  • ISA/IEC 62443-4-1, Product Security Development Life-Cycle Requirements, which specifies process requirements for the secure development of products used in an IACS and defines a secure development lifecycle for developing and maintaining secure products.
  • ISA/IEC 62443-4-2, Technical Security Requirements for IACS Components, which provides the cybersecurity technical requirements for components that make up an IACS, specifically the embedded devices, network components, host components and software applications.

Other standards in the ISA/IEC 62443 series cover terminology, concepts, and models; establishing an IACS security program; patch management; and system security requirements and security levels. All may be accessed at www.isa.org/findstandards.

For more information on ISA99 and the ISA/IEC 62443 series of standards, contact Eliana Brazda, ISA Standards, at ebrazda@isa.org or +1-919-990-9200.


ISAGCA in the News

The ISA Global Cybersecurity Alliance is garnering attention from every corner of the world. Featured in more than 2,200 publications in 30 countries, the ISAGCA continues to make an impact in the media. Here are a few examples: 

16 January 2020 ISA Global Cybersecurity Alliance Triples Membership Info Security, United States

20 November 2019 New ISA Global Cybersecurity Alliance reduces threats through collaboration Enterprise Channels MEA, United Arab Emirates  

20 November 2019 Effective cybersecurity is a team sport Control Global, United States  

18 November 2019 ISA Cybersecurity Standards in Smart Cities: ARC Smart City Podcast ARC Viewpoints Blog Sites, United States  

14 November 2019 Is cybersecurity embedded in your organisation? Engineering News, South Africa  

31 October 2019 Triconex and Foxboro user group meetings in Austin for Schneider Electric’s Processes The Statesman Examiner - FinancialContent, United States  

28 October 2019 Certification Emphasizes Cybersecurity of Schneider Electric’s Processes Press Releases - Digital Journal, Canada  

23 October 2019 Cybersecurity experts offer best practices Control Global, United States  

17 October 2019 Schneider Eectric inAugusturates digital transformation of smart distribution centre in Brazil MEP Middle East, United Arab Emirates  

15 October 2019 Creating a More Secure Digital Ecosystem By Connecting The Dots Industrial Automation Asia, Singapore  

9 October 2019 Cybersecurity Alliance Helps Reduce Threats Through Collaboration Nutesla - The Informant, Italy  

19 September 2019 Interview: What will ISA's Global Cybersecurity Alliance actually do? Tech Wire Asia, United Kingdom  

18 September 2019 ISA Forms ISAGCA to Promote ISA 62443 Cybersecurity Standard ARC Viewpoints Blog Sites, United States  

12 September 2019 Rockwell announced as founding member of ISA Global Cybersecurity Alliance Controls, Drives & Automation, United Kingdom 

3 September 2019 Global Cybersecurity Alliance: Schneider Electric membro fondatore Information Technology Intelligent Software, Italy  

22 August 2019 Honeywell Advances Cybersecurity Efforts as Founding Member of New ISA Alliance BISInfotech, India

20 August 2019 Advancing cybersecurity efforts to enhance the development and adoption of cybersecurity standards ELE Times, India  

16 August 2019 ISA Global Cybersecurity Alliance Welcomes Schneider Electric As a Founding Member Digital Journal, Canada  

16 August 2019 ISA Global Cybersecurity Alliance Welcomes Schneider Electric As a Founding Member Boston Herald - FinancialContent, United States  

14 August 2019 Cybersecurity Concerns Could be Cause for IoT Pause – RTInsights RT Insights, United States

14 August 2019 ISA Global Cybersecurity Alliance Welcomes Schneider Electric as founding member Data Economy, United Kingdom

6 August 2019 Schneider Electric joins ISA Global Cybersecurity Alliance Trade Arabia, Bahrain  

5 August 2019 Honeywell joins Global Cybersecurity Alliance Homeland Preparedness News, United States  


The Cybersecurity Advocate Archives

Review past issues of The Cybersecurity Advocate, the official newsletter of the ISA Global Cybersecurity Alliance.

August 2020

April 2020


Founding Members  

PAS
xage security
MOCANA
Wallix
Bayshore
Supporting Member - senhasegura
radiflow
exida
Munio Security
Digital Immunity
tripwire
INL - Idaho National Laboratory
TDI ConsoleWorks
Eaton
KPMG
Surge Engineering
Petronas

Join the Movement: Contact ISA to Learn More

Let’s talk about how your company or organization can join us—contact Rick Zabel at rzabel@isa.org or +1 919 990 9233. Press and media should contact ISA’s Director of Marketing and Communications, Jennifer Halsey, at jhalsey@isa.org or +1 919 990 9287.  

LEARN MORE!