FIND OUT MORE

NEWS from ISAGCA


27 January 2021
ISA Global Cybersecurity Alliance Sets Priorities for 2021

RESEARCH TRIANGLE PARK, N.C. (27 January 2021)—The ISA Global Cybersecurity Alliance (ISAGCA), made up of 40 member companies, has established its priorities for the year ahead. The International Society of Automation (www.isa.org) created the ISA Global Cybersecurity Alliance to advance cybersecurity readiness and awareness in manufacturing and critical infrastructure facilities and processes. The ISAGCA brings end-user companies, automation and control systems providers, IT infrastructure providers, services providers, and system integrators and other cybersecurity stakeholder organizations together to proactively address growing threats.

The group’s 2021 priorities include:

  • Advocating the inclusion of the ISA/IEC 62443 series of cybersecurity standards in global policies that intend to improve critical infrastructure cybersecurity
  • Publishing a fully detailed, auditable cross-referencing guide that maps the ISA/IEC 62443 series of standards to other cybersecurity standards across multiple industries
  • Issuing comparison analysis reports that identify the implications of selecting and applying the ISA/IEC 62443 series of standards and help minimize the effort it takes to comply with cybersecurity standards and policies
  • Creating an insurance underwriters’ work group that will determine how to leverage ISA/IEC 62443 in creating and adjusting cybersecurity-related insurance policies
  • Publishing a two-part report that analyzes the use of ISA/IEC 62443 to secure IIoT reference architectures: Phase 1 (Securing IIoT devices and gateways) and Phase 2 (Securing cloud-based system-level functionality)
  • Formalizing recommended best practices to improve cyber incident response plans, in collaboration with the ICS4ICS public-private partnership tasked with creating an incident command system for industrial control systems
  • Making available a slate of new educational training, including an operations technology-focused course on basic cybersecurity hygiene for technicians and operators and microlearning modules about cybersecurity principles and the basics of the ISA/IEC 62443 series of standards

“The technologies that control and automate the world’s most critical operations, including the facilities where we work and live, are under constant threat and attack,” said ISAGCA Advisory Board Chair Megan Samford, Vice President and Chief Product Security Officer for Schneider Electric’s Energy Management business. “Given how important the ISA/IEC 62443 standard has become to limiting, mitigating, and even eliminating these threats, the projects and programs we have launched within the ISA Global Cybersecurity Alliance this year will deliver clarity, alignment, and education and further our collective ability to improve control and automation systems cybersecurity.”

The ANSI/ISA 62443 series of automation and control systems cybersecurity standards, which were developed primarily by ISA, have been adopted by the International Electrotechnical Commission as IEC 62443 and endorsed by the United Nations. The standards define requirements and procedures for implementing electronically secure automation and industrial control systems and security practices and assessing electronic security performance. The standards approach the cybersecurity challenge holistically, bridging the gap between operations and information technology.

“Consistent, global adoption of the ISA/IEC 62443 series of standards will help vendors, third parties, end users—indeed the entire digital supply chain—effectively and proactively manage risks to their people, assets, and operations,” said ISAGCA Advisory Board Vice Chair Sharul Rashid, Custodian Engineer and Group Technical Authority of Instrumentation and Control at PETRONAS. “The march of digital technology and open process automation initiatives means global industry continues to advance at great pace. But in our haste to reap the benefits of digitalization, we must not lose sight of cybersecurity as a key piece of the productivity puzzle. Our priorities this year will help keep global focus on securing critical assets from harm.”

Recently, the ISA Global Cybersecurity Alliance released two helpful, free guides for public use:

  • Quick Start Guide: An Overview of the ISA/IEC 62443 Standards (www.isa.org/cyberguide): A user-friendly overview answering often-asked questions about ISA/IEC 62443 series of standards
  • Security Lifecycles in the ISA/IEC 62443 Series (www.isa.org/securitylifecycles): A whitepaper that provides a high-level view of the product security lifecycle and the automation solution security lifecycle, and defines IACS principal roles and responsibilities

ISAGCA is made up of 40 member companies, representing more than $240 billion in aggregate revenue across more than 2,400 combined worldwide locations. Automation and cybersecurity provider members serve 31 different industries, underscoring the broad applicability of the ISA/IEC 62443 series of standards.

Current members of ISAGCA include 1898 & Co. (Burns McDonnell), ACET Solutions, aeSolutions, Bayshore, Claroty, ConsoleWorks, CyberOwl, Deloitte, Digital Immunity, Dragos, Eaton, exida, Honeywell, Idaho National Laboratory, Idaho State University, ISASecure, Johnson Controls, KPMG, LOGIIC, Mission Secure, MTA Technology Group (Senhasegura), Munio Security, Nova Systems, Nozomi Networks, PAS, PETRONAS, Radiflow, Rockwell Automation, Schneider Electric, Surge Engineering, Tenable, TI Safe, Tripwire, UL, Wallix, WisePlant, WINICSSEC, and Xage Security.

For more information about ISAGCA, visit www.isa.org/isagca.

18 November 2020
ISA Global Cybersecurity Alliance Appoints Advisory Board Leadership

RESEARCH TRIANGLE PARK, N.C. (18 November 2020)—The ISA Global Cybersecurity Alliance (ISAGCA) has appointed a chairperson – Megan Samford, VP, Chief Product Security Officer for Energy Management at Schneider Electric – and vice chairperson – Sharul Rashid, Custodian Engineer and Group Technical Authority of Instrumentation and Control at PETRONAS – to its advisory board.

The International Society of Automation (www.isa.org) created the ISA Global Cybersecurity Alliance to increase cybersecurity awareness and readiness, bringing end-user companies, automation and control systems providers, IT infrastructure providers, services providers, system integrators, and other cybersecurity stakeholder organizations together to address growing threats across many vertical sectors.

ISAGCA’s Advisory Board Chairperson Megan Samford, VP, Chief Product Security Officer for Energy Management at Schneider Electric, is a security executive with focus on industrial control systems security, critical infrastructure protection, and risk analysis. In taking her role at Schneider Electric, Samford became the first female CPSO for a major industrial without first being a CISO, a significant milestone for women in industrial control systems security. She is currently leading a community driven effort under ISAGCA known as Incident Command System for Industrial Control Systems (ICS4ICS), which seeks to establish an operational incident response organization by Q1 2021. ICS4ICS includes a common language for responding to cyber incidents and provide avenues for mutual assistance between organizations.

ISAGCA is made up of 40 member companies, representing more than $240 billion in aggregate revenue across more than 2,400 combined worldwide locations. Automation and cybersecurity provider members serve 31 different industries, underscoring the broad applicability of the ISA/IEC 62443 series of standards.

“As the first Founding Member of the ISAGCA, Schneider Electric remains deeply committed to collaborating across industry to help our customers and all end users, regardless of segment and geography, secure and protect their people, assets and operations,” Samford said. “The ISA Standards Committee created the prevailing ISA/IEC 62443 series of standards by leveraging use cases from more than 20 different verticals. Our goal now is to build on that great work by expanding awareness, adoption, and application of the standard. I am excited to work with the diversity of ISAGCA membership to develop the programs and create the resources we need to meet our objectives. I am also excited to see community-identified needs and focused initiatives, like ICS4ICS, come to life through ISAGCA and its relationships with other non-profits and governments from around the world. Together, we will drive a standards-based, end-to-end approach—encompassing people, processes, and technology—to help safeguard global industry from sophisticated cyberattacks.”

The Advisory Board Vice Chairperson, Sharul Rashid, is Custodian Engineer and Group Technical Authority of Instrumentation and Control at PETRONAS, Malaysia's fully integrated oil and gas company. Sharul has more than 30 years of experience managing and leading teams and strategies covering a diverse range of instrumentation and control issues in refineries, gas liquefaction, petrochemicals, and gas pipeline transmission. PETRONAS, the world’s fourth-largest exporter of LNG, will intensify efforts towards reducing direct emissions from operations and the electricity used by the company and recently pledged to become a net zero emitter of greenhouse gases by 2050.

“I am honored to work with my colleagues around the world to advance critical cybersecurity initiatives,” commented Rashid. “Together, we will work to increase awareness and expertise, developing best practice tools to help companies successfully navigate the lifecycle of cybersecurity protection.”

ISA is the developer of the ANSI/ISA 62443 series of automation and control systems cybersecurity standards, which have been adopted by the International Electrotechnical Commission as IEC 62443 and endorsed by the United Nations. The standards define requirements and procedures for implementing electronically secure automation and industrial control systems and security practices and assessing electronic security performance. The standards approach the cybersecurity challenge in a holistic way, bridging the gap between operations and information technology.

For more information about ISAGCA, visit www.isa.org/isagca.

12 November 2020
ISA Global Cybersecurity Alliance Welcomes Eight New Founding Members

RESEARCH TRIANGLE PARK, N.C. (12 November 2020)—The ISA Global Cybersecurity Alliance (ISAGCA, www.isa.org/isagca) announced today the inclusion of eight new founding members: Eaton, KPMG, Deloitte, Idaho State University, PETRONAS, Surge Engineering, TDi Technologies, and UL.

The International Society of Automation (www.isa.org) created the ISA Global Cybersecurity Alliance to advance cybersecurity readiness and awareness in manufacturing and critical infrastructure facilities and processes. The ISAGCA brings end-user companies, automation and control systems providers, IT infrastructure providers, services providers, system integrators, and other cybersecurity stakeholder organizations together to proactively address growing threats.

“The operational technologies and control systems that automate critical infrastructure are experiencing a rapid increase in malicious cybersecurity attacks that include data breaches and ransomware. The impact is serious, affecting life, safety, environmental protection, and economic viability across sectors,” said ISAGCA Managing Director Andre Ristaino. “ISAGCA is driving alignment and clarity across public and private sectorsand our diverse group of member companies are working together to advocate for adoption of the ISA/IEC 62443 series of control system cybersecurity standards.”

ISAGCA is made up of 40 member companies, representing more than $240 billion in aggregate revenue across more than 2,400 combined worldwide locations. Automation and cybersecurity provider members serve 31 different industries, underscoring the broad applicability of the ISA/IEC 62443 series of standards.

The newest members to join ISAGCA include:

  • Eaton (www.eaton.com): Eaton is a power management company made up of over 92,000 employees that provides sustainable solutions to help customers in 175 countries manage electrical, hydraulic, and mechanical power more safely, efficiently, and reliably.
  • KPMG (www.kpmg.com): One of the world’s Big Four accounting and consulting firms, KPMG operates in 147 countries, serving the needs of business, governments, public-sector agencies, and not-for-profits. KPMG helps clients understand the balance between protection and accessibility, creating strong cybersecurity strategies, and mitigating/preventing disruptions from cybersecurity incidents.
  • Deloitte (www.deloitte.com): One of the world’s largest accounting and consulting firms, Deloitte’s cybersecurity focus includes advising, implementing, and managing solutions across five areas: strategy, defense, and response; data; application security; infrastructure; and identity.
  • Idaho State University (www.isu.edu): Idaho State University is a public research-based institution that advances scholarly and creative endeavors through academic instruction, and the creation of new knowledge, research, and artistic works. Idaho State University provides leadership in the health professions, biomedical, pharmaceutical sciences, environmental science, and energy programs.
  • PETRONAS (www.petronas.com): Petroliam Nasional Berhad (PETRONAS) is a global energy and solutions company, ranked amongst the largest corporations on Fortune Global 500®. Wholly owned by the Government of Malaysia, the corporation is vested with the entire oil and gas resources in Malaysia and is entrusted with the responsibility of developing and adding value to these resources. PETRONAS seeks opportunities in energy investments both in hydrocarbon and renewables across the globe, and their portfolio includes conventional and unconventional resources as well as a diverse range of fuel, lubricant, and petrochemical products.
  • SURGE Engineering (surge.engineering): SURGE Engineering is an engineering firm leading complex automation projects all over the world, especially in Spanish and Portuguese speaking countries. SURGE works with clients to drive solutions for process controls, safety instrumented systems, industrial and SCADA cybersecurity, and instrumentation challenges.
  • TDi Technologies (www.tditechnologies.com): TDi is the provider of the ConsoleWorks solution, offering a secure, single method to streamline access and control to any device. The ConsoleWorks platform for human resolution creates a persistent security perimeter which is always monitoring, auditing, and logging activity down to the keystroke to support regulatory, cybersecurity best practices and IT/OT operations.
  • UL (www.ul.com): UL is a global safety science leader, focused on pushing the frontier of cybersecurity with over two decades of experience in developing cybersecurity frameworks, securing connected devices from chip to cloud, and helping customers throughout the full cybersecurity journeyfrom developing and implementing cybersecurity strategies, through validation and all the way to certification. UL’s portfolio of OT and IoT security solutions and in-depth capabilities help customers address securing product lifecycles, cybersecurity in smart ecosystems, and supply chain risk management.

In July 2019, the ISAGCA was launched by its initial founding membersClaroty, Honeywell, Johnson Controls, Nozomi Networks, Rockwell Automation, and Schneider Electric. Within the first year, the organization expanded to include: 1898 & Co.; ACET Solutions; aeSolutions; Bayshore Networks; Beijing Winicssec Technologies Co. Ltd.; CyberOwl; Digital Immunity; Dragos; exida; the ISA Security Compliance Institute; the ISA99 Standards Committee; Idaho National Laboratory; LOGIIC (Linking the Oil and Gas Industry to Improve Cybersecurity); Mission Secure, Inc.; Mocana; Munio Security; Nova Systems; PAS Global; Radiflow; Senhasegura; Tenable; TiSafe; Tripwire; Wallix Group; WisePlant; and Xage Security.

27 October 2020
New Cybersecurity Guide: ISAGCA Introduces an Overview of Security Lifecycles in the ISA/IEC 62443 Series of Standards

RESEARCH TRIANGLE PARK, N.C. (27 October 2020)—The International Society of Automation (ISA) and the ISA Global Cybersecurity Alliance (ISAGCA) have released a new guide to the security lifecycles outlined in the ISA/IEC 62443 series of standards and technical reports. ISA/IEC 62443 constitutes the world’s only consensus-based series of automation cybersecurity standards.

“Security Lifecycles in the ISA/IEC 62443 Series: Security of Industrial Automation and Control Systems,” now available for download at isa.org/securitylifecycles, provides a high-level view of the product security lifecycle and the automation solution security lifecycle. The guide defines principal roles and responsibilities in industrial automation and control systems (IACS), and it explores how to apply specific standards documents to each phase within the security lifecycles.

This new guide answers some of the most common questions about security lifecycles in the ISA/IEC 62443 Standards, including:

  • How can various roles share the responsibility of IACS cybersecurity?
  • What are the differences between the product security lifecycle and the automation solution security lifecycle?
  • Who should be accountable for cyber risk?
  • How does an organization maintain effective, resilient IACS cybersecurity?

The ISA Global Cybersecurity Alliance’s Training and Education work group coordinated the development of the guide, which was authored by Johan Nye and reviewed by the ISA99 committee. Nye is an independent consultant specializing in industrial control systems (ICS) and cybersecurity. During his career spanning more than 38 years, Nye has designed ICS system architectures, created company standards and policies, implemented major ICS projects, supported ICS site engineers, and contributed to the design of several ICS products.

“Automation cybersecurity standards are crucial in this increasingly connected world,” says Mary Ramsey, ISA executive director. “The ISA/IEC 62443 series of standards leads the way as the world’s only consensus-based standards that focus on automation cybersecurity. One goal of the ISA Global Cybersecurity Alliance is to raise awareness of these standards and encourage their adoption across a wide range of industries. We are grateful to the ISAGCA Training and Education work group, the ISA99 committee, and Johan Nye for creating a guide to exploring security lifecycles in the ISA/IEC 62443 series in a user-friendly format.”

“Security Lifecycles in the ISA/IEC 62443 Series: Security of Industrial Automation and Control Systems” can be accessed by filling out a form at isa.org/securitylifecycles.

15 September 2020
New ISA/IEC Standard Provides Auditable Approach to Assessing Cybersecurity Risk

RESEARCH TRIANGLE PARK, N.C. (15 September 2020)—The widely used ISA/IEC 62443 Industrial Automation and Control Systems (IACS) Security standards, developed primarily by the ISA99 standards development committee with simultaneous review and adoption by the International Electrotechnical Commission (IEC), provide a flexible framework to address and mitigate current and future IACS security vulnerabilities. The ISA99 committee draws on the input and knowledge of IACS security experts from across the globe to develop consensus standards that are applicable to all industry sectors and critical infrastructure.

A vital new standard in the series is based on the understanding that each organization that owns and operates an IACS has its own tolerance for risk—and that each IACS represents a unique risk depending on the threats it is exposed to, the likelihood of those threats arising, the inherent vulnerabilities in the system, and the consequences if the system were to be compromised. The new standard, ISA/IEC 62443-3-2: Security Risk Assessment for System Design, defines a comprehensive set of engineering measures to guide organizations through the essential process of assessing the risk of a particular IACS and identifying and applying security countermeasures to reduce that risk to tolerable levels.  

The new standard can be effectively applied across all industry and critical infrastructure sectors that depend on secure IACS operations. Moreover, it provides much-needed guidance to all key stakeholder categories, including asset owners, system integrators, product suppliers, service providers, and compliance authorities.

“Currently, there is wide degree of variability in how industry defines and conducts IACS risk assessments,” says John Cusimano of aeSolutions, who led the ISA99 subgroup that wrote the standard. “ISA/IEC 62443-3-2 establishes fundamental requirements for an IACS risk assessment without being overly prescriptive. The result is a standard that will bring uniformity across industry while still allowing IACS owners and operators to apply any methodology that is compliant with the standard.”  

The new standard is the latest in a string of notable milestones in the ongoing development and growing global application of the ISA/IEC 62443 series. This included a decision by the United Nations Economic Commission for Europe to integrate the widely used standards into its Common Regulatory Framework on Cybersecurity, which serves as an official UN policy position statement for Europe. It also included completion of several key additional standards, including:

  • ISA/IEC 62443-4-1, Product Security Development Life-Cycle Requirements, which specifies process requirements for the secure development of products used in an IACS and defines a secure development lifecycle for developing and maintaining secure products.
  • ISA/IEC 62443-4-2, Technical Security Requirements for IACS Components, which provides the cybersecurity technical requirements for components that make up an IACS, specifically the embedded devices, network components, host components and software applications.

Other standards in the ISA/IEC 62443 series cover terminology, concepts, and models; establishing an IACS security program; patch management; and system security requirements and security levels. All may be accessed at www.isa.org/findstandards.

For more information on ISA99 and the ISA/IEC 62443 series of standards, contact Eliana Brazda, ISA Standards, at ebrazda@isa.org or +1-919-990-9200.

18 March 2020
New Guide to Cybersecurity Standards: ISAGCA Introduces an Overview of the ISA/IEC 62443 Series

Research Triangle Park, North Carolina USA (18 March 2020)—The International Society of Automation (ISA) and the ISA Global Cybersecurity Alliance have released a new guide to the world’s only consensus-based automation cybersecurity standards.

“Quick Start Guide: An Overview of the ISA/IEC 62443 Series of Standards,” now available for download at isa.org/cyberguide, provides a high-level view of the objectives and benefits of these standards—as  well as easy-to-use explainers on how to navigate them. The guide explores how and why IT and OT/ICS need unique types of protection against cyber threats and offers the latest recommendations on patch management.

This new guide answers some of the most common questions about the ISA/IEC 62443 Standards, including:

  • Why is this series of standards important? What are the benefits of using the standards?
  • How are IT and ICS systems different?
  • Which documents are part of the series and how can I use them to find what I need?
  • Where can I find the current best practices around patch management?

The ISA Global Cybersecurity Alliance’s Advocacy and Adoption work group coordinated the development of the guide, which was authored by Johan Nye and reviewed by the ISA99 committee. Nye is an independent consultant specializing in industrial control systems and cybersecurity. During his career spanning more than 38 years, Nye has designed ICS system architectures, created company standards and policies, implemented major ICS projects, supported ICS site engineers, and contributed to the design of several ICS products.

“Automation cybersecurity standards are crucial in this increasingly connected world,” says Mary Ramsey, ISA executive director. “The ISA/IEC 62443 Series of Standards leads the way as the world’s only consensus-based standards that focus on automation cybersecurity. One goal of the ISA Global Cybersecurity Alliance is to raise awareness of these standards and encourage their adoption across a wide range of industries. We are grateful to the ISAGCA Advocacy and Adoption work group, the ISA99 committee, and Johan Nye for distilling these standards into a user-friendly format that can be shared widely.”

“Quick Start Guide: An Overview of the ISA/IEC 62443 Series of Standards” can be accessed by filling out a form at isa.org/cyberguide.

14 January 2020
ISA Global Cybersecurity Alliance Kicks Off 2020 with Priority Projects and Expanded Membership

ISA Global Cybersecurity Alliance continues its mission to advance the state of cybersecurity with new priority projects and an expanded membership of diverse thought leaders from around the world.  

RESEARCH TRIANGLE PARK, N.C. (PRWEB) January 14, 2020The ISA Global Cybersecurity Alliance begins the new year with several priority projects underway and an expanded group of companies and organizations as members.  

ISAGCA is organized into four general focus areas for cybersecurity including: Awareness & Outreach; Compliance & Prevention; Education & Training; and Advocacy & Adoption. These focus areas or working groups are comprised of subject matter experts from member companies, ISA staff, and outside experts who are collectively working on the following projects in 2020:

  • An easy-to-follow, condensed guide to implementing the ISA/IEC 62443 series of standards
  • A consolidated matrix that cross-references all cybersecurity-related standards to ISA/IEC 62443 principles
  • A roadmap for expanded cooperation with worldwide governments that are currently referencing the standards in their regulatory requirements or recommended practices 
  • A multi-dimensional reference guide mapping system lifecycle phases and stakeholder roles to specific automation cybersecurity knowledge, skills, and abilities needed to manage each phase
  • Publishing industry vertical overlays to the ISA/IEC 62443 standards for building automation, medical devices, and other sectors
  • A database of speakers with expertise and experience in automation cybersecurity and associated commitments for speaking opportunities at industry events 


In addition to identifying and starting work on these priority projects, the ISA Global Cybersecurity Alliance has more than tripled its founding members with the addition of 23 new companies and organizations to its membership. At the end of July, ISAGCA announced Schneider Electric, Rockwell Automation, Honeywell, Johnson Controls, Claroty, and Nozomi Networks as its initial founding members. Subsequently, as of the end of 2019, the following additional companies joined the ISAGCA as founding members:

  • aeSolutions
  • Bayshore Networks
  • Beijing Winicssec Technologies Co. Ltd. 
  • Digital Immunity 
  • Dragos 
  • exida 
  • ISA Security Compliance Institute 
  • ISA99 Committee 
  • Idaho National Laboratory 
  • LOGIIC (Linking the Oil and Gas Industry to Improve Cybersecurity) 
  • Mission Secure, Inc. 
  • Mocana Corporation 
  • Munio Security 
  • PAS Global 
  • Radiflow 
  • Senhasegura (supporting member) 
  • Tenable 
  • TiSafe 
  • Tripwire 
  • WisePlant 
  • Wallix Group 
  • Xage Security

End users, asset owners, government agencies and other cybersecurity-focused organizations are welcomed to join the ISA Global Cybersecurity Alliance. The current membership roster includes:

  • Idaho National Laboratory, the United States’ leading center for nuclear energy research and development 
  • the ISA Security Compliance Institute, which has been certifying automation products under the ISASecure® brand since 2010 via a global network of accredited certification bodies 
  • LOGIIC, an ongoing collaboration of oil and natural gas companies and the U.S. Department of Homeland Security that undertakes collaborative research and development projects to investigate and improve upon the level of cybersecurity in critical systems of interest to the oil and natural gas sector; 
  • and the ISA99 Committee, responsible for the expansion and advocacy of the ISA/IEC 62443 series of standards.

“Unifying and intensifying the work of experts around the world, regardless of affiliation, is a key part of ISAGCA’s mission. We believe that automation providers, cybersecurity vendors, asset owners, government agencies, research groups, and others involved in cybersecurity efforts are stronger together, collaborating to deliver solutions that meet the needs of industry today and tomorrow,” said ISA Executive Director Mary Ramsey. “We are proud to bring together a diverse group of thought leaders to advance the state of cybersecurity.”  

Notable members of the ISA Security Compliance Institute include Chevron, ExxonMobil, Honeywell, Schneider Electric, Yokogawa, exida, Control System Security Center, YPF, Japan Information Technology Promotion Agency, Royal Dutch Shell plc, TUV Rheinland, DNV GL, and TUV SUD. Current members of LOGIIC include BP, Chevron, ExxonMobil, Shell, Total, ConocoPhillips, and other large oil and gas companies that operate significant global energy infrastructure.  

To learn more about the ISA Global Cybersecurity Alliance, visit http://www.isa.org/isagca. For media inquiries or requests for interviews, contact ISA Marketing & Communications Director Jennifer Halsey at jhalsey@isa.org.

Contact Information Jennifer Halsey International Society of Automation (ISA) http://www.isa.org/isagca (919) 549-8411  

Online Web 2.0 Version You can read the online version of this press release here. 

25 July 2019 ISA Announces First Founding Members of Global Cybersecurity Alliance

Research Triangle Park, North Carolina USA (25 July 2019)—The International Society of Automation (ISA) announced today the first Founding Members of its new Global Cybersecurity Alliance (GCA): Schneider Electric, Rockwell Automation, Honeywell, Johnson Controls, Claroty, and Nozomi Networks.  

ISA created the Global Cybersecurity Alliance to advance cybersecurity readiness and awareness in manufacturing and critical infrastructure facilities and processes. The Alliance brings end-user companies, automation and control systems providers, IT infrastructure providers, services providers, and system integrators and other cybersecurity stakeholder organizations together to proactively address growing threats.  

ISA is the developer of the ANSI/ISA 62443 series of automation and control systems cybersecurity standards, which have been adopted by the International Electrotechnical Commission as IEC 62443 and endorsed by the United Nations. The standards define requirements and procedures for implementing electronically secure automation and industrial control systems and security practices and assessing electronic security performance. The standards approach the cybersecurity challenge in a holistic way, bridging the gap between operations and information technology.  

Leveraging the ISA/IEC 62443 standards, the Global Cybersecurity Alliance will work to increase awareness and expertise, openly share knowledge and information, and develop best practice tools to help companies navigate the entire lifecycle of cybersecurity protection. The Alliance will work closely with government agencies, regulatory bodies, and stakeholder organizations around the world.  

"Accelerating and expanding globally relevant standards, certification, and education programs will increase workforce competence, and help end users identify gaps, reduce risks, and ensure they have the tools and systems they need to protect their facilities and installations," said Mary Ramsey, ISA Executive Director. "Through the proliferation of standards and compliance programs, we will strengthen our global cyber culture and transform the way industry identifies and manages cybersecurity threats and vulnerabilities to their operations."  

The first Founding Members of the Alliance are leading multi-national, industrial-technology providers with deep expertise in technology and applications, and they'll apply their experience and knowledge to accomplish the Alliance's priorities.  

"Participating in the Alliance truly shows the commitment our founding members have to the safety and security of the industrial ecosystem, as well as the criticality of collectively moving forward together to ensure the standards, best practices and methods are applied," Ramsey said.  

"ISA engaged with discussions, initiated by Schneider Electric, to create an ISA-led global, open and industry-wide alliance comprised of all cybersecurity stakeholder companies. ISA quickly expanded those conversations to include Rockwell Automation, Honeywell, Johnson Controls, Claroty, and Nozomi Networks. These first Founding Members have since worked together to help us define the Alliance's objectives. We are thankful for their collaboration and commitment. Together we welcome companies and organizations from all segments of industry to join our efforts."  

The Alliance is seeking additional members to support its initiatives. End-user companies, asset owners, automation and control systems providers, IT infrastructure providers, services providers, and system integrators and other cybersecurity stakeholder organizations are invited to join. Annual contributions to fund initiatives are based on company revenues and are tax-deductible. For more information about the Alliance, visit https://isaautomation.isa.org/cybersecurity-alliance/. Companies interested in joining the Alliance should contact Rick Zabel at rzabel@isa.org. Media and analyst inquiries should be directed to Jennifer Halsey at jhalsey@isa.org.  

Perspectives: Quotes from the ISA Global Cybersecurity Alliance Founding Members "Over the last few years, global industry has recognized that taking on increasingly dangerous cyber risks can't be limited to a single company, segment, or region. However, until now, there has been limited ability to respond as a unified whole to these worldwide threats. But by establishing an open, collaborative, and transparent body, with a focus on strengthening people, processes, and technology, we can drive true cultural change. We are pleased that ISA has stepped forward, and we look forward to working openly and collaboratively with them, our fellow Founding Members, and many others affiliated with global industry, especially end users. Together we will bring to bear the standards-based technology, expertise, and special skills required to better secure and protect the world's most critical operations and the people and communities we serve." --- Klaus Jaeckle, Chief Product Security Officer, Schneider Electric "Cybersecurity is critical to digital transformation. It's critical not only for the protection of information and intellectual property, but also for the protection of physical assets, the environment, and worker safety. We make it a priority to collaborate with partners and research institutions to develop secure products. Rockwell Automation participated in the development of the 62443 standards from the beginning and continues to support ISA cybersecurity initiatives. Our engagement with the Global Cybersecurity Alliance will be another important step in our efforts to help customers identify and mitigate risks." --- Blake Moret, CEO, Rockwell Automation "At Honeywell, we see cybersecurity as a core part of the future we are making, and we see the Global Cybersecurity Alliance as an important way to work together to make that happen. Cybersecurity is critical to the connected world we live in and the cornerstone of trust that the world needs to be able to operate. Whether protecting critical infrastructure or managing a building's operations, users need to do this with the confidence that the employed systems are robust and secure. We are committed to and proud to work together with ISA and the GCA members to continue to drive the adoption of the ISA/IEC 62443 series of standards and identify further ways to secure and protect the connected world. Honeywell has a robust history with ISA and is also founding member of the ISA Security Compliance Institute." --- Matthew Bohne, Vice President and Chief of Product Security, Honeywell Building Technologies "Digital transformation in the building sector continues to accelerate, which heightens the urgency for cybersecurity across the industry and beyond. As a leader in the industrial automation controls business, Johnson Controls is already a strategic member of the ISASecure program and is consistently taking proactive actions to protect customers against cyber-threats and risks. Joining ISA Global Cybersecurity Alliance is a necessary and meaningful step as it supports our company values, customer adoption of the ISA/IEC 62443 standard and efforts to educate global government and regulatory bodies. We are proud to solidify our commitment to this important effort." --- Jason Christman, Vice President, Chief Product Security Officer, Global Products, Johnson Controls "One of the most effective ways to drive consistency in an industry is by putting standards in place, and we're looking forward to collaborating with all of these founding members, as well as future Alliance members, to help drive global best-practices forward in this historically standard-less environment. Claroty is committed to the mission of protecting all IoT and OT networks from cyber risks. Through our work with the Global Cybersecurity Alliance, we will be able to help shape the future of cybersecurity in these high-risk industries." --- Dave Weinstein, Chief Security Officer, Claroty "Nozomi Networks believes real community collaboration, actionable standards and effective education are key ensuring a secure future for industrial organizations around the world. That's why we are helping develop secure-by-design standards as a working member of ISA99 standards committees, why we've designed our industrial cyber security solutions for easy integration across the broadest possible set of industrial and IT technologies; and why we are thrilled to help establish the Global Cybersecurity Alliance. Together we will build a secure future for the industrial infrastructure that runs the world." --- Andrea Carcano, Nozomi Networks Co-founder and Chief Product Officer

10 July 2019 New ISA Global Cybersecurity Alliance Accelerates Education, Readiness, and Knowledge Sharing

Research Triangle Park, North Carolina USA (10 July 2019) - The International Society of Automation (ISA), developer of ANSI/ISA 62443 series of automation and control systems cybersecurity standards (adopted by the International Electrotechnical Commission and endorsed by the United Nations), has created an open, collaborative forum to advance cybersecurity awareness, readiness, and knowledge sharing.  

The ISA Global Cybersecurity Alliance will bring together a global group of stakeholders from end-user companies, control system vendors, IT and OT infrastructure providers, system integrators, and others affiliated with global industry to benefit everyone, especially the communities in which we operate and serve.  

Industrial sectors, including manufacturing, commercial buildings, and critical infrastructure facilities, need to explore new ways to better prevent, mitigate, and respond to catastrophic threats and attacks on their safety- and mission-critical assets, operations, and applications.  

"Several leading automation and other technology providers have engaged ISA to explore how they can work with us to proactively increase awareness and adoption of cybersecurity best practices, standards, and compliance in all relevant sectors," said ISA Executive Director Mary Ramsey. "As an independent non-profit organization dedicated to improving operational excellence, ISA is uniquely able to fulfill the need for open, collaborative discussions and knowledge sharing."  

Among its defined objectives, the Global Cybersecurity Alliance will work to proliferate adoption of and compliance with global standards. The acceleration and expansion of standards will help address technology-related gaps and set best practices for managing processes within an open architecture. The Alliance will also develop certification and education programs for industry professionals; drive advocacy and thought leadership; and facilitate new levels of knowledge sharing among its members. Member companies will identify and prioritize initiatives, ensuring that the Alliance's approach is multi-faceted.  

"The ICS cybersecurity threat landscape is becoming more complex, with more direct attacks on control system, IT, and OT infrastructure. Frequently backed by hostile nation-states, malevolent actors are becoming more sophisticated at targeting specific aspects of industrial control systems that have the potential to wreak havoc in the physical world, such as process safety systems," said Larry O'Brien, Vice President of Research for ARC Advisory Group. "Standards and frameworks are valuable, but end users also need the resources to take the guidance provided by standards and put it into practice in real-world plant and OT environments. ARC applauds this effort to increase the security of industrial facilities."  

ISA will announce initial members of the Global Cybersecurity Alliance in the coming weeks, as the organization is currently in advanced conversations with several multi-national companies. Annual contributions to fund Alliance initiatives are based on company revenues and are tax-deductible. For more information, visit https://isaautomation.isa.org/cybersecurity-alliance/. End users, companies, and industry organizations interested in joining the Alliance should contact Rick Zabel at rzabel@isa.org. Media and analyst inquiries should be directed to Jennifer Halsey at jhalsey@isa.org.  


Founding Members  

PAS
xage security
Wallix
Bayshore
Supporting Member - senhasegura
radiflow
exida
Munio Security
Digital Immunity
tripwire
INL - Idaho National Laboratory
TDI ConsoleWorks
Eaton
KPMG
Surge Engineering
Petronas
UL logo
Idaho State University logo
Johns Manville
Red Trident logo
Xylem logo
placeholder image
placeholder image

Join the Movement: Contact ISA to Learn More

Let’s talk about how your company or organization can join us—contact Rick Zabel at rzabel@isa.org or +1 919 990 9233. Press and media should contact ISA’s Director of Marketing and Communications, Jennifer Halsey, at jhalsey@isa.org or +1 919 990 9287.  

LEARN MORE!