08152022Mon
Last updateSat, 23 Jul 2022 3am

ISA Introduces an Overview of the ISA/IEC 62443 Series: New Guide to Cybersecurity Standards

The International Society of Automation (ISA) and the ISA Global Cybersecurity Alliance have released a new guide to the world’s only consensus-based automation cybersecurity standards. “Quick Start Guide: An Overview of the ISA/IEC 62443 Series of Standards,” now available for download at isa.org/cyberguide, provides a high-level view of the objectives and benefits of these standards—as well as easy-to-use explainers on how to navigate them. The guide explores how and why IT and OT/ICS need unique types of protection against cyber threats and offers the latest recommendations on patch management. This new guide answers some of the most common questions about the ISA/IEC 62443 Standards, including:

Why is this series of standards important? What are the benefits of using the standards?
How are IT and ICS systems different?
Which documents are part of the series and how can I use them to find what I need?
Where can I find the current best practices around patch management?
The ISA Global Cybersecurity Alliance’s Advocacy and Adoption work group coordinated the development of the guide, which was authored by Johan Nye. Nye is an independent consultant specializing in industrial control systems and cybersecurity. During his career spanning more than 38 years, Nye has designed ICS system architectures, created company standards and policies, implemented major ICS projects, supported ICS site engineers, and contributed to the design of several ICS products.

“Automation cybersecurity standards are crucial in this increasingly connected world,” says Mary Ramsey, ISA executive director. “The ISA/IEC 62443 Series of Standards leads the way as the world’s only consensus-based standards that focus on automation cybersecurity. One goal of the ISA Global Cybersecurity Alliance is to raise awareness of these standards and encourage their adoption across a wide range of industries. We are grateful to the ISAGCA Advocacy and Adoption work group and Johan Nye for distilling these standards into a user-friendly format that can be shared widely.”


Amazon Web Service joins ISA Program in support of the global ISASecure

Recently, the ISA Security Compliance Institute (ISCI) has welcome the Amazon Web Services (AWS) as the latest ISCI member.
 
In the industrial sector, companies around the world are adopting AWS to take advantage of industrial internet of things (IIoT), artificial intelligence (AI), and machine learning (ML) capabilities needed to drive operational efficiencies in their smart factories and industrial operations. Continuous digitalization and progressive interconnectivity of the production environment is important for capturing value from IIoT solutions. AWS and AWS IoT services are key to providing safe and secure industrial digital transformation.
 
“Joining ISA Security Compliance Institute demonstrates AWS’s commitment to advancing cybersecurity standards and certification for the global community of manufacturers, government agencies, and all industrial customers,” stated Brad Behm, Senior Principal Technologist, AWS.
 
With the increasing proliferation of IIoT systems and cloud services for innovation and digital transformation, government agencies and industrial customers are faced with protecting an expanding attack surface. The ISA/IEC 62443 series of standards was written before IIoT technologies were common, but provides a strong basis for securing these environments.
 
“AWS is committed to collaborating with the ISA Global Cybersecurity Alliance (ISAGCA), ISCI, the ISA99 standards committee, and industry partners, to update the ISA/IEC 62443 series of standards and certifications to ensure that all parties properly address emerging IIoT security requirements; all while advocating for vendor-neutral, interoperable, international standards-based operational technolgoy (OT) and IIoT cybersecurity solutions,” stated Ryan Dsouza, Principal IIoT Security Solution Architect, AWS.
 
As a member of ISASecure, AWS joins thought leaders who are taking action to secure automation and control systems around the world, including support for product conformity assessment to ISA/IEC 62443 standards. The ISA/IEC 62443 series of standards are designed to provide a flexible set of requirements to address and mitigate current and future security threats in automation and control systems products, system implementations, and ongoing operations.

AWS’s membership provides leadership for establishing ISA/IEC 62443 standards and ISASecure as the basis for securing operational technology in automotive, CPG, energy, manufacturing, pharmaceutical, power & utilities, transportation, smart buildings and smart cities around the globe.

Read Original News Here
 

Exida Introduces ISA-18.2 / IEC 62682 Alarm Management Certificate Program

The global leader in functional safety, cybersecurity, and alarm management for the process industries, exida, has introduced their Alarm Management Practitioner (AMP) Program, a new certificate program that complements the company’s existing functional safety and ICS cybersecurity certificate programs.

The AMP Program is designed to teach end users, integrators, suppliers, and regulators how to realistically apply the most important concepts from the ISA-18.2 and IEC 62682 alarm management standards. The program was developed by exida experts who were instrumental in writing the ISA-18.2 standard and associated technical reports. It leverages exida’s experience from hundreds of alarm management projects to deliver the most important principles and the keys for success.

The AMP program will be offered in conjunction with the exida Academy Training course ALM 101: Introduction to Alarm Management Practices & Principles, which is offered generically or for specific control systems.

“exida’s AMP Program was developed to share what the ISA-18.2 and IEC 62682 really mean and how to apply them pragmatically,” said Todd Stauffer, exida Director of Alarm Management and voting member ISA-18.2. “Taking the course and completing the certificate demonstrates that the practitioner is prepared to support key alarm management activities, such as alarm philosophy development, alarm rationalization, and alarm issue remediation.”

A list of AMP certificate holders will be maintained on the exida website.

 

Development of Electric Energy Operational Technology Security Profile for IEC 62443 Standard

The U.S. Department of Energy (DOE), global equipment suppliers, and other stakeholders announced the establishment of the Electric Energy OT Security Profile working group hosted by the International Society of Automation ISA99 standards committee.

The Electric Energy OT Security Profile will be a cybersecurity work product utilizing the ISA/IEC 62443 series of standards. The final product will be a formal ISA/IEC 62443 application guide, recognized globally as the consensus work product for securing various control systems used in electric energy generation, transmission, and distribution operations.

The ISA/IEC 62443 standards are designated as a horizontal standard, applicable to many industry sectors and applications. Industry groups leverage the ISA/IEC 62443 standard series as the basis for securing industrial control systems (ICS). DOE’s Securing Energy Infrastructure Executive Task Force (SEI ETF) evaluated available industry standards and recommended the electric energy OT applications be formalized as ISA/IEC 62443-5 security profile applications—gaining international energy sector consensus on applying ISA/IEC 62443 to electric energy OT applications.

The ISA Electric Energy OT Security Profile working group is seeking participation from industry groups, including the Institute of Electrical and Electronics Engineers (IEEE), the International Electrotechnical Commission (IEC), the International Council on Large Electric Systems (CIGRE), and other industry stakeholders to ensure consideration of and alignment with other cybersecurity work product development efforts.

The initiative will leverage the DOE SEI ETF’s Reference Architecture and Profiles for Electric Energy OT as a foundation for the ISA/IEC 62443-5 application profile development. The SEI Reference Architecture and Profiles and associated whitepaper will be available on the DOE website in the upcoming weeks.

“The Securing Energy Infrastructure Executive Task Force developed an OT-specific reference architecture for electricity systems to provide a common language for control system environments that can be used to design and assess security applications,” Puesh Kumar, Director, DOE Office of Cybersecurity, Energy Security, and Emergency Response (CESER). “The ISA Working Group represents an opportunity to validate these profiles and put them into practice for the energy industry. CESER is excited to see energy sector stakeholders carrying forward the task force’s reference architecture work.”

The Electric Energy OT Security Profile will be publicly available at no charge for asset owners, manufacturers, standards organizations, and other industry stakeholders. The application profiles will be used as a basis for designing, implementing, testing, and maintaining electric energy OT systems and their cybersecurity capabilities. They will also be useful by third-party assessment organizations and regulatory authorities around the globe.

Eric Cosman, Co-Chair of the ISA99 Standards Committee, noted that, “Global standards and supporting specifications provide efficiencies for end users, product suppliers, and system integrators that design, deliver, and support products and systems all around the world. One specification and one globally recognized certification provides needed transparency and reduces the regulatory burden on manufacturers.”

Siemens gets TUV Certification in the development process Automation products

As the first company to receive TÜV SÜD certification based on IEC 62443-4-1 for the interdisciplinary process of developing Siemens automation and drive products, including industrial software, Siemens received the certification at seven development sites in Germany. Among other things, these sites are developing Simatic S7 industrial controllers, Simatic industrial PCs, Simatic HMI (Human Machine Systems Interface) devices for operator control and monitoring, and Sinamics drives as well as the TIA (Totally Integrated Automation) Portal engineering software. The international series of standards IEC 62443 defines the security measures for industrial automation systems, with Part 4-1 of the standard describing the requirements of the manufacturer's development process.
The TÜV SÜD certificate is based on the standard IEC 62443-4-1 (Secure Product Development Lifecycle Requirements, Draft 3 Edition 10, 01.2016). This standard includes security-relevant requirements such as capabilities and expertise, security of third-party components, process and quality assurance, secure architecture and design, and issue handling as well as security updates, patches and change management.

As a leading automation and software supplier for industry, Siemens is continuously improving its products and solutions with regard to industrial security. This also includes the certification based on IEC 62443-4-1. With this achievement, the company is documenting its "Security by Design" approach for automation products and is giving integrators and operators a transparent insight into the IT security measures. Integrators and operators use this for the conception and operation of automation processes and systems using Siemens technology and the "Defense in Depth" protection concept.

To ensure comprehensive protection of industrial plants from internal and external cyber attacks, all levels must be protected simultaneously – ranging from the plant management level to the field level and from access control to copy protection. This is why our approach to comprehensive protection offers defense throughout all levels – "defense in depth". This concept is according to the recommendations of ISA99 / IEC 62443 – the leading standard for security in industrial applications.