Industry
News
Regulation, Standards and Compliance

ISA Global Cybersecurity Alliance lists 2021 agenda, to focus on ISA/IEC 62443 standards

February 03, 2021
ISA/IEC 62443 standards

The ISA Global Cybersecurity Alliance (ISAGCA) seeks in the year ahead to advocate inclusion of the ISA/IEC 62443 series of cybersecurity standards in global policies that intend to improve critical infrastructure cybersecurity, and publish a fully detailed, auditable cross-referencing guide that maps the ISA/IEC 62443 standards to other cybersecurity standards across multiple industries.

The alliance plans to issue comparison analysis reports that identify the implications of selecting and applying the ISA/IEC 62443 series of standards and help minimize the effort it takes to comply with cybersecurity standards and policies, ISAGCA said in a press statement. It will also create an insurance underwriters’ work group that will determine how to leverage ISA/IEC 62443 standards to create and adjust cybersecurity-related insurance policies.

The ISAGCA was created by the International Society of Automation (ISA) to advance cybersecurity readiness and awareness in manufacturing and critical infrastructure facilities and processes. It brings together end-user companies, control system vendors, IT and operational technology (OT) infrastructure providers, system integrators and other cybersecurity stakeholder organizations to proactively address growing threats.

The objectives of the ISAGCA include the acceleration and expansion of standards, certification, education programs, advocacy efforts, and thought leadership. Member companies will identify and prioritize initiatives, work to proliferate adoption of, and compliance with, global standards, and contribute to workforce education and certification programs.

Made up of 40 member companies, the ISAGCA will publish a two-part report that analyzes the use of ISA/IEC 62443 standards to secure IIoT reference architectures. It will also formalize recommended best practices to improve cyber incident response plans, in collaboration with the ICS4ICS public-private partnership tasked with creating an incident command system for industrial control systems.

The group also plans to make available a slate of new educational training, including an operations technology-focused course on basic cybersecurity hygiene for technicians and operators and microlearning modules about cybersecurity principles and the basics of the ISA/IEC 62443 standards.

“Given how important the ISA/IEC 62443 standard has become to limiting, mitigating, and even eliminating these threats, the projects and programs we have launched within the ISA Global Cybersecurity Alliance this year will deliver clarity, alignment, and education and further our collective ability to improve control and automation systems cybersecurity,” said Megan Samford, ISAGCA advisory board chair. She is also vice president and chief product security officer for Schneider Electric’s energy management business.

The ANSI/ISA 62443 series of automation and control systems cybersecurity standards, which were developed primarily by ISA, have been adopted by the International Electrotechnical Commission as IEC 62443 and endorsed by the United Nations. The standards define requirements and procedures for implementing electronically secure automation and industrial control systems and security practices and assessing electronic security performance. The standards approach the cybersecurity challenge holistically, bridging the gap between operations and information technology.

“Consistent, global adoption of the ISA/IEC 62443 series of standards will help vendors, third parties, end users—indeed the entire digital supply chain—effectively and proactively manage risks to their people, assets, and operations,” said Sharul Rashid, ISAGCA advisory board vice chair. He is also custodian engineer and group technical authority of instrumentation and control at PETRONAS.

Last March, the ISA and the ISAGCA released a consensus-based automation cybersecurity standards guide, which provides a high-level view of the objectives and benefits of these standards, in addition to the easy-to-use explainers on how to navigate them. The guide explores how and why IT and OT/ICS need unique types of protection against cyber threats and offers the latest recommendations on patch management.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
Waterfall’s WF-600 unidirectional security gateway brings 'unbreachable protection' to OT/ICS networks
Waterfall, 2TS enter into cybersecurity alliance for African market