Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

Read More

Equipping Students and Educators with Industrial Cybersecurity Knowledge

Read More

Categories Arrow

All Posts

Equipping Students and Educators with Industrial Cybersecurity Knowledge

Cybersecurity events such as Volt Typhoon and a wave of ransomware attacks have drawn unprecedented attention to the need for cybersecurity in industrial control system environments. At a fundamental level, the solution depends on developing qualified and prepared professionals capable of operating seamlessly in cybersecurity and engineering, IT and OT.

To establish a foundation for meeting this need, the ISA Global Cybersecurity Alliance (ISAGCA), together with Idaho State University, the Idaho National Laboratory and the U.S. Department of Energy Office of Cybersecurity, Energy Security and Emergency Response, has released the Curricular Guidance: Industrial Cybersecurity Knowledge document.

The document is the result of a years-long research effort to formally address the question: What knowledge does an industrial cybersecurity professional need to have that is not included in traditional cybersecurity programs of study?

In Spring 2022, the ISACGA administered a survey to professionals with interest or experience in industrial cybersecurity. The survey included up to 363 input items, and received inputs from 170 unique respondents.

The survey questions, responses, analysis and decisions are all available for public review, examination and additional analysis on the ISAGCA website. While this is an impressive level of transparency for a curricular guidance effort, the most exciting part is the guidance itself.

The 125-page document is an essential reference for students, instructors, administrators and industrial cybersecurity practitioners. It is organized around the analogy of a building with three components:

1) An environment
2) A foundation
3) A superstructure

Diagram depicting environment, superstructure and foundation

  • The Industrial Operations Environment describes the contexts (business, geopolitical, professional and industry) within which industrial control systems and industrial cybersecurity exist.
  • The Industrial Control Systems Foundation describes the elements (instrumentation & control, process equipment, industrial networking & communication and process safety & reliability) that compose an industrial control system.
  • The Industrial Cybersecurity Superstructure describes the elements (guidance & regulation, common weaknesses, events & incidents and defensive techniques) that most immediately and intuitively pertain to assuring an industrial control system.

Each component is organized into categories, topics and subtopics to reach a level of reasonable granularity—up to six levels deep. While some topic names are identical to those found in traditional cybersecurity contexts, the study describes the unique or special considerations of those topics for industrial and OT environments.

Curricular Guidance: Industrial Cybersecurity Knowledge is available on isagca.org. ISAGCA also hosted a webinar in April 2024 about the study for those seeking more detailed information. A recording of the webinar is available (registration required).
Sean McBride
Sean McBride
Dr. Sean McBride is director of the Informatics Research Institute at Idaho State University's College of Technology where he works to infuse engineering professionals with critical cybersecurity skills.

Previous to joining ISU, Sean pioneered the multidisciplinary field of threat and vulnerability intelligence for industrial environments. At the Idaho National Laboratory (INL) he instituted and led the vulnerability analysis and situational awareness reporting elements foundational to the DHS ICS-CERT. In 2009 he co-founded Critical Intelligence (acquired by iSIGHT Partners in 2015) to help organizations that own and operate electric generating stations, oil refineries and water treatment plants understand threats to the industrial processes they operate.

    Recent Posts

    Get 300 USD off ISA Training During Cybersecurity Awareness Month

    Related Posts

    Sharing Insights on ISA/IEC 62443

    The goal of the ISA Global Cybersecurity Alliance (ISAGCA) is to advance cybersecurity awareness, educati...
    Kara Phelps Oct 18, 2024 10:00:00 AM

    Implementing AI Anomaly Detection in Industrial Cybersecurity

    Cybersecurity is becoming more critical than ever in industrial settings as the rise of connected devices...
    Zac Amos Oct 11, 2024 7:00:00 AM

    The Encryption Enigma: Securing Automated Processes

    With the convergence of informational technology (IT) and operational technology (OT), "smart" automation...
    Nahla Davies Oct 4, 2024 7:00:00 AM

    The International Society of Automation (ISA) is a non-profit professional association founded in 1945 to create a better world through automation. ISA advances technical competence by connecting the automation community to achieve operational excellence and is the trusted provider of standards-based foundational technical resources, driving the advancement of individual careers and the overall profession. ISA develops widely used global standards; certifies professionals; provides education and training; publishes books and technical articles; hosts conferences and exhibits; and provides networking and career development programs for its members and customers around the world.


    The material and information contained on this website is for general information purposes only. ISA blog posts may be authored by ISA staff and guest authors from the automation community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

    We're on social media. Keep in touch!

    © 2024 International Society of Automation. All rights reserved.