Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Equipping Students and Educators with Industrial Cybersecurity Knowledge

Cybersecurity events such as Volt Typhoon and a wave of ransomware attacks have drawn unprecedented attention to the need for cybersecurity in industrial control system environments. At a fundamental level, the solution depends on developing qualified and prepared professionals capable of operating seamlessly in cybersecurity and engineering, IT and OT.

To establish a foundation for meeting this need, the ISA Global Cybersecurity Alliance (ISAGCA), together with Idaho State University, the Idaho National Laboratory and the U.S. Department of Energy Office of Cybersecurity, Energy Security and Emergency Response, has released the Curricular Guidance: Industrial Cybersecurity Knowledge document.

The document is the result of a years-long research effort to formally address the question: What knowledge does an industrial cybersecurity professional need to have that is not included in traditional cybersecurity programs of study?

In Spring 2022, the ISACGA administered a survey to professionals with interest or experience in industrial cybersecurity. The survey included up to 363 input items, and received inputs from 170 unique respondents.

The survey questions, responses, analysis and decisions are all available for public review, examination and additional analysis on the ISAGCA website. While this is an impressive level of transparency for a curricular guidance effort, the most exciting part is the guidance itself.

The 125-page document is an essential reference for students, instructors, administrators and industrial cybersecurity practitioners. It is organized around the analogy of a building with three components:

1) An environment
2) A foundation
3) A superstructure

Diagram depicting environment, superstructure and foundation

  • The Industrial Operations Environment describes the contexts (business, geopolitical, professional and industry) within which industrial control systems and industrial cybersecurity exist.
  • The Industrial Control Systems Foundation describes the elements (instrumentation & control, process equipment, industrial networking & communication and process safety & reliability) that compose an industrial control system.
  • The Industrial Cybersecurity Superstructure describes the elements (guidance & regulation, common weaknesses, events & incidents and defensive techniques) that most immediately and intuitively pertain to assuring an industrial control system.

Each component is organized into categories, topics and subtopics to reach a level of reasonable granularity—up to six levels deep. While some topic names are identical to those found in traditional cybersecurity contexts, the study describes the unique or special considerations of those topics for industrial and OT environments.

Curricular Guidance: Industrial Cybersecurity Knowledge is available on isagca.org. ISAGCA also hosted a webinar in April 2024 about the study for those seeking more detailed information. A recording of the webinar is available (registration required).

Sean McBride
Sean McBride
Dr. Sean McBride is director of the Informatics Research Institute at Idaho State University's College of Technology where he works to infuse engineering professionals with critical cybersecurity skills.

Previous to joining ISU, Sean pioneered the multidisciplinary field of threat and vulnerability intelligence for industrial environments. At the Idaho National Laboratory (INL) he instituted and led the vulnerability analysis and situational awareness reporting elements foundational to the DHS ICS-CERT. In 2009 he co-founded Critical Intelligence (acquired by iSIGHT Partners in 2015) to help organizations that own and operate electric generating stations, oil refineries and water treatment plants understand threats to the industrial processes they operate.

Related Posts

Practical Insights for Implementing Control System Security

Introduction In this blog post, we’ll share practical insights from operational experience in managing cy...
Pinakin Gokhale Nov 29, 2024 7:00:00 AM

Innovations in R&D: How AI Is Transforming Industrial Cybersecurity Operations

Industrial control systems are becoming more complex as evolved cyberattacks threaten industry functions....
Devin Partida Nov 15, 2024 7:00:00 AM

In Conversation with Authors of ISAGCA White Paper on Zero Trust and ISA/IEC 62443

The ISA Global Cybersecurity Alliance (ISAGCA) recently published a white paper exploring the application...
Kara Phelps Nov 8, 2024 12:00:00 PM