Building a Resilient World:

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Excerpt: A Community for Workforce Development in Industrial Cyber

The following is an excerpt of the National Initiative for Cybersecurity Education (NICE) Winter 2021-22 Government Spotlight e-newsletter article entitled, "Creating a Community of Practice for Workforce Development in Industrial Cybersecurity," written by Ralph Ley, Department Manager for Workforce Development and Training at Idaho National Laboratory (INL).

The article touches on the Industrial Control Systems (ICS) Community of Practice (COP), where several outstanding collaborations have emerged:

  • One is the input the ICS COP group has been able to provide the National Institute of Standards and Technology (NIST) as it continues to develop industrial cybersecurity content for the NICE Workforce Framework for Cybersecurity.
  • Another critical collaboration is that of the International Society for Automation (ISA). ISA is a non-profit professional association of engineers, technicians, and management engaged in industrial automation that creates standards, including cybersecurity standards for industrial control systems. ISA provides a crucial link to automation technology firms and industry practitioners. ISA is an American National Standards Institute (ANSI)-Accredited Standards Developer (ASD).
  • A third collaboration to occur as a result of community meetings is a partnership among Siemens Energy; Idaho State University (ISU); Maryland Innovation & Security Institute (MISI) Academy; SysAdmin, Audit, Network and Security (SANS) Institute; REDI; ICS Village; and Capitol Technology University to create a registered apprenticeship for industrial cybersecurity.

The excerpt starts below:

A recent report by Purdue University found there is only one degree program in the United States dedicated to producing industrial cybersecurity professionals -- those would be the individuals tasked to securely design, build, operate, and maintain the critical cyber-physical infrastructures that provide reliable electricity, clean drinking water, and affordable manufactured goods ranging from toilet paper to Tesla. Eleven years after Stuxnet, a computer worm, it appears that almost no one has had the vision to push beyond a single university or college course dedicated to the topic. If cybersecurity is among the top national security concerns faced by the nation, industrial cybersecurity must be the single most critical overlooked educational topic.

When Dr. Sean McBride of Idaho State University and Dr. Shane Stailey of Idaho National Laboratory got together for a brainstorming session in August 2020, they wondered, “What can we do to get the ball rolling on this important issue?” Their idea: to create a Community of Interest – no, a Community of Practice (COP) – that would bring together interested parties from government, academia, and industry to act on the challenge.

“When I think about preparing a workforce to defend our critical industrial control environments from cyber incidents like Colonial Pipeline, it strikes me that there are two grave misconceptions out there: 1) that if we can just teach cybersecurity students and professionals what Programmable Logic Controllers are, that will solve the problem; and 2) that if we can just get instrumentation technicians to think about confidentiality, integrity, and availability, we will secure these critical systems. Those are gross oversimplifications of a challenge that it is past time to seriously address. In a nutshell, that’s why we created the Community of Practice,” said Sean McBride, who has run Idaho State University’s Industrial Cybersecurity degree program since 2017.

To continue reading, click here.

Steven Aliano
Steven Aliano
Steven Aliano is the Content Marketing Specialist for ISA & ISAGCA.

Related Posts

Industrial Control Systems Certification

An increasing number of intentional attacks are being detected that target industrial control systems (IC...
Nikhil Kapoor Jun 7, 2024 7:00:00 AM

Most Cybersecurity Teams Are Unprepared for AI Cyberattacks

Cybersecurity teams aren’t the only ones using artificial intelligence to their advantage — cybercriminal...
Zac Amos May 31, 2024 4:02:28 PM

Protecting Vital OT Infrastructure: Key Strategies for OT Penetration Testing

Operational technology (OT) cybersecurity faces significant challenges in maturing its operations and pro...
Mohannad AlRasan May 24, 2024 4:44:16 PM