Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

IEC Designates ISA/IEC 62443 as a Horizontal Standard

The International Society of Automation (ISA) and the ISA Global Cybersecurity Alliance (ISAGCA) are proud to announce that the International Electrotechnical Commission (IEC) has officially designated the IEC/ISA 62443 series of standards as “horizontal,” meaning that they are proven to be applicable to a wide range of different industries.

According to the IEC decision, “The IEC Technical Committee 65 (TC 65) publishes IEC 62443 for operational technology found in industrial and critical infrastructure, including but not restricted to power utilities, water management systems, healthcare, and transport systems. These horizontal standards, also known as base standards, are technology independent. They can be applied across many technical areas.”

“The ISA99 committee of the International Society of Automation (ISA) and IEC Technical Committee 65 Working Group 10 have been collaborating on the development of the ISA/IEC 62443 cybersecurity standards for industrial automation and control systems (IACS) cybersecurity for many years. While broad applicability has always been the intent, there has been a common perception that they were most appropriate for process industries such as chemicals and refining,” explained ISA99 Co-Chair Eric Cosman. “Despite that perception, there have been several examples of successful applications in other sectors, such as transportation, building automation, metals and mining, and discrete manufacturing. It’s ultimately best for users if they can rely on one set of sector-agnostic standards, and we are very happy to receive the IEC decision to designate the ISA/IEC 62443 series as horizontal standards.”

The ISA/IEC 62443 series of standards is the world’s only consensus-based cybersecurity standard for automation and control system applications. These standards codify hundreds of years of operational technology and IoT cybersecurity subject matter expertise. Using the ISA/IEC 62443 series of standards as a foundation, companies can focus on adopting security as part of the operations lifecycle, ensuring compliance with various aspects of the standards across their supply chains, and including cybersecurity in operational risk-management profiles.

“While this news might seem like a procedural detail, it will have significant implications,” said Cosman. “Various other IEC technical committees that represent the needs and interests of specific sectors will presumably base their cybersecurity-related efforts on what is in the 62443 standards, focusing on defining how they should be interpreted and applied in a given set of circumstances. This will almost certainly lead to the creation of a set of sector-specific profiles for this purpose. To help in this effort, TC65 WG10 is developing guidance on how to develop such profiles, rather than pursue sector-specific and perhaps inconsistent standards. Guidelines, frameworks, training materials, and other resources can also take on a more general focus, incorporating the needs of many sectors.”

The designation of the ISA/IEC 62443 series as a horizontal standard will have many benefits to stakeholders:

  • Asset owners who have a presence in or exposure to more than one sector will be able to align their cybersecurity programs, leveraging ISA/IEC 62443 as the one single source for the fundamental principles and requirements of automation cybersecurity
  • Automation system suppliers will be able to certify their products for a broader range of applications, using a common set of conformance specifications based on 62443
  • IEC TC 65 WG 10 and the ISA99 committee will be able to focus their efforts on collaboration and advancement of the series of standards, especially around current demands in areas such as IIoT, sensor-level security, and supply chain risks
  • The ISA Global Cybersecurity Alliance (ISAGCA) and its 50+ member companies will partner with asset owners and suppliers to build relevant, applications-focused materials to enable companies in different sectors around the world to adopt and implement the series of standards at scale

“The member companies of the ISA Global Cybersecurity Alliance have long believed in the broad applicability of the ISA/IEC 62443 series of standards,” said ISAGCA Chair Megan Samford. “We could not be more excited to see this news from IEC, because it echoes and confirms the work we’ve done. This series of standards is the only complete set of practices and security capabilities that can be applied to consistently assess and improve cybersecurity for operational technology systems, and our members stand ready to help companies all over the globe implement it successfully.”

View the full press release here.

Steven Aliano
Steven Aliano
Steven Aliano is the Content Marketing Specialist for ISA & ISAGCA.

Related Posts

North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and ISA/IEC 62443 Comparative Analysis

The Utilities Technology Council and Cumulys recently prepared a report in partnership with the ISA Globa...
Kara Phelps Dec 13, 2024 7:00:00 AM

Securing PLCs Through the Backplane: Balancing Performance and Simplicity

With the increasing convergence of operational technology (OT) and information technology (IT), the need ...
Ashraf Sainudeen Dec 6, 2024 7:00:00 AM

Practical Insights for Implementing Control System Security

Introduction In this blog post, we’ll share practical insights from operational experience in managing cy...
Pinakin Gokhale Nov 29, 2024 7:00:00 AM