Following an earlier knowledge survey conducted in 2022, the International Society of Automation (ISA), the ISA Global Cybersecurity Alliance (ISAGCA), Idaho State University (ISU), and the Idaho National Laboratory (INL) stand ready to present their findings on workforce development and career pathway initiatives in the field of industrial cybersecurity (ICS).
Beginning with the formation of the Industrial Cybersecurity Community of Practice (ICS COP) in the Fall of 2020, this work has included the integration of ideas and best practice creation through collaboration for ICS workforce development from across industry, academia, and governments.
Findings will be presented at an upcoming meeting of the Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems Joint Working Group (ICSJWG), slated to take place in Salt Lake City, Utah, on 10 May. More information on the meeting is available on the CISA ICSJWG page.
Presenters will include ISA instructor and Certified Automation Professional Glenn Merrell; Dr. Shane Stailey of Idaho National Laboratory; and Dr. Sean McBride of Idaho State University and Idaho National Laboratory.
The presentation is organized into three parts, all of which will take place on the same day. A link to the agenda can be found here.
Part 1: The Why
Workforce Development is the crucial component for cognizance of ICS security risk awareness and developing competencies is necessary to secure control system functions from compromise.
Particular attention will be placed upon how the ISA/IEC 62443 series – the world’s only consensus-based automation and control systems cybersecurity standards – defines three critical roles involved in securing critical ICS control functions:
- Asset Owner and their workforce competency requirements
- Service Provider and their workforce competency requirements
- Product Developer and their workforce competency requirements
The presentation will further describe why a cybersecurity management program must be fully aligned with an organization’s business mission, vision, and goals; must be championed and sponsored by the business management; and must contain competent workforce personnel fully cognizant of mitigating ICS risks at the desired security levels.
Part 2: The Who
The second part of the presentation will delve into that critical business alignment relationships across the organization. Presenters will also share small to large identifying gaps and a path for supporting improving and activating workforce development across the organization for a cyber competent team.
Part 3: The What
The third and final part of the presentation will dissect the knowledge any cyber staff must attain from the baseline knowledge units necessary to demonstrate competence in securing ICS functions against compromise.
ISAGCA is proud to support this ongoing ICS workforce development effort as part of its mission to support training and education activities for the operational technology (OT) cybersecurity community. Both INL and ISU are members of the ISAGCA consortium, which includes over 50 member companies and industry groups. Further information will be shared here as it becomes available. For more information or to get involved with ISAGCA, visit www.isagca.org.