As a senior-level executive, the chief information security officer (CISO) plays a pivotal role in establishing and maintaining programs that ensure information technology (IT) and operational technology (OT) assets are adequately protected. This means data protection, risk assessment, cyber incident response, and adherence to standards, policies, and procedures are top priorities. Aside from these responsibilities, keeping up with a cyber landscape that is constantly moving remains at the forefront of many executives’ minds. A recent Proofpoint study discovered that roughly 64% of CISOs around the world suspect a material cyberattack will hit their organization within the next 12 months. Based on these findings, the majority of CISOs believe their organizations are unprepared to fend off potential cyberattacks.
With this in mind, ISA is introducing a new set of microlearning modules (MLMs) focused on specific areas of industrial cybersecurity. ISA microlearning modules consist of short, 5- to 10-minute videos that address cybersecurity challenges and help viewers better understand the purpose of the ISA/IEC 62443 series of standards. The first set of MLMs consists of three videos on cybersecurity awareness and three on cyber use-cases.
The awareness videos, entitled, “IACS Cybersecurity for Chief Information Security Officers (CISOs),” are designed to help CISOs gain more insight and understanding of the ISA/IEC 62443 series of standards. With this newfound knowledge, executives can be better prepared when collaborating with automation engineering colleagues to ensure the improved safety, reliability, and performance of physical process operations.
Executives can expect to learn more about:
- The differences between IT and OT systems
- Industrial cybersecurity terminology
- How IT and OT should work together, what should be protected in each environment, and the associated risks
- The consequences of implementing a disjointed cybersecurity program (or not having a program entirely)
- The benefits of implementing the ISA/IEC 62443 series of standards
The use-case MLMs review two cyberattacks on Ukraine in 2015 and 2016, and an attack on a wastewater plant in the United States. These videos examine the causes of the attacks, the ramifications of the attacks, and how a cybersecurity program would have prevented the attacks or mitigated the consequences.
Learn more by visiting the IACS Cybersecurity for CISOs MLM page here.
The ISA MLM program strives to strengthen infrastructure around the world by helping users understand several key aspects of the ISA/IEC 62443 series of standards. This includes why cybersecurity is vital to industries using automation and control processes; the topics, benefits, and company roles covered in the ISA/IEC 62443 series of standards; and how to successfully implement and support a cybersecurity program.
These new MLMs focus on the ISA/IEC 62443 series of standards as a foundation to create a robust cybersecurity program that encompasses all processes, from the boardroom to the plant floor. As the world’s only consensus-based automation and control systems cybersecurity standards, the ISA/IEC 62443 series of standards codifies hundreds of years of OT and internet of things (IoT) cybersecurity subject matter expertise. The standards define the requirements and procedures for implementing secure automation/industrial control systems, establishing security practices, and assessing security performance. The ISA/IEC 62443 series of standards approach cybersecurity challenges in a holistic way, bridging the gap between OT/IT and process safety and cybersecurity.
To learn about ISA’s new Microlearning Modules Program, click here.