Building a Resilient World: Practical Automation Cybersecurity

ISA/IEC 62443 Cybersecurity Standards Hit Their Stride

Written by Renee Bassett | Apr 13, 2021 9:30:00 AM

Like a racehorse streaking by, comfortable on the straightaway, the ISA/IEC 62443 series of standards are hitting their stride, finding their place among the essential building blocks of a secure industrial control system.

An ISA standards committee created the ANSI/ISA 62443 series of automation and control systems cybersecurity standards, which have since been adopted by the International Electrotechnical Commission as IEC 62443 and endorsed by the United Nations, by leveraging use cases from more than 20 different industry verticals. ISA/IEC 62443 approaches the cybersecurity challenge in a holistic way, bridging the gap between operations and information technology.

In July 2019, ISA/IEC 62443 gained its greatest champion in the form of the ISA Global Cybersecurity Alliance (ISAGCA). This group of what is now 40 member companies has come together to increase industrial cybersecurity awareness and readiness, in part by developing best practices for applying the ISA/IEC 62443 standards.

Through ISAGCA, industrial asset owners can sit down with automation and control systems vendors—regardless of industry segment or geography—to work together for the greater good. Eight companies were recently announced as new members of this alliance, including UL, the global safety science leader; KPMG, one of the world’s Big Four accounting and consulting firms; power management company Eaton; and others. They join initial founding members Claroty, Honeywell, Johnson Controls, Nozomi Networks, Rockwell Automation, Schneider Electric, and others.

Megan Samford, vice president and chief product security officer for energy management at Schneider Electric, is the recently appointed chairperson of the ISAGCA board. The new vice chairperson is Sharul Rashid, custodian engineer and group technical authority of instrumentation and control for PETRONAS, Malaysia’s integrated oil and gas company. PETRONAS is the world’s fourth-largest exporter of liquid natural gas, and Rashid has more than 30 years of experience leading teams handling instrumentation and control issues in refineries, gas liquefaction and petrochemical plants, and gas pipeline transmission operations.

Said Rashid, “I am honored to work with my colleagues around the world to advance critical cybersecurity initiatives. Together, we will work to increase awareness and expertise, [and] develop best-practice tools to help companies successfully navigate the life cycle of cybersecurity protection.”

Samford said Schneider Electric is also “deeply committed to collaborating across industry to help our customers and all end users.” She is personally excited to work with the diversity of ISAGCA membership, and she’s also looking forward to seeing “community-identified needs and focused initiatives, like ICS4ICS, come to life through ISAGCA and its relationships with other nonprofits and governments from around the world.”

Incident Command System for Industrial Control Systems, or ICS4ICS, is an effort under ISAGCA that seeks to establish an operational incident response organization. The initiative includes a common language for responding to cyber incidents, as well as the development of avenues for mutual assistance between organizations.

ISAGCA is clearly “driving alignment and clarity across public and private sectors,” said its managing director Andre Ristaino. A diverse group of member companies working together on a standards-based, end-to-end approach can help safeguard industry against sophisticated cyberattacks. If ISA/IEC 62443 is the horse and ISAGCA is the jockey, the rest of us are in for a beautiful run.

Do you agree? Talk to me via email at rbassett@isa.org.

A version of this post also appears in InTech Magazine. It is republished here with permission.

Interested in reading more articles like this? Subscribe to the ISAGCA blog and receive weekly emails with links to the latest thought leadership, tips, research, and other insights from automation cybersecurity leaders.