Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

ISA99 Virtual Plenary Meetings: Behind the Scenes of ISA/IEC 62443

Updates from ISA99 on the Status ofand Plans forISA/IEC 62443

The ISA Global Cybersecurity Alliance (ISAGCA) was formed in part to help increase awareness and adoption of the ISA/IEC 62443 standards, the world's only consensus-based series of automation cybersecurity standards. This blog series shares insights into the creation and evolution of the standards. 


The ISA99 committee of the International Society of Automation (ISA) has developed the ISA/IEC 62443 standards, arguably the most comprehensive and authoritative source of guidance about industrial automation and control systems cybersecurity. The committee consists of several smaller working groups, each focused on a specific theme or topic. It conducts much of its regular business in web meetings and conference calls, a practice that has served it well during the current pandemic. In recent years, there have been several face-to-face plenary meetings to review status and plans for future work. Since this was not possible in 2020, the committee hosted web meetings for this purpose.

The first of these meetings occurred on 5 October 2020, with more than 110 people attending. The agenda included three major topics:

  1. Committee overview, status, and direction: The focus was on committee structure, work groups assignments, and specific areas of emphasis
  2. Overview of work products: Described the status of each of the components of the 62443 series, with emphasis on those still under development or revision
  3. Assessment of 62443 series consistency: A summary of the status of the effort to assess the consistency of the 62443 series and identify opportunities for realignment of content

While the first two topics were primarily informative in nature, the third included a request for feedback on some of the changes proposed to make the standards easier to apply by clarifying the responsibilities of several principal roles across a well-defined lifecycle. These proposals have not yet been formally submitted to committee leaders, and there is some sensitivity to potential impact if there are implemented without adequate justification and transition planning.

With the 62443 standards now in use in several industry sectors, the committee understands that the benefits of any proposed improvements must outweigh any disruption that may be caused. Any recommended changes will first be reviewed by the committee leadership and thenas necessarysubmitted for approval to the voting members of the committee.

This process includes detailed review by, and consultation with, IEC Technical Committee 65. The resulting standards are meant to be offered by both ISA and IEC.

Specifically, there is a proposal to expand and rename the foundational requirements that have long served as the basis for derivation of more detailed technical requirements to address both technical and process aspects of a complete security response. Any such change must include detailed guidance on how to make any related changes in documents derived from 62443. The committee is also considering changes to the organization of documents in the series, as well as possible realignment of some content.

While the implications of such discussions may not be clear to those with a stake in the application of ISA/IEC 62443 at this time, the committee leaders committed to fully explaining their rationale and providing additional supporting analysis and guidance for any proposed improvements. This will be done during subsequent plenary meetings and using supplementary guidance materials.

The second plenary committee meeting took place on 19 October 2020, with more than 80 people attending. This meeting took the form of an open discussion of several specific topics:

  • Clarifying the intended scope of the 62443 standards, allowing for applications in a broad range of industries or sectors
  • How to improve the quality of information shared with stakeholders on the work of the committee and the status of 62443

The committee has long described the focus of the standards as being on “Industrial Automation and Control Systems (IACS).” Inclusion of the word “Industrial” in this term has been seen by some as a barrier to applications in sectors that may not consider themselves to be consistent with this characterization. The consensus of those attending appeared to be that this could be addressed by including a clearer definition of intended scope in the initial standard (i.e., 62443-1-1), as well as in related communications and training materials.

The committee will hold additional plenary meetings in the future to collect feedback from its members and other stakeholders. This information will be used to guide further development, including changes to improves series consistency. These meetings are open to all. More information is available by sending an inquiry to ISA99Chair@gmail.com.


ISAGCA has created a quick start guide to the ISA/IEC 62443 standards. If you're interested in learning more, please request your free copy of the guide.

Eric Cosman
Eric Cosman
Eric C. Cosman, 2020 ISA president, provides consulting and advisory services in the management of information technology solutions in operations and engineering. He is a past vice president of standards and practices at ISA and is currently a member of the ISA executive board and co-chair of the ISA99 committee on industrial control systems security.

Related Posts

What Does the Future of Zero Trust in OT Look Like?

Zero trust principles have established themselves in the mindshare of cybersecurity practitioners worldwi...
Jacob Chapman Dec 20, 2024 7:00:00 AM

North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and ISA/IEC 62443 Comparative Analysis

The Utilities Technology Council and Cumulys recently prepared a report in partnership with the ISA Globa...
Kara Phelps Dec 13, 2024 7:00:00 AM

Securing PLCs Through the Backplane: Balancing Performance and Simplicity

With the increasing convergence of operational technology (OT) and information technology (IT), the need ...
Ashraf Sainudeen Dec 6, 2024 7:00:00 AM