The ISA Global Cybersecurity Alliance is made up of 50+ member companies and industry groups, representing more than $1.5 trillion in aggregate revenue across more than 2,400 combined worldwide locations. Automation and cybersecurity provider members serve 31 different industries, underscoring the broad applicability of the ISA/IEC 62443 series of standards. Following is a summary of ISAGCA's year in review for 2022— an incredible twelve months for the consortium.
Advocacy and Adoption
ISAGCA works with a broad spectrum of stakeholders to encourage reliance upon ISA/IEC 62443 in laws, regulations, and other standards across industry sectors. 2022 was a year of strong efforts across all aspects of adoption and advocacy work.
A few examples include:
- New York state legislators to include cybersecurity requirements based on ISA/IEC 62443 to the Critical Infrastructure Standards and Procedures (CRISP) Act
- Cybersecurity Infrastructure Security Agency (CISA) published Cross-Sector Performance Goals (CPG) document that references ISA/IEC 62443
- ISAGCA leadership invited to brief the White House Office of the National Cyber Director, Strategy and Budget Directorate, on ISA cybersecurity programs, including the utility of the ISA/IEC 62443 series of standards for a potential consumer IoT labeling scheme
- Key ISAGCA suppliers summoned to the White House as industry consultants on Manufacturing and Critical infrastructure Cybersecurity Guidelines to encourage ISA/IEC 62443 standards references
- ISA/IEC 62443 and ISASecure® are now referenced in the latest edition of NFPA 70® National Electric Code® published by the National Fire Protection Association (NFPA)
- Standards Malaysia has agreed to adopt ISA/IEC 62443 as a national Malaysian Standard, thanks to continued efforts by ISAGCA member Petronas
- ISAGCA has engaged the Taiwan government to identify opportunities to reference 62443 into law or national standards. Taiwan has now adopted ISA/IEC 62443 into public policy language for securing operational technology
Part of the ISA Global Cybersecurity Alliance mission is to help operating sites around the globe become resilient to cybersecurity attacks and to have a defined method to respond and recover from attacks. As a result, ISAGCA stood up ICS4ICS, the Incident Command System for Industrial Control Systems. Key accomplishments in 2022 include:
- Megan Samford, ISAGCA Advisory Board Chairman and Schneider Electric VP CPSO Energy Management, testified before US Congress about the value of ICS4ICS
- Established an ICS4ICS credentialing program and credentialed our first three ICS incident commanders, with three additional credentials slated for 2023
- In terms of building awareness, the ICS4ICS community presented ICS4ICS at 22 events around the world, launched a website for the program, and recruited 1,200 volunteers and interested parties
ISAGCA members are leaders in the movement to prioritize OT cybersecurity:
- 51 total members, including industry groups
- Representing more than $1.5 trillion in aggregate revenue
- 2,400 combined worldwide locations
- 31 different industries, underscoring the broad applicability of ISA/IEC 62443 standards
Awareness and Outreach
2022 was a terrific year for media and PR growth, with 26 media placements–an 85% increase over 2021. This included national level coverage with Nasdaq. Working together with a deep well of SMEs, many of whom actively participate in the Awareness & Outreach committee, ISAGCA saw broad reach across multiple industry sector publications, including IT security, manufacturing, food, medical, oil and gas, and water wastewater.
- Total media placements in 2022: 25
- Year over year increase in placements: 84%
- Number of SMEs from ISAGCA membership: 14
- Total media mentions of ISA and ISA/IEC 62443 in 2022: 5,473
Training and Education
ISA offers industry leading cybersecurity training courses and knowledge-based certificate recognition programs are based on ISA/IEC 62443- the world's only consensus-based series of automation cybersecurity standards, and a key component of government plans.
Published ISASecure for Product Suppliers and Assessors (IC47) course and ran two successful courses
- Published six Microlearning modules to the YouTube platform
- Supported Industrial Cybersecurity Community of Practice (ICSCOP)
- Completed ICS Survey with INL/Idaho State University and ISAGCA. Phase 1 was to collect data on Knowledge Needed to Secure Control Systems
- Improved ISA/IEC 62443 four cybersecurity courses and associated certificate program