Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Leveraging ISA/IEC 62443 is Easier Than You Think

A version of this blog originally appeared on Cisco


To many people, the ISA/IEC 62443 industrial security standard is like a New Year’s resolution: You know it will bring you great benefits, so you start working on it, but you eventually give up because it looks complex or other priorities arise. But it really should not be like that. Let me explain why. 

Industrial networks and critical infrastructures have become the new playground for cyber criminals. Whether you run global manufacturing operations, a local water utility, a power grid network, or just a small industrial plant in the middle of nowhere, you are eligible for a cyber-attack. What would be the result? Production halts, loss of revenue, broken industrial equipment, damage to the environment, or even injured employees. Nothing else should be higher on your priority list than securing your industrial operations.

The International Society of Automation (ISA) and the International Electrotechnical Commission (IEC) have developed the ISA/IEC 62443 series of standards. It is a framework to implement industrial cybersecurity best practices step by step and drive continuous improvement. The series covers many aspects, but the key part is ISA/IEC 62443-3-3, which describes the security capabilities you should implement. 

Security Requirements for All Industry Verticals 

Some might think that ISA/IEC 62443-3-3 is only suited for manufacturing operations, but most of its security requirements apply to all industry verticals. Furthermore, the ISA and IEC are now working on developing profiles for specific industries, so whatever you implement today will be leveraged tomorrow to comply with a more thorough list of requirements. 

To drive you through the ISA/IEC 62443-3-3, my colleagues Andrew McPhee and Maik Seewald have written a short and detailed white paper listing all security requirements and how to comply. The main key takeaway is that by leveraging Cisco’s comprehensive industrial networking and cybersecurity portfolio, implementing the standard couldn’t be easier. 

As an example, the ISA/IEC 62443-3-3 highlights the imperative of controlling access to resources and restricting communications by enforcing the least privilege principle that grants users and devices only the rights they need to perform their tasks. In a nutshell, asset identification, user authentication, and micro-segmentation are a must to reduce the exposure of the industrial control system (ICS) to cyberthreats and limit the spread of attacks. 

Using Cisco Identity Services Engine (ISE) together with Cisco Cyber Vision, Secure Firewall, and Duo, industrial organizations can easily implement this zero-trust approach to their OT networks. These products have been designed and tested together to enable seamless workflows and out-of-the-box integration. I told you it did not have to be complex! 

Three Webinars to Deep Dive Into ISA/IEC 62443

Andrew and Maik have recently presented a webinar explaining the ISA/IEC 62443-3-3 and its security requirements. See the on-demand recording here to learn about capabilities you might be missing today and how you can easily implement them. 

As a follow-up to this overview, a second webinar explains how to implement micro-segmentation in industrial networks. It dives into the ISA/IEC 62443 zones and conduits model and shows you how Cisco ISE and Cyber Vision can enforce OT micro-segmentation. See the on-demand recording here. 

Securing industrial operations also means leveraging IT security tools and processes. On 15 December 2022, the webinar closing the series will discuss how to extend IT security to industrial operations so security analysts can investigate and remediate threats across both IT and OT domains. Register here. 

Until then, have a look at our ISA/IEC 62443-3-3 white paper and make sure you subscribe to our Industrial Security Newsletter.

Fabien Maisl
Fabien Maisl
Fabien Maisl manages product marketing for Cisco’s IoT/OT security portfolio to help industrial organizations secure their production infrastructures. He brings over 20 years of international experience in creating and promoting innovative products in the telecoms and IT market, such as private mobile networks for industrial applications or VoIP and IPTV/VOD service platforms for telecom operators.

Related Posts

What Does the Future of Zero Trust in OT Look Like?

Zero trust principles have established themselves in the mindshare of cybersecurity practitioners worldwi...
Jacob Chapman Dec 20, 2024 7:00:00 AM

North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and ISA/IEC 62443 Comparative Analysis

The Utilities Technology Council and Cumulys recently prepared a report in partnership with the ISA Globa...
Kara Phelps Dec 13, 2024 7:00:00 AM

Securing PLCs Through the Backplane: Balancing Performance and Simplicity

With the increasing convergence of operational technology (OT) and information technology (IT), the need ...
Ashraf Sainudeen Dec 6, 2024 7:00:00 AM