Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Leveraging ISA/IEC 62443 is Easier Than You Think

A version of this blog originally appeared on Cisco


To many people, the ISA/IEC 62443 industrial security standard is like a New Year’s resolution: You know it will bring you great benefits, so you start working on it, but you eventually give up because it looks complex or other priorities arise. But it really should not be like that. Let me explain why. 

Industrial networks and critical infrastructures have become the new playground for cyber criminals. Whether you run global manufacturing operations, a local water utility, a power grid network, or just a small industrial plant in the middle of nowhere, you are eligible for a cyber-attack. What would be the result? Production halts, loss of revenue, broken industrial equipment, damage to the environment, or even injured employees. Nothing else should be higher on your priority list than securing your industrial operations.

The International Society of Automation (ISA) and the International Electrotechnical Commission (IEC) have developed the ISA/IEC 62443 series of standards. It is a framework to implement industrial cybersecurity best practices step by step and drive continuous improvement. The series covers many aspects, but the key part is ISA/IEC 62443-3-3, which describes the security capabilities you should implement. 

Security Requirements for All Industry Verticals 

Some might think that ISA/IEC 62443-3-3 is only suited for manufacturing operations, but most of its security requirements apply to all industry verticals. Furthermore, the ISA and IEC are now working on developing profiles for specific industries, so whatever you implement today will be leveraged tomorrow to comply with a more thorough list of requirements. 

To drive you through the ISA/IEC 62443-3-3, my colleagues Andrew McPhee and Maik Seewald have written a short and detailed white paper listing all security requirements and how to comply. The main key takeaway is that by leveraging Cisco’s comprehensive industrial networking and cybersecurity portfolio, implementing the standard couldn’t be easier. 

As an example, the ISA/IEC 62443-3-3 highlights the imperative of controlling access to resources and restricting communications by enforcing the least privilege principle that grants users and devices only the rights they need to perform their tasks. In a nutshell, asset identification, user authentication, and micro-segmentation are a must to reduce the exposure of the industrial control system (ICS) to cyberthreats and limit the spread of attacks. 

Using Cisco Identity Services Engine (ISE) together with Cisco Cyber Vision, Secure Firewall, and Duo, industrial organizations can easily implement this zero-trust approach to their OT networks. These products have been designed and tested together to enable seamless workflows and out-of-the-box integration. I told you it did not have to be complex! 

Three Webinars to Deep Dive Into ISA/IEC 62443

Andrew and Maik have recently presented a webinar explaining the ISA/IEC 62443-3-3 and its security requirements. See the on-demand recording here to learn about capabilities you might be missing today and how you can easily implement them. 

As a follow-up to this overview, a second webinar explains how to implement micro-segmentation in industrial networks. It dives into the ISA/IEC 62443 zones and conduits model and shows you how Cisco ISE and Cyber Vision can enforce OT micro-segmentation. See the on-demand recording here. 

Securing industrial operations also means leveraging IT security tools and processes. On 15 December 2022, the webinar closing the series will discuss how to extend IT security to industrial operations so security analysts can investigate and remediate threats across both IT and OT domains. Register here. 

Until then, have a look at our ISA/IEC 62443-3-3 white paper and make sure you subscribe to our Industrial Security Newsletter.

Fabien Maisl
Fabien Maisl
Fabien Maisl manages product marketing for Cisco’s IoT/OT security portfolio to help industrial organizations secure their production infrastructures. He brings over 20 years of international experience in creating and promoting innovative products in the telecoms and IT market, such as private mobile networks for industrial applications or VoIP and IPTV/VOD service platforms for telecom operators.

Related Posts

Securing Industrial Networks Can–And Should–Be Simple

A version of this blog originally appeared on Cisco
Andrew McPhee Jan 24, 2023 5:30:00 AM

Double Extortion Ransomware: What It Is and How to Respond

New attack methods in the cybersecurity landscape continue to emerge in the digitally driven world. One t...
Zac Amos Jan 17, 2023 5:30:00 AM

Defending Remote-Friendly Environments from Cyberattacks

This blog has been repurposed from the December 2022 issue of InTech
Damon Purvis Jan 10, 2023 5:30:00 AM