New York state legislature is hoping to add additional protections to the state’s critical infrastructure via a newly proposed cybersecurity bill. The bill leverages the industry-adopted ISA/IEC 62443 series of standards to shape metrics and benchmarks for operational technology cybersecurity. If passed, the bill’s measures would be applied to the state’s critical infrastructure facilities, including: public transportation; water and wastewater treatment facilities; public utilities and buildings; hospitals, public health facilities, financial service organizations; and automation and control system components.
“There have been an increased amount of cyberattacks where hackers are just holding people hostage,” Senator Kevin Thomas, the bill’s sponsor, said. “The bill looks to address this by updating systems to match international standards so that the state’s critical infrastructure is protected as much as possible. There needs to be more vigilance. We need to know whether these critical infrastructure systems can be compromised and how to upgrade them to prevent them from being compromised.”
The ISA/IEC 62443 series of standards, developed by the ISA99 committee and adopted by the International Electrotechnical Commission (IEC), provides a flexible framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems (IACSs). The committee draws on the input and knowledge of IACS security experts from across the globe to develop consensus standards that are applicable to all industry sectors and critical infrastructure.
“The technologies that control and automate the world’s most critical operations, including the facilities where we work and live, are under constant threat and attack,” said ISA Global Cybersecurity Alliance Managing Director Andre Ristaino. “Consistent, global adoption of the ISA/IEC 62443 series of standards will help vendors, third parties, and end users—indeed, the entire digital supply chain—effectively and proactively manage risks to their people, assets, and operations.”
The ISA Global Cybersecurity Alliance (ISAGCA), made up of 50+ companies, continues to actively work to confront cybersecurity challenges in multiple ways. In general, a strong cybersecurity posture relies on people, process, and technology:
Many critical infrastructure and industrial manufacturing companies already have or are working diligently to integrate cybersecurity into their risk-management and business continuity plans and strategies. Using the ISA/IEC 62443 series of standards as their foundation, they focus on adopting security as part of the operations lifecycle, ensuring compliance with various aspects of the standards across their supply chains, and including cybersecurity in operational risk-management profiles.