Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

What Are the Cybersecurity Needs of IIoT Systems?

The International Society of Automation (ISA) recently released a new paper from its ISASecure® cybersecurity certification program and the ISA Global Cybersecurity Alliance (ISAGCA). The paper dives into a pressing question — how to apply the ISA/IEC 62443 series of standards to cloud-based functionality.

Using ISA/IEC 62443 in IIoT Systems

As the leading consensus-based automation and control systems cybersecurity standards, ISA/IEC 62443 offers a common set of requirements that solidify connections between IT and OT, as well as between process safety and cybersecurity. ISA's new paper, titled “IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards,” explores the use of these standards for industrial automation and control systems (IACS) that include cloud-based functionality (i.e., industrial internet of things or IIoT). ISAGCA and ISASecure also hosted a companion webinar on 17 July 2024 to break down the paper's conclusions. 

We've shared a few key insights from the webinar below. You can also view the full recording of the presentation, including a question-and-answer session at the end.

Webinar Highlights

Johan Nye presented an overview of the paper, which includes four example risk assessments for four IIoT use cases. It also offers recommendations to consider for revisions to ISA/IEC 62443 in the future and reviews the structure and organization of conformity assessment schemes for IIoT systems and IACS. Here are a few key findings:

  • IACS incorporating cloud-based functionality can benefit from concepts in the ISA/IEC 62443 standards. Risk assessment, zone and conduit partitioning and the system/component model can all be applied to an IIoT IACS.
  • When the cloud-based functionality has the capability to influence the physical state of the equipment under control, the scope of ISA/IEC 62443 should extend to the cloud environment.
  • Implementation of essential functions in the cloud does not meet ISA/IEC 62443 requirements. Nye compared "essential functions" in IACS to steering and braking functions in a self-driving car to illustrate the need for local control.
  • A new category of cloud service, proposing the term "operational technology as a service (OTaaS)," would provide transparency when cloud-based functionality has the capability to directly or indirectly change the physical state of the equipment under control.
  • The role of cloud provider is relatively new, and it is not currently defined in the ISA/IEC 62443 series. This role includes aspects of product supplier, service provider and asset owner (operator) roles.  
  • Conformity assessment schemes based on ISA/IEC 62443 standards could be developed for IIoT systems, components and IACS provided that these standards receive updates for the IIoT use case.

Watch the Webinar

If you missed the live presentation, you can still watch the complete webinar as a recording and download the slides.

Read the Report

You can also access a free download of the 73-page paper on the ISASecure website.

Kara Phelps
Kara Phelps
Kara Phelps is the communications and public relations manager for ISA.

Related Posts

Sharing Insights on ISA/IEC 62443

The goal of the ISA Global Cybersecurity Alliance (ISAGCA) is to advance cybersecurity awareness, educati...
Kara Phelps Oct 18, 2024 10:00:00 AM

Implementing AI Anomaly Detection in Industrial Cybersecurity

Cybersecurity is becoming more critical than ever in industrial settings as the rise of connected devices...
Zac Amos Oct 11, 2024 7:00:00 AM

The Encryption Enigma: Securing Automated Processes

With the convergence of informational technology (IT) and operational technology (OT), "smart" automation...
Nahla Davies Oct 4, 2024 7:00:00 AM