Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

What Are the Cybersecurity Needs of IIoT Systems?

The International Society of Automation (ISA) recently released a new paper from its ISASecure® cybersecurity certification program and the ISA Global Cybersecurity Alliance (ISAGCA). The paper dives into a pressing question — how to apply the ISA/IEC 62443 series of standards to cloud-based functionality.

Using ISA/IEC 62443 in IIoT Systems

As the leading consensus-based automation and control systems cybersecurity standards, ISA/IEC 62443 offers a common set of requirements that solidify connections between IT and OT, as well as between process safety and cybersecurity. ISA's new paper, titled “IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards,” explores the use of these standards for industrial automation and control systems (IACS) that include cloud-based functionality (i.e., industrial internet of things or IIoT). ISAGCA and ISASecure also hosted a companion webinar on 17 July 2024 to break down the paper's conclusions. 

We've shared a few key insights from the webinar below. You can also view the full recording of the presentation, including a question-and-answer session at the end.

Webinar Highlights

Johan Nye presented an overview of the paper, which includes four example risk assessments for four IIoT use cases. It also offers recommendations to consider for revisions to ISA/IEC 62443 in the future and reviews the structure and organization of conformity assessment schemes for IIoT systems and IACS. Here are a few key findings:

  • IACS incorporating cloud-based functionality can benefit from concepts in the ISA/IEC 62443 standards. Risk assessment, zone and conduit partitioning and the system/component model can all be applied to an IIoT IACS.
  • When the cloud-based functionality has the capability to influence the physical state of the equipment under control, the scope of ISA/IEC 62443 should extend to the cloud environment.
  • Implementation of essential functions in the cloud does not meet ISA/IEC 62443 requirements. Nye compared "essential functions" in IACS to steering and braking functions in a self-driving car to illustrate the need for local control.
  • A new category of cloud service, proposing the term "operational technology as a service (OTaaS)," would provide transparency when cloud-based functionality has the capability to directly or indirectly change the physical state of the equipment under control.
  • The role of cloud provider is relatively new, and it is not currently defined in the ISA/IEC 62443 series. This role includes aspects of product supplier, service provider and asset owner (operator) roles.  
  • Conformity assessment schemes based on ISA/IEC 62443 standards could be developed for IIoT systems, components and IACS provided that these standards receive updates for the IIoT use case.

Watch the Webinar

If you missed the live presentation, you can still watch the complete webinar as a recording and download the slides.

Read the Report

You can also access a free download of the 73-page paper on the ISASecure website.

Kara Phelps
Kara Phelps
Kara Phelps is the communications and public relations manager for ISA.

Related Posts

Practical Insights for Implementing Control System Security

Introduction In this blog post, we’ll share practical insights from operational experience in managing cy...
Pinakin Gokhale Nov 29, 2024 7:00:00 AM

Innovations in R&D: How AI Is Transforming Industrial Cybersecurity Operations

Industrial control systems are becoming more complex as evolved cyberattacks threaten industry functions....
Devin Partida Nov 15, 2024 7:00:00 AM

In Conversation with Authors of ISAGCA White Paper on Zero Trust and ISA/IEC 62443

The ISA Global Cybersecurity Alliance (ISAGCA) recently published a white paper exploring the application...
Kara Phelps Nov 8, 2024 12:00:00 PM