Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

Read More

What Are the Cybersecurity Needs of IIoT Systems?

Read More

Categories Arrow

All Posts

What Are the Cybersecurity Needs of IIoT Systems?

The International Society of Automation (ISA) recently released a new paper from its ISASecure® cybersecurity certification program and the ISA Global Cybersecurity Alliance (ISAGCA). The paper dives into a pressing question — how to apply the ISA/IEC 62443 series of standards to cloud-based functionality.

Using ISA/IEC 62443 in IIoT Systems

As the leading consensus-based automation and control systems cybersecurity standards, ISA/IEC 62443 offers a common set of requirements that solidify connections between IT and OT, as well as between process safety and cybersecurity. ISA's new paper, titled “IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards,” explores the use of these standards for industrial automation and control systems (IACS) that include cloud-based functionality (i.e., industrial internet of things or IIoT). ISAGCA and ISASecure also hosted a companion webinar on 17 July 2024 to break down the paper's conclusions. 

We've shared a few key insights from the webinar below. You can also view the full recording of the presentation, including a question-and-answer session at the end.

Webinar Highlights

Johan Nye presented an overview of the paper, which includes four example risk assessments for four IIoT use cases. It also offers recommendations to consider for revisions to ISA/IEC 62443 in the future and reviews the structure and organization of conformity assessment schemes for IIoT systems and IACS. Here are a few key findings:

  • IACS incorporating cloud-based functionality can benefit from concepts in the ISA/IEC 62443 standards. Risk assessment, zone and conduit partitioning and the system/component model can all be applied to an IIoT IACS.
  • When the cloud-based functionality has the capability to influence the physical state of the equipment under control, the scope of ISA/IEC 62443 should extend to the cloud environment.
  • Implementation of essential functions in the cloud does not meet ISA/IEC 62443 requirements. Nye compared "essential functions" in IACS to steering and braking functions in a self-driving car to illustrate the need for local control.
  • A new category of cloud service, proposing the term "operational technology as a service (OTaaS)," would provide transparency when cloud-based functionality has the capability to directly or indirectly change the physical state of the equipment under control.
  • The role of cloud provider is relatively new, and it is not currently defined in the ISA/IEC 62443 series. This role includes aspects of product supplier, service provider and asset owner (operator) roles.  
  • Conformity assessment schemes based on ISA/IEC 62443 standards could be developed for IIoT systems, components and IACS provided that these standards receive updates for the IIoT use case.

Watch the Webinar

If you missed the live presentation, you can still watch the complete webinar as a recording and download the slides.

Read the Report

You can also access a free download of the 73-page paper on the ISASecure website.
Kara Phelps
Kara Phelps
Kara Phelps is the communications and public relations manager for ISA.

    Recent Posts

    Get 300 USD off ISA Training During Cybersecurity Awareness Month

    Related Posts

    Implementing AI Anomaly Detection in Industrial Cybersecurity

    Cybersecurity is becoming more critical than ever in industrial settings as the rise of connected devices...
    Zac Amos Oct 11, 2024 7:00:00 AM

    The Encryption Enigma: Securing Automated Processes

    With the convergence of informational technology (IT) and operational technology (OT), "smart" automation...
    Nahla Davies Oct 4, 2024 7:00:00 AM

    Spotlight on Cybersecurity Offerings at the 2024 ISA Automation Summit & Expo

    The International Society of Automation (ISA) is making its final countdown to the 2024 ISA Automation Su...
    Kara Phelps Sep 27, 2024 7:00:00 AM

    The International Society of Automation (ISA) is a non-profit professional association founded in 1945 to create a better world through automation. ISA advances technical competence by connecting the automation community to achieve operational excellence and is the trusted provider of standards-based foundational technical resources, driving the advancement of individual careers and the overall profession. ISA develops widely used global standards; certifies professionals; provides education and training; publishes books and technical articles; hosts conferences and exhibits; and provides networking and career development programs for its members and customers around the world.


    The material and information contained on this website is for general information purposes only. ISA blog posts may be authored by ISA staff and guest authors from the automation community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

    We're on social media. Keep in touch!

    © 2024 International Society of Automation. All rights reserved.