Skip to content

The Cybersecurity Advocate

ISAGCA January-February 2022 Updates

The Cybersecurity Advocate is the newsletter published by the ISA Global Cybersecurity Alliance (ISAGCA). ISAGCA is a collaborative forum of member companies that aim to advance cybersecurity awareness, education, readiness, and knowledge sharing industry-wide, on a global scale. The alliance’s objectives include expanding the development and use of the ISA/IEC 62443 series of standards, knowledge-sharing in an open environment, providing best practice tools to help companies secure their infrastructure, creating education and certification programs, and advocating for cybersecurity awareness and sensible approaches with world governments and regulatory bodies.

ISAGCA Leadership Messages

 

  • Megan Samford, ISAGCA Chair, talked about 2021 ISAGCA goals and how we exceeded them
  • She also talked about ISAGCA 2022 goals:
    • Making 62443 a horizonal standard is a priority for 2022; we hope to also work on 62443 template documents for specific industrial sectors, like creating a template with building standards
    • Everyone wants to see 62443 as a horizontal standard, including DHS and other governments globally
    • ISAGCA needs volunteers to help work on our 2022 goals so we can be successful
    • ISAGCA needs to operationalize the connections between ISAGCA and the ISA chapters, IEC, and other organizations
    • Sharul Rashid, ISAGCA Vice-Chair, added that ISA/IEC 62443 is being accepted in Asia countries and he will be meeting with more countries in the region to promote referencing ISA/IEC 62443 into laws and regulations
4color_300dpiGlobal_CyberSecurity_Alliance_logo-1

Megan Samford

ISAGCA Advisory Board Chairman

Megan Samford is the Vice President and Chief Product Security Officer for Energy Management at Schneider Electric. She is responsible for driving the product security strategy and programs for Schneider Electric's Energy Management business with a focus on industrial control systems security, critical infrastructure protection, and risk analysis.

Sharul Rashid

ISAGCA Advisory Board Vice-Chairman

Sharul A. Rashid is the PETRONAS Group Technical Authority and Custodian Engineer, Instrument and Control. He is co-chair of the Certification Work Group (CWG) of Open Process Automation Forum (OPAF), Steering Committee (SC) member for JIP33 (IOGP) (International Oil & Gas Producer), and Vice-Chair IASSC (Instrument Automation Standards Subcommittee) for IOGP.

Andre Ristaino

ISAGCA Managing Director

Andre Ristaino is the Managing Director, Global Consortia, Conformity Assessment at the International Society of Automation. His scope of responsibilities include ISAGCA, ISASecure, LOGIIC, and ICS4ICS. Andre has extensive experience working to develop and manage program to promote the development and deployment of cybersecurity capabilities for numerous industries.

Training and Staff Development that Leverage ISA/IEC 62443

 

Webp.net-compress-image-Feb-04-2022-04-13-05-90-PM

Implementing and Using ISA/IEC 62443 to Secure IACS

 

Webp.net-compress-image (1)-3

Understanding How IIoT System Design and Operations Can be Improved by ISA/IEC 62443

 

  • Completed ISCI and ISAGCA Joint IIoT Study on component-level certification: isa.org/iiotstudy
  • ISAGCA IIoT Team is now working on a system-level study to analyze the cloud provider role in comparison to existing ISA/IEC 62443 roles and enumerate the types of possible IIoT certifications and corresponding 62443 standards. The team is working through comments. One more chapter remains, which will discuss potential enhancements to ISA/IEC 62443 for IIoT system certifications.
Webp.net-compress-image-Feb-04-2022-03-58-38-24-PM

Learning About ISA/IEC 62443 Standards Activities with the ISA99 Committee

 

You are welcome to participate for free in standards development activities by joining the ISA99 Committee. Visit the ISA99 LinkedIn Group to learn more about these efforts. Email isa99chair@gmail.com to become a member or ask standards-related questions or make comments. These are the current ISA99 Committee efforts:

  • 1-1 Concepts and Models revision updates are out for public comment
  • 2-1 Security for Asset Owners revision were submitted for public comments
  • 2-2 Principal Roles for Security Program Ratings revision are out for public comments
  • 2-3 Patch Management Program from TR to Standard are being prepared for IEC review
  • 2-4 Security Requirements for Service Providers are being work with IEC TC65WG10 to incorporate comments for the next revision
  • 3-1 - Security Technologies for IACS will be updated by the revised WG01 (Work Group 1) committee
  • 3-3 Security Levels are being revised
  • IEC has assigned tasks to committees for them to assess how they will update their vertical standards to include ISA/IEC 62443 now that it is an IEC horizontal standard
  • Electrical Sub-station sector profile will be created with relevant ISA/IEC 62443 standards; The team will engage DOE CESAR (existing standard 61850 TC57) and work with IEC for internationalization of this effort
AdobeStock_412183183

Advocating for Legislation and Regulations that Reference ISA/IEC 62443

 

  • USA Federal Advocacy Team was recently formed to include references to ISA/IEC 62443 for these sectors:
    • Energy Sector: Work with DOE CESER on their efforts to expand Cyber Testing for Resilient Industrial Control Systems (CyTRICS) program
    • Oil & Gas Sector: Provide input to TSA and to engage with influential stakeholders in the Department of Transportation’s Pipeline and Hazardous Materials Safety Administration (PHMSA) and the Cybersecurity & Infrastructure Security Agency (CISA)
    • SICI (Systemically Important Critical Infrastructure): Provide industry and public feedback on the SICI bill once it is shared or introduced
    • Water & Wastewater Sector: Meet with key stakeholders in the Water & Wastewater sector to help ensure 62443 is either referenced as one of or considered as the foundational standard upon which sector-specific guidance will be built upon
    • NIST Cyber Security Framework (CSF): Contribute to the NIST CSF revision to include additional references to new ISA/IEC 62443 standards created since the first version of the NIST CSF
  • Europe efforts have focused on referencing IEC 62443 by the IEC standards working groups to address cybersecurity requirements for IACS; IEC recently designated IEC 62443 as a Horizontal Standard:
  • Asia-Pacific focus has resulted in IEC 62443 being referenced in laws and regulations:
    • Singapore law (2018) referenced IEC 62443
    • India standards reference IEC 62443
      • We have engaged the Indian Power Sector to determine if ISAGCA can help them further expand the use of IEC 62443 in their sector
    • We obtain an agreement for Malaysia government parties to reference specific IEC 62443 standards
      • Will use these efforts in Malaysia as a model for engaging other Asia-Pacific countries

ISAGCA will soon create a Europe webpage and separate Global webpage to assist people in those regions to help advocate for inclusion of ISA/IEC 62443 into laws, regulations, and other international standards

Understanding How ICS4ICS Can Improve Management of Industrial Cybersecurity Incidents

 

ICS4ICS Logo_FINAL_tagline_color

Subscribe to the ISA Cybersecurity & Connectivity Email List

Subscribe to the ISA Global Cybersecurity Alliance Blog

The ISA Global Cybersecurity Alliance blog, Building a Resilient World: Practical Automation Cybersecurity, features perspectives and advice from cybersecurity experts. It covers topics like digital transformation, the relationship between cybersecurity and safety, how standards are being leveraged globally, and how cybersecurity topics impact our world.

Cyber Response

Cybersecurity Risk is the Great Equalizer

| August 9, 2022

This blog has been repurposed from the May-June 2020 edition of InTech. Awareness of challenges and collaboration on solutions can secure critical..

Read More

Securing Operations

Securing Your Operations? Don't Forget Your Hardware

| August 2, 2022

A version of this blog originally appeared on Cisco When you think about cybersecurity, I bet you think about protection from malware–pieces of..

Read More

ICS

Why ICS/OT Infrastructure is Insecure

| July 26, 2022

Overview  Industrial control system (ICS)/operational technology (OT) infrastructure security is different in many ways from informational technology..

Read More