Cybersecurity threats to manufacturing and process plants are coming from a wide range of attack vectors including supply chain, logistics, enterprise computing, remote connections, operator stations, programmable logic controllers, distributed control systems (DCSs), smart sensors and new smart devices. Many emerging Internet of Things (IoT) and communications technologies offer greater connectivity, but they make the cyber landscape more complex.

Several of the affected industries have taken great strides in improving their defense posture, mostly thanks to governmental regulatory compliance requirements. Most organizations with industrial control systems (ICS) fall into one of two categories: regulated and non-regulated. It is therefore essential to figure out which framework applies to your industry.

ISA/IEC 62443 series of standards belongs to the non-regulated compliance requirements.

The ISA99 Committee

The International Society of Automation (ISA) 99 standards development committee brings together industrial cyber security experts from across the globe to develop ISA standards on industrial automation and control systems security that are applicable to all industry sectors and critical infrastructure.

The ISA99 committee addresses industrial automation and control systems whose compromise could result in any, or all, of the following situations:

  • endangerment of public or employee safety
  • loss of public confidence
  • violation of regulatory requirements
  • loss of proprietary or confidential information
  • economic loss
  • impact on national security.

Manufacturing and control systems include, but are not limited to:

  • hardware and software systems such as DCS, PLC, SCADA, networked electronic sensing and monitoring and diagnostic systems; and
  • associated internal, human, network or machine interfaces used to provide control, safety and manufacturing operations functionality to continuous, batch, discrete and other processes.

The committee’s purpose is to establish standards, recommended practices, technical reports and related information that will define procedures for implementing electronically secure manufacturing and control systems and security practices as well as assessing electronic security performance. Guidance is (Read more...)