Cybersecurity threats to manufacturing and process plants are coming from a wide range of attack vectors, including supply chain, logistics, enterprise computing, remote connections, operator stations, programmable logic controllers, distributed control systems (DCSs), smart sensors, and new smart devices. Internet of Things (IoT) technologies offer greater connectivity and endless applications, but they make the cybersecurity landscape more complex.

Several of the affected industries have taken great strides in improving their defense posture, mostly thanks to governmental regulatory compliance requirements. Most organizations with industrial control systems (ICS) fall into one of two categories: regulated and non-regulated. It is therefore essential to figure out which framework applies to your industry.

ISA/IEC 62443 series of standards belongs to the non-regulated compliance requirements.

The ISA99 Committee

The International Society of Automation (ISA) 99 standards development committee brings together industrial cyber security experts from across the globe to develop ISA standards for the security of industrial automation and control systems that are applicable to all industry sectors and critical infrastructure.

The ISA99 committee addresses industrial automation and control systems whose compromise could result in any, or all, of the following situations:

  • endangerment of public or employee safety
  • loss of public confidence
  • violation of regulatory requirements
  • loss of proprietary or confidential information
  • economic loss
  • impact on national security.

Manufacturing and control systems include, but are not limited to:

  • hardware and software systems such as DCS, PLC, SCADA, networked electronic sensing, and monitoring and diagnostic systems
  • associated internal, human, network, or machine interfaces used to provide control, safety, and manufacturing operations functionality to continuous, batch, discrete, and other processes.

The committee’s purpose is to develop standards, recommended practices, technical reports, and related information that define procedures for implementing digitally secure manufacturing and control systems and security practices and assessing cyber security performance. Although the guidance (Read more...)