Part 3-3 in Security Standard Approved

Friday, August 23, 2013 @ 03:08 PM gHale


There is a newly published global standard in the ISA series of security standards.

The new standard, ISA-62443-3-3-2013, Security for Industrial Automation and Control Systems Part 3-3: System Security Requirements and Security Levels, addresses risks arising from the growing use of business information technology (IT) cyber security solutions to address industrial automation and control systems (IACS) cyber security in complex and dangerous manufacturing and processing applications.

RELATED STORIES
Execs, Staffers Differ on Security
RFID Hacking Tool from Long Range
Cyber Security Assessment Service
Cyber Security Diagnostic Tool

Under development by the ISA99 committee of the International Society of Automation (ISA) and adopted globally by the International Electrotechnical Commission (IEC), the series of standards should provide a flexible framework to address and mitigate current and future vulnerabilities in IACS.

IACS security goals focus on control system availability, plant protection, plant operations, and time-critical system response.

IT security goals, in contrast, often focus more on protecting information than physical assets. For this reason, there needs to be a coherent voice to enable the use of IT cyber security solutions to address IACS security.

The new ISA99 standard addresses this concern with an approach to defining system requirements based on a combination of functional requirements and risk assessment and an awareness of operational issues.

The standard provides detailed technical control system requirements associated with seven foundational requirements described in the first ISA99 standard, ISA 62443 1 1 (99.01.01), including defining the requirements for control system capability security levels.

“This standard provides highly relevant and practical direction to asset owners, system integrators and suppliers by describing the major system-level technical requirements for a secure IACS,” said ISA99 Co-Chair Eric C. Cosman of the Dow Chemical Company. “It serves as a cornerstone in the ISA-62443/IEC 62443 series, complementing other standards including ISA-62443-2-1, which addresses the processes and procedures needed for security.”

“The new standard represents a collaborative effort of experts from multiple industries around the world,” said ISA99 task group leader for the project, Jeff Potter of Emerson Process Management. “Our intensive series of revise-and-review cycles has resulted in a rigorously reviewed standard reflecting the best current thinking in control systems security. Our joint work with IEC experts provides users with further assurance that this is a truly global standard that can be used to design, build, operate and regulate with full confidence in its longevity and cross-national applicability.”

ANSI/ISA-62443-3-3-2013 won approval as an American National Standard August 13. IEC will publish an identical version later this year as IEC 62443-3-3.

The standard is available at the ISA website (select ‘62443’ from the drop-down list and scroll down).



Leave a Reply

You must be logged in to post a comment.