ISA and IIC share new guidance for securing industrial automation and control systems

The Industry IoT Consortium (IIC) and the International Society of Automation (ISA) jointly announced a new guidance framework to help companies secure industrial automation and control systems – IoT Security Maturity Model (SMM): 62443 Mappings for Asset Owners, and Product Suppliers, and Service Suppliers.

“Achieving security maturity targets can be difficult to put into practice without concrete guidance,” said Frederick Hirsch, co-chair of the IIC ISA/IIC Contributing Group. “These 62443 mappings enable practitioners to better achieve security maturity by relating IIC IoT SMM practice comprehensiveness levels to ISA/IEC 62443 requirements. In this way, IACS asset owners and product suppliers can achieve appropriate maturity targets more easily.”

The document helps organizations choose their security target state and determine their current security state. Comparing the target and current states can help identify where companies can make further improvements.

“This new guidance adds the service provider role. It extends the previously published IoT Security Maturity Model (SMM): Practitioner’s Guide to provide mappings to existing 62443 standards and specific guidance for the asset owner, product supplier, and service provider roles,” said Ron Zahavi, chief strategist for IoT standards at Microsoft and IoT SMM co-author.

The ISA99 committee developed the 62443 series of standards, which the International Electrotechnical Commission (IEC) adopted. The standards address current and future vulnerabilities in Industrial Automation and Control Systems (IACS). They accordingly apply necessary mitigation systematically and defensibly. The ISA/IEC 62443 standards focus only on the maturity of security programs and processes.

“While standards such as ISA/IEC 62443 are needed to codify proven and accepted engineering practices, they are seldom sufficient. Joint efforts such as this provide the practical guidance necessary to promote and support their adoption,” said Eric Cosman, co-chair of the ISA99.