ISA releases new white paper on industrial cybersecurity

The International Society of Automation (ISA) and the ISA Global Cybersecurity Alliance (ISAGCA), with contributing author Gary Rathwell, released a new white paper entitled “Implementing an Industrial Cybersecurity Program for Your Enterprise.”

ISA/IEC 62443 offers requisite tools to reduce the risk of financial, reputational, human and environmental impact from cyber-attacks on Industrial Automation and Control Systems (IACS).

The International Electrotechnical Committee (IEC) recently designated ISA/IEC 62443 a horizontal standard, validating its applicability for a wide range of industries.

ISA states in a release that companies may find that while most of the standard applies to their IACS, parts of it may not. For example, some “normative requirements” that are appropriate for an interstate pipeline, may not be relevant to a chemical plant or a discrete manufacturing facility. Additionally, obvious differences would exist, for example, between a large-scale corporation with many sites and thousands of employees and a small company with a few dozen staff.

ISA, therefore, recommends every company to establish its own IACS cybersecurity program to manage cybersecurity risks. ISA/IEC 62443 2-1 provides guidance on how to establish such a security program for IACS asset owners.

The white paper summarizes the guidance from the series of standards and addresses the specific needs of owners/operators of industrial facilities. The paper covers the following topics:

1. What is an IACS cybersecurity program?
2. Preparing an IACS cybersecurity program
3. How does an IACS cybersecurity program relate to IT cybersecurity?
4. Costs and benefits of an IACS cybersecurity program
5. What to do next

“Creating an IACS cybersecurity program is approachable, and companies should be working with their vendors and partners to build such a program if they don’t already have one in place,” said contributing author Gary Rathwell. “This paper gives a foundation for building a program, and there is no time to waste for companies and organizations looking for protection from, and mitigation of, cyber incidents.”

The white paper can be downloaded here.

ISAGCA intends to publish additional white papers to guide IACS vendors, suppliers of IACS products and services, integration/engineering services, and other stakeholders as they prepare IACS cybersecurity programs within their facilities and operations.