ISASecure launches site assessment program for OT cybersecurity

The International Society of Automation (ISA), along with the ISA Security Compliance Institute (ISCI), is creating an all-new conformity assessment scheme for automation systems deployed at operating sites. The association explains in a press statement that this is a critical and long-overdue addition to the landscape of operational technology (OT) cybersecurity solutions.

ISA will base the OT cybersecurity site assessment scheme on the automation and control systems cybersecurity standard ISA/IEC 62443. The association states that the scheme will apply to all types of automation and control systems in a wide range of industries.

Suppliers have broadly adopted ISA/IEC 62443, as well as its certification scheme, ISASecure, for commercial off-the-shelf (COTS) automation and control system products and supplier’s security development practices. ISASecure recently released an IIOT component and gateway certification program (ICSA) to remain current with new technology advances. However, asset owners and plant managers have yet to coalesce around a single cybersecurity assessment scheme for OT deployed at operating sites.

“The proposed site assessment scheme will have a critical role in the OT cybersecurity landscape – the automation systems at the operating site itself,” said Brandon Price, ExxonMobil senior principal engineer for ICS Cybersecurity and current ISCI Board chairman. “This standards-based program is unique, and we anticipate it will become the global standard used by operating sites, certification bodies, internal auditors and public policymakers.”

The program will encourage the broad industry adoption of the ISA/IEC 62443 operating site cybersecurity standards and best practices. ISA and ISCI plans include building and overseeing a related training and credentialing program for site assessors.  ISA and other training organizations already offer training for the ISA/IEC 62443 operating site standards.

“We are inviting companies who are interested in supporting and promoting this program to participate; particularly end-users whose support is critical to this program’s success. Supporters may participate in specification development, provide funding, or simply provide public support,” said Andre Ristaino, managing director of ISA Consortia and Conformity Assessment Programs.  “We anticipate a development schedule of 12–14 months and expect to formally launch the program in Q4 2023 or early 2024.”

Further information the program is available here.