Industrial cybersecurity is key to reducing the risk of financial, reputational, human, and environmental impact from cyber-attacks.
Industrial cybersecurity, its implementation and management, is detailed in a new white paper from the International Society of Automation (ISA) and the ISA Global Cybersecurity Alliance (ISAGCA).
The new white paper entitled, ‘Implementing an Industrial Cybersecurity Program for Your Enterprise’ provides powerful tools to reduce cybersecurity risks and is centered on ISA/IEC 62443.
ISA/IEC 62443 has been categorized as a “horizontal standard” by the International Electrotechnical Committee (IEC), validating its applicability for a wide range of industries. Any specific company is likely to find that while most of the standard applies to their IACS, parts of it may not.
For example, some “normative requirements” that are appropriate for an interstate pipeline, may not be relevant to a chemical plant or a discrete manufacturing facility. There are also obvious differences in industrial cybersecurity risks between a large-scale corporation with many sites and thousands of employees, and a small company with a few dozen staff.
It is therefore recommended that each company establishes their own IACS industrial cybersecurity program to manage risks, and ISA/IEC 62443 2-1 provides guidance on how to establish such a security program for IACS asset owners.
The white paper is intended to summarize the guidance from the series of standards and address the specific needs of owner/operators of industrial facilities. The paper covers the following industrial cybersecurity topics:
What is an IACS cybersecurity program?
Preparing an IACS cybersecurity program
How does an IACS cybersecurity program relate to IT cybersecurity?
Costs and benefits of an IACS cybersecurity program
What to do next
“Creating an IACS cybersecurity program is approachable, and companies should be working with their vendors and partners to build such a program if they don’t already have one in place,” said contributing author Gary Rathwell. “This paper gives a foundation for building a program, and there is no time to waste for companies and organizations looking for protection from, and mitigation of, cyber incidents.”
The white paper is available to download here
ISAGCA plans to publish additional white papers intended to guide IACS vendors, suppliers of IACS products and services, integration/engineering services, and other stakeholders as they prepare IACS industrial cybersecurity programs within their facilities and operations.
The ISA Global Cybersecurity Alliance (ISAGCA) is a collaborative forum of member companies that aim to advance cybersecurity awareness, education, readiness, and knowledge sharing industry-wide, on a global scale. The alliance’s objectives include expanding the development and use of the ISA/IEC 62443 series of standards, knowledge-sharing in an open environment, providing best practice tools to help companies secure their infrastructure, creating education and certification programs, and advocating for cybersecurity awareness and sensible approaches with world governments and regulatory bodies.