Skip to content

About ISASecure

Securing the automation that affects our everyday lives.

Our History

Founded in 2007, ISASecure’s mission is to provide the highest level of assurance possible for the cybersecurity of industrial automation control systems.

The program was established by thought leaders from major organizations in the industrial automation controls community seeking to improve the cybersecurity posture of critical infrastructure for generations to come. Founding members include BP, Chevron, ExxonMobil Research and Engineering, Honeywell, Invensys Process Systems, Siemens, and Yokogawa. Key technical members include Industrial Defender, Mu Security, Rockwell Automation, and Wurldtech Technologies.

The program’s goals are realized through industry standards compliance programs, education, technical support, and improvements in suppliers’ development processes and users’ life cycle management practices. 

The ISASecure designation ensures industrial automation control products conform to industry consensus cybersecurity standards, providing confidence to users of ISASecure certified products and systems and creating product differentiation for suppliers.

Oil and Gas Plant
Highway Overpass

Our Mission

To decrease the time, cost, and risk of developing, acquiring, and deploying control systems. We seek to establish a collaborative industry-based program among asset owners, suppliers, and other stakeholders in order to:

  • Facilitate independent testing and certification of control system products to a defined set of control system security standards

  • Use existing control system security industry standards where available, develop or facilitate development of interim standards where they don’t already exist, and adopt new standards when they become available

  • Accelerate the development of industry standards that can be used to certify that control systems products meet a common set of security requirements

The standards, tests, and conformance processes we use, develop, and facilitate will allow the products to be securely integrated. 

Our ultimate goal is to accelerate standards-based product development practices so that the products are intrinsically secure.

Governing Board

Brandon Price

Brandon Price

Chairman | ExxonMobil

Brandon is Senior Principal Engineer for ICS Cybersecurity at ExxonMobil with responsibility for sustaining ExxonMobil's ICS cybersecurity strategy for its Upstream, Downstream and Midstream businesses. He has over 20 years of experience in leadership, security and business controls for protecting information, information systems and operational technology. He is a graduate of The University of Alabama with a degree in Management Information Systems and holds a CISSP certification.

Kenny Mesker

Kenny Mesker

Vice Chairman | Chevron

Kenny is an ICS Cybersecurity Engineer with Chevron’s Information Technology Company. He is an ICS Risk Assessment SME and a member of the ICSJWG Workforce Development team and several ISA 62443 TGs. Kenny also acts as an advisor to Chevron’s Process Control Network (PCN) Standards Review Board, is an active advisor to the Chevron Vulnerability Assessment Team, and is a Chevron Tech Expert.

Dan DesRuisseaux

Dan Desruisseaux

Marketing Lead | Schneider Electric

Dan DesRuisseaux possesses over 25 years of diverse experience in engineering, sales, and marketing roles in high tech companies. Mr. DesRuisseaux presently serves as the Cybersecurity Program Director for Schneider Electric's Industrial Division. In this role he works to insure the proper and consistent implementation of security features across SE's diverse product portfolio. 

He also identifies and fills security gaps by forging partnerships with best in class security appliance companies. Mr. DesRuisseaux is also the marketing Chairman of the ISA Security Compliance Institute - a non-profit organization seeking to improve ICS security through standards compliance.

Eric Cosman

Eric Cosman

ISA-99 Committee Liaison | OIT Concepts

Eric C. Cosman is the founder and Principal Consultant at OIT Concepts, LLC. He provides consulting and advisory services to suppliers, professional associations, and asset owners, focusing on management of information technology solutions in Process Automation, Operations, and Engineering. This includes providing guidance on the definition and leadership of collaborative teams between IT and OT organizations.

Eric is a Chemical Engineer with over 35 years of experience in the process industries. He has held positions in process engineering, process systems software development, telecommunications, IT operations, automation architecture, and consulting. 

ISASecure Staff

Andre Ristaino

Andre Ristaino

Managing Director

Mr. Ristaino is Managing Director of the ISA Automation Standards Compliance Institute based in RTP, North Carolina. He provides staff leadership for ISA’s conformance certification programs, including the ISASecure control systems certification program managed under the ISA Security Compliance Institute. 

Mr. Ristaino is an international presenter on the IEC 62443 standards and control systems certification. He is an invited expert to the ERNCIP in support of the EU control systems cybersecurity certification initiative, an advisor for an ORNL research project on malware in the bulk electric distribution network, an invited presenter on cybersecurity and wireless technology at ARC Forums, and has published articles in the ISA InTech magazine. 

Carol Muerke

Carol Muehrcke

Project Manager

In 26 years in the cyber security field, Dr. Carol Muehrcke has led security assurance teams for high assurance products, software development teams for both commercial and government security products, research programs on assurance methods and security mechanisms, and industry working groups on cyber security. 

Starting in 2008 she has worked with the ISA Security Compliance Institute to manage, develop and roll out certification programs for control systems, control system components, and secure product development life cycle (www.isasecure.org). Previously she was co-chair of Working Group 1 that developed electric sector failure scenarios under the DOE funded NESCOR project (National Electric Sector Cybersecurity Resource). She was a contributing author to the process control cyber security standard ISA-62443-2-1-2009, and co-chair of the SCADA Cyber Self Assessment Working Group under the DHS Process Control System Forum.

Michael Brazda

Michael Brazda

Marketing & Operations Manager

I love good branding.

It pulls you in and forges an instant connection. This is not a rational experience. Its power lives on the unconscious level. To wield this power, a brand must get inside the minds of its audience, learn their values, their desires, their language, and be willing to genuinely help them meet their goals. A good brand shines.

I have worked with technology companies to help them:

  • Understand their audience
  • Create persuasive and magnetic brand positioning
  • Develop communication strategies and content that empowers their audiences

 

ASCI Resources

ASCI Policies and Procedures 21 Dec 2011 View/Download Resource
ASCI Articles of Incorporation View/Download Resource
ASCI Bylaws View/Download Resource
ASCI Membership Terms and Conditions View/Download Resource
ASCI Patent Rules and Letter of Assurance View/Download Resource

Interested in Learning More?