Royal Dutch Shell plc joins the ISA Security Compliance Institute in support of the ISASecure® Cybersecurity Conformance Scheme
Release date: 10/24/2019
Shell’s inclusion as a technical member provides vital input of energy sector leader, enhances relevancy of the ISASecure program
Research Triangle Park, North Carolina, USA (24 October 2019) – The ISA Security Compliance Institute (ISCI) announced today that Royal Dutch Shell plc has joined ISCI as technical member in support of the ISASecure® Cybersecurity Conformance Scheme.
The ISASecure certification program, developed by ISCI, is an industry-led program composed of the leading stakeholders in the process industry. It assesses IAC products and systems to ensure they are robust against network attacks, free from known vulnerabilities, and meet the security capabilities defined in the ISA/IEC 62443 standards.
A key differentiator of the ISASecure program is its inclusion of end users in its certification development process. End user members directly contribute to ISASecure certification development, ensuring their needs are reflected in the certification requirements.
“Business drivers, such as digitalization and IIOT, are seeking to extract ever increasing amounts of value from our industrial automation and control systems,” says Mark Duck, Principal Technical Expert, ICS Security, Shell. “This in turn, results in more integration between the automation systems and business systems, including cloud-based business systems, which increases cybersecurity risk. The industry must find ways to systematically improve the security posture of these automation systems and simultaneously meet these new business requirements. Shell uses the ISA/IEC 62443 standard internally and recognizes the value of the ISASecure product security certification process to ensure end users, like Shell, are buying products with verified security capabilities and robustness. Shell is also supporting initiatives such as The Open Group Open Process Automation Forum (OPAF) which has selected the ISA/IEC 62443 industrial cybersecurity standard. OPAF has, in turn, partnered with ISASecure to leverage the certification processes offered by ISASecure based on the ISA/IEC 62443 standard. Shell recognizes the synergy in this approach and is pleased to provide support and the opportunity to influence the resulting requirements and standards.”
“We are very pleased to welcome Shell as a technical member of ISCI,” says Andre Ristaino, ISCI managing director. “As an international energy company and industry leader, Shell is committed to providing energy solutions safely and securely. Their expertise and experience will strengthen the ISASecure conformance and certification program and enhance its global reputation in the energy sector for protecting industrial automation and control products and systems from security vulnerabilities.”
ISASecure Program Overview
The ISASecure Certification Program was the first standards-based program for control systems and the first to offer certifications to ISA/IEC 62443, the world’s only consensus-based series of industrial cybersecurity standards. It is the most referenced ISA/IEC 62443 control system certification scheme in the world.
- The Assurance of 360° Certification and Ongoing Security Assessments, Security Lifecycle Audits and Testing
ISASecure evaluates functional security capabilities and the security development lifecycle, and uses formal test campaigns to ensure that products are free of known vulnerabilities and stout against network attacks. An ISASecure certification means devices and systems will meet cybersecurity benchmarks today, and will maintain and improve their cybersecurity capabilities throughout their lifecycle.
- Cyber-Incident Response Plans
As part of the security lifecycle audit, suppliers must demonstrate cyber-incident response plans and procedures. Suppliers must be ready and capable to respond if deployed products are involved in a cybersecurity incident. End users can have confidence that suppliers are meeting their shared responsibilities for cybersecurity.
- Accredited, Independent Certification Bodies (CBs/labs)
ISASecure requires its CBs to meet ISO/IEC 17065 international requirements for labs, through accreditation by an ISO/ IEC 17011 accrediting agency. These accreditations assure end users that the ISASecure CBs are fair, consistent, credible, and free of conflicts of interest. This approach enables ISASecure to add CBs in any geographic region, supporting the global growth of ISASecure IEC 62443 conformity assessments.
- An Unbiased, industry-driven Approach
The ISASecure certification scheme is managed by a not-for profit industry group whose goal is to secure control systems, not make profits. ISASecure members are end users, suppliers, test laboratories, and tool suppliers. This balance of stakeholders ensures that the ISASecure program satisfies end user needs, is fair and economically feasible for suppliers, and can be implemented consistently by certification bodies.
Transparency is a founding principle of the ISASecure certification scheme. All ISASecure program specifications are published publicly and readily available for download and review from the www.isasecure.org
Shell is an international energy company with expertise in the exploration, production, refining and marketing of oil and natural gas, and the manufacturing and marketing of chemicals.
Our strategy is to strengthen our position as a leading energy company by providing oil and gas and low-carbon energy as the world's energy system changes. We seek to meet the world’s growing need for more and cleaner energy solutions in ways that are economically, environmentally and socially responsible. Safety and social responsibility are fundamental to our business approach.
Our operations are divided into our businesses: Upstream, Integrated Gas and New Energies, Downstream. Our Projects & Technology organisation manages the delivery of Shell’s major projects and drives our research and innovation.
Royal Dutch Shell was formed in 1907, although our history can be traced back to the first half of the 19th century. Our headquarters are in The Hague, the Netherlands. The parent company of the Shell group is Royal Dutch Shell plc, which is incorporated in England and Wales.
About the ISA Security Compliance Institute (ISCI)
Founded in 2007, the ISA Security Compliance Institute’s mission is to provide the highest level of assurance possible for the cyber security of industrial automation control systems (IACS).
The Institute was established by thought leaders from major organizations in the industrial automation controls community seeking to improve the cyber security posture of critical Infrastructure for generations to come. ISCI Members include Chevron, ExxonMobil, Shell, Aramco Services, Honeywell, Schneider Electric, Yokogawa, exida, Codenomicon, CSSC, and IPA-Japan.
The Institute’s goals are realized through industry standards compliance programs, education, technical support, and improvements in suppliers’ development processes and users’ life cycle management practices. The ISASecure® designation ensures that IACS products conform to industry consensus cyber security standards such as IEC 62443, providing confidence to users of ISASecure products and systems and creating product differentiation for suppliers conforming to the ISASecure specification. www.isasecure.org
ISASecure® is a registered trademark of the ISA Security Compliance Institute.
ISCI press contacts: