ISA White Paper on IIoT Systems Addresses Unique Cybersecurity Needs of Cloud and Edge-Cloud Services
Durham, NC, 9 July 2024 – The International Society of Automation (ISA) – the leading professional society for automation – announced today that its ISASecure® cybersecurity certification program and the ISA Global Cybersecurity Alliance (ISAGCA) have released a new paper on industrial internet of things (IIoT) systems.
“IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards” explores how the world’s leading consensus standards for the security of industrial automation and control systems (IACS) can be applied to cloud-based functionality.
ISASecure and ISAGCA will host an informative webinar on 17 July at 11 a.m. Eastern time for interested parties to learn more about the paper. Registration is free.
The main conclusions of this 73-page paper include:
- The concepts in ISA/IEC 62443 series of standards can be applied to IACS that use cloud-based functionality. Concepts such as risk assessment, zone and conduit partitioning and the system/component model can all be applied to an IIoT IACS.
- The scope of ISA/IEC 62443 should extend to the cloud environment when the cloud-based functionality has the capability to directly or indirectly change the physical state of the equipment under control.
- Implementation of essential functions in the cloud does not meet ISA/IEC 62443 requirements.
- A new category of cloud service called operational technology as a service (OTaaS) would provide transparency when cloud-based functionality has the capability to directly or indirectly change the physical state of the equipment under control.
- The cloud provider is a new role not currently defined in the ISA/IEC 62443 series. The cloud provider role includes aspects of product supplier, service provider and asset owner (operator) roles.
- Conformity assessment schemes could be developed for IIoT systems, components and IACS based on ISA/IEC 62443 standards, provided these standards are updated for the IIoT use case.
“The ISA/IEC 62443 series is the leading set of international standards for the operational technology (OT) cybersecurity landscape,” said Andre Ristaino, managing director, ISA conformity assessment programs. “As industrial environments move increasingly to cloud and edge-cloud systems and functions, it is important to validate that the standards support this type of implementation. We are pleased that the paper finds the standards to be applicable and identifies several ways to continue to improve OT cybersecurity through the definition of new roles, services and conformance measures.”
“IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards” is available for download on the ISASecure and ISAGCA websites.
About ISASecure
Founded in 2007 by the International Society of Automation (ISA), the ISASecure program’s mission is to provide the highest level of assurance possible for the cybersecurity of automation and control systems.
Founders and key supporters of ISASecure® include: BP, Chevron, ExxonMobil, Saudi Aramco, Shell, YPF, GSK, Honeywell, Johnson Controls, Schneider Electric, Trane, Yokogawa, Carrier, Siemens, YPF, Amazon Web Services, exida, TUV Rheinland, CSSC, FM Approvals, Synopsys, Trust CB, UL Solutions, SecurityGate, Interstates, BYHON, TUV SUD, ITRI and Bureau Veritas.
The Program’s ISASecure™ designation signifies to the marketplace that automation and control system products conform to industry-consensus cybersecurity standards. The ISASecure trademark provides confidence to users of ISASecure-certified products and systems and creates product differentiation for suppliers who conform to the ISASecure specifications. Learn more at www.isasecure.org.
About ISAGCA
The ISA Global Cybersecurity Alliance (ISAGCA) is a collaborative forum to advance OT cybersecurity awareness, education, readiness, standardization, and knowledge sharing. ISAGCA is made up of 50+ member companies and industry groups, representing more than $1.5 trillion in aggregate revenue across more than 2,400 combined worldwide locations. Automation and cybersecurity provider members serve 31 different industries, underscoring the broad applicability of the ISA/IEC 62443 series of standards. Learn more at www.isagca.org.
About ISA
The International Society of Automation (ISA) is a non-profit professional association founded in 1945 to create a better world through automation. ISA’s mission is to empower the global automation community through standards and knowledge sharing. ISA develops widely used global standards and conformity assessment programs; certifies professionals; provides education and training; publishes books and technical articles; hosts conferences and exhibits; and provides networking and career development programs for its members and customers around the world. Learn more at www.isa.org.
###