ISAGCA and the ISASecure Program Release Joint Study on IIoT Product Certifications Based on the ISA/IEC 62443 Standard
The ISA Global Security Alliance (ISAGCA) and the ISA Security Compliance Institute (ISCI) have announced the release of a co-sponsored Industrial Internet of Things (IIoT) product certification study entitled, “IIoT Component Certification Based on the ISA/IEC 62443 Standard.”
The report, the first in a two-part study, evaluates the urgent need for industry vetted IIoT product certification programs, with the goal of determining the applicability of the ISA/IEC 62443 series of standards and certifications to commercial off-the-shelf (COTS) IIoT components and gateways.
The second part of the study, due out later this year, answers the same questions for IIOT system offerings (solutions) and analyzes the use of IIOT solutions for process control.
“During a certification roadmap meeting two years ago, ISCI asset owners noted the high volume of new IIoT offerings from the supplier community and sought a standards-based scheme for certifying the cybersecurity of these new offerings,” said ISA Managing Director Andre Ristaino, who oversees both ISAGCA and ISCI. “Our supplier members were equally interested in this, so ISAGCA and ISCI jointly funded the two-part study to answer the questions.”
In 2016, ISCI completed a rigorous study on the applicability of ISA/IEC 62443 to automation and control systems in smart building technology. The positive report conclusions were vetted by smart building subject matter experts, resulting in the accelerated adoption of the ISA/IEC 62443 standards by product suppliers in this industry sector.
“As an organization, we are committed to reporting on the applicability of this powerful series of standards to new industry sectors and publicly sharing the results,” said Eric Cosman, ISA99 Committee Co-chairman. “Through the results of these rigorous studies, we are able to confirm the broad applicability of these standards to many technologies and sectors.”
You can download the study here.
The ISA Global Cybersecurity Alliance (ISAGCA) is a collaborative forum of member companies that aim to advance cybersecurity awareness, education, readiness, and knowledge sharing industry-wide, on a global scale. The alliance’s objectives include expanding the development and use of the ISA/IEC 62443 series of standards, knowledge-sharing in an open environment, providing best practice tools to help companies secure their infrastructure, creating education and certification programs, and advocating for cybersecurity awareness and sensible approaches with world governments and regulatory bodies.
About ISAGCA Members
The ISA Global Cybersecurity Alliance is made up of 50+ member companies, representing more than $1.5 trillion in aggregate revenue across more than 2,400 combined worldwide locations. Automation and cybersecurity provider members serve 31 different industries, underscoring the broad applicability of the ISA/IEC 62443 series of standards. Current members of ISAGCA include 1898 & Co. (Burns McDonnell), ACET Solutions, aeSolutions, Baserock IT Solutions, Bayshore, Carrier Global, Claroty, ConsoleWorks, Coontec, CyberOwl, CyPhy Defense, Deloitte, Digital Immunity, Dragos, Eaton, exida, Ford Motor Company, Fortinet, Fortress InfoSec., Honeywell, Idaho National Laboratory, Idaho State University, ISASecure, Johns Manville, Johnson Controls, KPMG, LOGIIC, Mission Secure, MT4 Senhasegura, Munio Security, Nova Systems, Nozomi Networks, PAS, PETRONAS, Pfizer, Radiflow, Redacted, Red Trident, Rockwell Automation, Schneider Electric, Surge Engineering, TDI Technologies, Tenable, TI Safe, Tripwire, TXOne Networks, UL, Wallix, WisePlant, Xage Security, and Xylem. For more information about ISAGCA, visit www.isa.org/isagca.
Founded in 2007, the ISA Security Compliance Institute’s mission is to provide the highest level of assurance possible for the cyber security of automation and control systems. ISCI was established by thought leaders from major organizations in the automation and controls community seeking to improve the cyber security posture of critical Infrastructure for generations to come.
The Institute’s goals are realized through industry standards compliance programs, education, technical support, and improvements in suppliers’ development processes and users’ life cycle management practices operating under the ISASecure® brand.
The ISASecure® designation ensures that automation and control system products conform to industry consensus cyber security standards such as ISA/IEC 62443, providing confidence to users of ISASecure products and systems and creating product differentiation for suppliers conforming to the ISASecure specification.
Founders and key supporters of ISASecure® include BP, Chevron, ExxonMobil, Saudi Aramco, Shell, YPF, Honeywell, Johnson Controls, Schneider Electric, Yokogawa, Siemens, exida, TUV Rheinland, CSSC, FM Approvals, Synopsys, DNV, Applied Risk, Trust CB, Security Compass, SGS Espanola de Control, BYHON, TUV SUD, WisePlant HQ, and Bureau Veritas.