Skip to content
NEW: ISASecure Site Assessment Program for OT Cybersecurity Learn More

ISASecure Reports Significant Membership Growth in Support of Site Assessment Program

Durham, NC, 6 May 2024 – The International Society of Automation (ISA) – the leading professional society for automation – has announced that its ISA Security Compliance Institute (ISCI) operating under the ISASecure® brand reported significant membership growth in 2023, adding 25 new members. The ISASecure program delivers market leading operational technology (OT) cybersecurity certifications to the ISA/IEC 62443 series of standards.

 

Companies seeking to participate in the development and adoption of the ISASecure Automation and Control System Security Assurance (ACSSA) assessment and certification scheme are the drivers for the recent membership growth. ISASecure is experiencing similar growth year to date in 2024, building on the ACSSA momentum.

 

ACSSA establishes a standardized cybersecurity assessment methodology for operational technology (OT) based on the asset-owner series of ISA/IEC 62443 OT cybersecurity standards; and produces a standardized assessment report detailing the security capabilities achieved in automation controlling equipment in operation at asset owner sites.

 

The ACSSA scheme is attracting compliance software companies who see an emerging market need to institutionalize the ISA/IEC 62443 standards and complementary conformance specifications into user-friendly software applications. Features include dashboards, bar charts, heat maps and other useful reporting capabilities. To date, most asset owners and consultants have been using spreadsheets and PDF files to perform assessments and for reporting. ISASecure will license the ACSSA specifications to compliance software companies.

 

“We are on a mission to facilitate the emergence of the ISA/IEC 62443 standards from the primordial ooze of spreadsheets and PDFs into useful applications to accelerate adoption of the world’s most accepted OT cybersecurity standards,” noted Andre Ristaino, ISA Managing Director of Conformance Programs and Consortia. “The ISASecure ACSSA assessment specifications establish the foundation for providing standards-based, objective measures of the cybersecurity posture for automation in operation at asset owner sites.”

 

The ACSSA program is slated for completion and launch in the first half of 2025 and will offer a three-day training class for all parties interested in using the scheme for doing site assessments and reporting. The scheme and related training are designed to be used universally by asset owners, consultants, certification bodies and public policy makers. ACSSA may be applied to current operations in steady-state, brownfield upgrades and greenfield sites and expansions.

 

Key benefits to ISASecure members include discounts on world-class ISA cybersecurity training and access to the ISASecure ACSSA assessment specifications with license fees waived.

 

New ISASecure members represent key OT cybersecurity stakeholders, including asset owners, automation suppliers, cybersecurity product and service providers, consulting and engineering, and EPC firms, government policy makers and certification bodies. New member additions include:

 

GSK, Trane, Security Gate, Secudea, Walnut Creek Consulting, Arcadis, Peloton Cybersecurity, Enaxy, Optiv, Generac, Interstates, Armexa, Securing Things, CyberPrism, IACS Consulting, Kaizen, UL Solutions, AC&E, Arnoud Souille, John Kingsley, RBJ Consultancy and Zuonet.

 

ISA Managing Director Andre Ristaino commented further, “It is quite an undertaking to assemble a group of OT cybersecurity experts who can work with the ISA/IEC 62443 subject matter experts to develop a consensus assessment specification. The foundational specification will be used to evaluate the security of automation controlling equipment installed at asset owner sites and critical infrastructure operations. The ACSSA specification can be re-purposed for use in many industry sectors and use cases. We invite industry sectors with OT security challenges to use the ACSSA for creating sector specific assessment profiles.”

 

The ISASecure ISA/IEC 62443 product certification scheme has been operational since 2010. Large asset owners are already specifying ISASecure conformance in their procurement language at security level 2 and higher. Specifying ISASecure in procurement language costs nothing for asset owners, and ensures investments in new automation and control systems technology will include industry-leading standards-based cybersecurity capabilities.

 

Learn More: Webinar on 8 May

ISA will host a free webinar about the ISASecure ACSSA program on 8 May from 11 am to 12 pm eastern. Register here to learn more about the program.

 

About ISA

The International Society of Automation (ISA) is a non-profit professional association founded in 1945 to create a better world through automation. ISA’s mission is to empower the global automation community through standards and knowledge sharing. ISA develops widely used global standards and conformity assessment programs; certifies professionals; provides education and training; publishes books and technical articles; hosts conferences and exhibits; and provides networking and career development programs for its members and customers around the world. Learn more at www.isa.org.

 

About ISASecure

Founded in 2007 by the International Society of Automation (ISA), the ISASecure mission is to provide the highest level of assurance possible for the cybersecurity of industrial automation control systems. Founders and key supporters of ISASecure include: BP, Chevron, ExxonMobil, Saudi Aramco, Shell, GSK, Honeywell, Johnson Controls, Schneider Electric, Yokogawa, Carrier, Siemens, YPF, Amazon Web Services, exida, TUV Rheinland, CSSC, FM Approvals, Synopsys, Trust CB, SecurityGate, BYHON, TUV SUD, Trane and Bureau Veritas. The Program’s ISASecure designation signifies to the marketplace that industrial automation and control products conform to industry-consensus cybersecurity standards. The ISASecure trademark provides confidence to users of ISASecure certified products and systems and creates product differentiation for suppliers who conform to the ISASecure specifications. Assessments and certifications for automation in operation at asset owner sites are available under the ISASecure ACSSA scheme starting in 2025.