Product category:
Process Control System security
News Release from: ISA:Instrumentation Systems and Automation Society | Subject: SP99
Edited by the Processingtalk Editorial
Team on 03 April 2007
SP99 Security Standards Committee forges
ahead
The SP99 standards development committee is making good progress on several fronts in developing standards and guidelines for the electronic security of industrial automation and control systems
The ISA SP99 standards development committee is making substantial progress on several fronts in its work to develop standards and guidelines for the electronic security of industrial automation and control systems The committee has conducted a second round of voting on the draft standard, Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts and Models
This article was originally published on Processingtalk on 4 Apr 2005 at 8.00am (UK)
Related stories
Cyber security standards initiative moves forward
The ISA SP99 committee, 'Manufacturing and Control Systems Security', is strengthening its efforts on several fronts with the help of experts from leading companies across industry
CSE study guide covers new exam specifications
Engineers are aware that industry is changing constantly, and that becoming licensed signifies expertise in a competitive field: this study guide helps engineers prepare for the October examination
The draft received enough votes to pass, but the committee will evaluate all comments and reissue another draft if necessary.
This first standard will establish the context for all of the remaining standards in the ISA-99 series by defining a common set of terminology, concepts and models for electronic security.
The planned Part 2 standard in the ISA-99 series, Establishing an Industrial Automation and Control Systems Security Programme, is being prepared for its own second committee ballot in the coming months.
Further reading
ISA Training course catalogue released
The ISA Training Institute has released its latest course catalogue, detailing more than 300 instructor-led, CD-ROM, online, web-based, and video courses, from August 2003 to March 2004
Complete measurement and control information
ISA announces the second edition of the best-selling book "The Condensed Handbook of Measurement and Control" by N E Battikha
New ISA guide helps predict control system success
As a sequel to the best-selling text, Advanced Control Unleashed, ISA announces a new pocket guide: Models Unleashed: Virtual Plant and Model Predictive Control Applications by McMillan and Cameron
This standard will provide guidance for developing a programme for the security of industrial automation and control systems - including detailed guidance on process activities and key elements for establishing a cyber security management system.
In addition to the work on the Part 1 and Part 2 standards, ISA-SP99 has also established a new working group to develop a further standard in the series, Specific Security Requirements for Industrial Automation and Control Systems.
This standard will define the characteristics of industrial automation and control systems that differentiate them from other information technology systems from a security point of view.
Based on these characteristics, the standard will establish the security requirements that are unique to this class of systems.
Valuable technical input into this standard is anticipated from related work within the International Electrotechnical Commission (IEC).
Valuable input and support is also expected from key US Government entities including the Department of Homeland Security, the Department of Energy, Idaho National Laboratory, and the National Institute for Standards and Technology - all of which have provided vital support throughout the ISA-SP99 initiative.
Beyond its work on the initial standards in the ISA-99 series, the committee is also planning to release a revised and updated technical report, first published in 2004, for committee vote.
This technical report, Security Technologies for Industrial Automation and Controls Systems, focuses on identifying and evaluating currently available technologies for control systems security, covering areas including.
- Authentication and Authorization.
- Filtering/Blocking/Access Control.
- Encryption and Data Validation.
- Audit, Measurement, Monitoring and Detection Tools.
- Operating Systems.
- Physical Security.
Each technology is discussed in terms of security vulnerabilities addressed by the technology, typical deployment, known issues and weaknesses, use in the industrial automation and control systems environment, future directions, recommendations and guidance, and references.
"This document is intended to document the known state-of-the-art of cyber security technologies as applied to the industrial automation and control systems environment", said technical report working group co-chair Eric Byres of Byres Security.
"We're going to clearly define what can reasonably be deployed today, and identify areas where more research is needed".
"ISA-SP99 is doing an amazing amount of high-quality work," stated committee chair Bryan Singer of FluidIQs.
"These standards and guidelines will truly make a difference in industrial automation and control systems security, and we're committed to continuing our progress".
The ISA SP99 committee has over 250 members representing a variety of companies, organizations and expertise from across industry, government, and academia.
The committee is focused on industrial automation and control systems whose compromise could result in endangerment of the public or employees, regulatory violations, loss of proprietary or confidential information, and national security risks.
The concept of manufacturing and control systems electronic security is applied in the broadest possible sense, encompassing all types of plants, facilities, and systems in all industries.
• ISA:Instrumentation Systems and Automation Society: contact details and other news
• Email this article to a colleague
• Register for the free Processingtalk email newsletter
• Processingtalk Home Page
Search the Pro-Talk network of sites
