DURHAM, N.C., July 23, 2024 /PRNewswire/ — The International Society of Automation (ISA), the main skilled affiliation for automation, broadcasts the discharge of a white paper outlining suggestions to boost the bar for security and safety in automation and management techniques. ISA revealed the white paper in collaboration with the ISASecure® Cybersecurity Certification Program and the ISA Global Cybersecurity Alliance (ISAGCA).
The paper advocates for designing and certifying industrial off-the-shelf (COTS) elements to fulfill, at a minimal, safety degree 2 (SL2) as outlined within the ISA/IEC 62443 collection of requirements, the world’s main consensus-based requirements for cybersecurity of management techniques. The 23-page report, titled “The Case for ISA/IEC 62443 as a Minimum Security Level 2 for COTS Components,” outlines how the SL2 customary will increase product safety capabilities over the earlier, much less stringent SL1 necessities. SL1 security measures aren’t meant to guard in opposition to malicious or intentional safety breaches. ISA’s report explains how SL2 offers stronger measures to mitigate assault vectors which might be extra prevalent at the moment.
“Intentional cyber assaults in opposition to industrial automation and management techniques are on the rise,” mentioned Andre Ristaino, managing director of ISA Conformity Assessment Programs. “Commercially out there merchandise have gotten targets of those focused assaults. The ISA/IEC 62443 collection is the main worldwide cybersecurity customary within the operational know-how (OT) sector, and Security Level 2 capabilities present the perfect minimal tips for securing COTS merchandise. This new white paper offers a superb overview of the safety capabilities required to fulfill ISA/IEC 62443 SL2.”
The report features a evaluate of how the SL2 customary can enhance the resilience of COTS elements in cybersecurity incidents and the techniques they’re built-in into. The SL2 customary requires elements to:
Uniquely distinguish particular person human or non-human customers interacting with a part, enhancing the power to hint the supply of consumer exercise which will represent an assault; Authenticate throughout techniques with which they’re built-in, growing the extent of belief between techniques and elements; Provide the power to customise human function definitions to mirror website operations, limiting undesirable insider entry; Close inactive communication periods which might be left open as a possible assault vector; Verify the supply of communications to a part, limiting the sources of community assaults; Protect in opposition to take a look at interfaces getting used as a possible assault vector; Provide elevated assurance that operating code, together with cellular code, updates, and upgrades, is from a trusted supply and has not been tampered with.
“The Case for ISA/IEC 62443 Security Level 2 as Minimum Requirements for COTS Components” will be downloaded from the ISASecure and ISAGCA web sites.
About ISASecure
Founded in 2007 by the International Society of Automation (ISA), the mission of the ISASecure program is to offer the very best attainable degree of assurance for the cybersecurity of automation and management techniques.
ISASecure® founders and key supporters embody BP, Chevron, ExxonMobil, Saudi Aramco, Shell, YPF, GSK, Honeywell, Johnson Controls, Schneider Electric, Trane, Yokogawa, Carrier, Siemens, YPF, Amazon Web Services, exida, TUV Rheinland, CSSC, FM Approvals, Synopsys, Trust CB, UL Solutions, SecurityGate, Interstates, BYHON, TUV SUD, ITRI and Bureau Veritas.
The program’s ISASecure™ designation represents to the market that automation and management techniques merchandise adjust to industry-agreed cybersecurity requirements. The ISASecure trademark offers confidence to customers of ISASecure licensed merchandise and techniques and offers product differentiation for suppliers that adjust to ISASecure specs. For extra info, go to www.isasecure.org.
About ISAGCA
The ISA Global Cybersecurity Alliance (ISAGCA) is a collaborative discussion board to advance OT cybersecurity consciousness, training, preparedness, standardization, and data sharing. ISAGCA is comprised of greater than 50 member firms and {industry} teams with mixed revenues of greater than $1.5 trillion throughout greater than 2,400 areas worldwide. Our automation and cybersecurity supplier members serve 31 totally different industries, demonstrating the broad applicability of the ISA/IEC 62443 collection of requirements. For extra info, go to www.isagca.org.
About ISA
The International Society of Automation (ISA) is a non-profit skilled affiliation based in 1945 to create a greater world by automation. ISA’s mission is to strengthen the worldwide automation neighborhood by requirements and data sharing. ISA develops extensively used world requirements and conformity evaluation packages, accredits professionals, offers training and coaching, publishes books and technical articles, organizes conferences and exhibitions, and affords networking and profession improvement packages for its members and clients worldwide. For extra info, go to www.isa.org.
Source: International Society of Automation
