ISA Interchange

Welcome to the official blog of the International Society of Automation (ISA).

This blog covers numerous topics on industrial automation such as operations & management, continuous & batch processing, connectivity, manufacturing & machine control, and Industry 4.0.

The material and information contained on this website is for general information purposes only. ISA blog posts may be authored by ISA staff and guest authors from the automation community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Inside the Unique Cybersecurity Needs of IIoT Systems: Learn More in ISA's New Paper

The use of cloud-based functionality for industrial automation and control systems (IACS) has grown in recent years. While the decision to introduce the cloud to IACS is always a risk and ultimately lies with the asset owner, more asset owners are making this choice today.

Systems that rely on the industrial internet of things (IIoT) need unique protection from cybersecurity threats.  All their components — from sensors, actuators and controllers at the edge to services in the cloud and the communications between edge and cloud — may be vulnerable to cyberattack.

The International Society of Automation (ISA) has released a new paper from its ISASecure® cybersecurity certification program and the ISA Global Cybersecurity Alliance (ISAGCA). This paper explores how to apply the ISA/IEC 62443 series of standards — the leading consensus-based automation and control systems cybersecurity standards — to cloud-based functionality.IIoT Cover

Key Findings

  • IACS that use cloud-based functionality can benefit from concepts in the ISA/IEC 62443 standards. Risk assessment, zone and conduit partitioning and the system/component model can all be applied to an IIoT IACS.
  • When the cloud-based functionality has the capability to influence the physical state of the equipment under control, the scope of ISA/IEC 62443 should extend to the cloud environment.
  • Implementation of essential functions in the cloud does not meet ISA/IEC 62443 requirements.
  • A new category of cloud service, proposing the term "operational technology as a service (OTaaS)," would provide transparency when cloud-based functionality has the capability to directly or indirectly change the physical state of the equipment under control.
  • The role of cloud provider is a new one, and it is not currently defined in the ISA/IEC 62443 series. This role encompasses aspects of product supplier, service provider and asset owner (operator) roles.  
  • Conformity assessment schemes based on ISA/IEC 62443 standards could be developed for IIoT systems, components and IACS provided that these standards receive updates for the IIoT use case.

Read the Report

This 73-page paper, “IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards” is now available as a free download.

Learn More in the Webinar

ISASecure and ISAGCA will host an informative webinar on 17 July 2024 at 11 a.m. Eastern time for anyone interested in understanding more about the paper. Registration is free.

Kara Phelps
Kara Phelps
Kara Phelps is the communications and public relations manager for ISA.

Related Posts

Integrated Control System (ICS) for H2 Gas Generation

Abstract "H2 gas" refers to hydrogen gas (H2), which can be used as a clean energy carrier, meaning it ca...
Ankeet Anil Kaji Nov 26, 2024 7:00:00 AM

Unlocking the Next Wave of Automation Careers: AI, ML and Smart Technologies Leading the Charge

A previous ISA article in 2023 considered how the future automation workforce is being shaped by an Indus...
Steve Mustard Nov 22, 2024 7:00:00 AM

Advance Your Automation Career in the 2024 ISA Black Friday Week Sale

Black Friday sales are a well-known revenue juggernaut around the world. In the U.S. alone, Black Friday ...
Kara Phelps Nov 19, 2024 7:00:00 AM