This post is authored by Brian Curtis, president of ISA 2018.
We are just getting into 2018 and some of us are already planning our summer vacation. Time passes quickly and the years go by so fast; it reminds me to reflect on the past and plan for the future.
Like so many ISA leaders, I have benefited from ISA membership. I have been able to participate in and give time and effort to ISA locally and internationally. The Society has reciprocated by providing me amazing opportunities to learn and lead. As an added benefit, I've enjoyed access to outstanding technical resources, and have been blessed to work with and benefit from so many talented professionals, many of whom have become old friends.
Our understanding of the global automation community is changing. As we begin to look for new opportunities for growth, our view must expand to include all the various industry segments and markets that depend on automation every day. With this new perspective comes the recognition that ISA's ability to provide products and services for automation (professionals and industries) extends far beyond the process industries, where we have thrived for 73 years. We also enter 2018 with new and emerging technologies that allow us to engage in exciting ways with automation professionals and industries on the global playing field.
Emerging technologies = new opportunities
Emerging technologies have created new opportunities for automation, and have changed the roles, responsibilities, and needs of automation professionals. All of these developments impact ISA, its spectrum of products and services, and its global audience. ISA's success, now and in the future, depends on its ability to seize these opportunities while remaining relevant to automation professionals and to the industries and entities they serve. How do we remain relevant? We must continue to deliver value to individual members and to the global automation community – and we must do this with excellence.
In this month’s column, I turn my attention to a key area of continued focus for the Society—industrial cybersecurity. While there is growing awareness among industry leaders of the risks of cyberattack, we need to work harder to foster recognition in the marketplace that ISA offers real solutions to mitigate these risks. We have the standards, training, and technical resources for manufacturers and other industry organizations to improve operational reliability, profitability, safety, and security.
One of the high-level initiatives ISA leaders have identified for 2018 and beyond is for the Society to be the global authority for industrial control system cybersecurity standards and resources. When we talk about cyber threats, the natural tendency for all of us (including international governments) has been to think of identity theft and other cyberattacks affecting traditional information technology (IT) systems. People tend to forget about cyber threats to operational technology (OT) systems affecting a nation's critical infrastructure in countries all around the world. Systems that control the operations of our manufacturing plants, chemical plants, water/utilities, power, etc., all face cyber threats with potentially devastating consequences, but the dialogue centers on data protection, privacy, and IT-focused cybersecurity.
Over the past several years, ISA has worked diligently to raise awareness of the control system challenges related to operations technology cybersecurity. Thanks to the Automation Federation and the tireless efforts and commitment of numerous members of ISA staff, volunteer leaders, and subject matter experts, the Society has taken a recognized leadership role in OT industrial control systems cybersecurity—not just in the US, but around the world.
We are off to a great start in this area, but what comes next? Is ISA positioned to fully take advantage of the cybersecurity opportunity? Are we "operationalized" enough to update and expand the current standard or to develop new standards as cybersecurity threats evolve? An important component of the ISA cybersecurity initiative is building a trained workforce in automation and control. What new programs should we develop to stay ahead of the needs in global industries?
ISA has developed an industrial cybersecurity certificate program, the ISA99/IEC 62443 Cybersecurity Fundamentals Specialist Certificate, "to help professionals involved in information technology and control systems security improve their understanding of ISA99/IEC 62443 principles and acquire a command of industrial cybersecurity terminology." The certificate program has four different certificates that lead to recognition as an IEC 62443 Cybersecurity Expert.
Community college programs
ISA is already engaged with Cleveland Community College to develop industrial operations and cybersecurity training programs in support of workforce readiness initiatives. Can this be replicated at other technical institutions in the US around the globe? The demand from the marketplace for ISA cybersecurity training is increasing each year, and we will continue to evaluate our ability to change the current training programs as cybersecurity threats and opportunities evolve. It's also important to note that conversations about cybersecurity can serve as the door opener to educate those about other important ISA offerings and capabilities.
On a personal level, we all have a part to play in our daily activities to prevent cyberattacks. We need to be vigilant in how we access social media; consider viewing these items on your cell phone rather than your PC or laptop, as a laptop that is corrupted will attack files on your hard drive, and potentially enter your companies network system, causing wider damage. Do not allow USB sticks to be used on your machine. When you receive emails, check the senders’ name and the content of the subject. If in doubt, don’t open it; send an email to the person to confirm who sent the suspicious email. Clear the cookies in your electronic devices regularly, and back up your hard drive frequently. If all of us apply simple precautions, we will contribute to security in a small way.
I am excited about all the possibilities the future holds for ISA, especially in industrial cybersecurity. We look forward to your contributions and support of these important initiatives. Please contact me at firstname.lastname@example.org with your thoughts and insights. I look forward to hearing from you and working with you as we move forward in 2018.
About the Author
Brian Curtis, I. Eng., LCGI, is the Operations Manager for Veolia Energy Ireland, providing services to Novartis Ringaskiddy Ltd. in Cork, Ireland. He has more than 35 years of experience in petrochemical, biotech, and bulk pharmaceutical industries, specializing in design, construction management, and commissioning of electrical, instrumentation, and automation control systems. He has managed complex engineering projects in Ireland, England, Belgium, the Netherlands, Italy, and Germany. A long-time ISA member, Curtis has served on the ISA Executive Board since 2013, the Geographic Assembly Board (2012 – 2015), and the Finance Committee (2013 – 2017.) He was Ireland Section President and Vice President of District 12, which includes Europe, the Middle East, and Africa. Curtis has also been active on several Society task forces, including Cybersecurity, Governance, and Globalization-related committees. He received the ISA Distinguished Society Service Award in 2010. He is the Former President of Cobh & Harbor Chamber of Commerce (2013-2015) and Former Chairman of the Ireland Southern Region Chambers (2015-2016) and is an active member of the Ireland National Standards Body, ETCI.
A version of this article also has been published at ISA Insights.