On 31 October 2022, President Biden announced the establishment of Critical Infrastructure Security and Resilience Month for November, in a proclamation that stated, “We recommit to improving the resilience of our Nation’s critical infrastructure so it can withstand all hazards — natural and manmade. By building better roads, bridges, and ports; fortifying our information technology and cybersecurity across sectors, including election systems; safeguarding our food and water sources; moving to clean energy; and strengthening all other critical infrastructure sectors, we will lay the foundation for long-term security and prosperity.”
Here is a high-level overview of some of the ways that we at the International Society of Automation (ISA) have responded to securing the world’s critical infrastructure:
- ISA Standards Development: 140 committees, subcommittees, working groups, and task forces with more than 4,000 individual technical experts and volunteers make up the foundation of ISA’s standards development activities. The ISA/IEC 62443 series of standards, the world’s only consensus-based automation and control systems cybersecurity standards, set cybersecurity benchmarks in all industry sectors that use industrial automation and control systems (IACS). The ISA99 committee, in collaboration with other working groups, is the committee most focused on the development of ISA/IEC 62443 to define the requirements for cybersecurity resilience in all levels of IACS lifecycles. Learn more about ISA standards here.
- ISASecure: ISA/IEC 62443 cybersecurity certification of commercial off-the-shelf (COTS) products, supplier development processes, and automation at asset owner operating sites. Learn more at isasecure.org.
- ISA Global Cybersecurity Alliance (ISAGCA): Created in 2019, ISAGCA aims to accelerate and expand the use of the ISA/IEC 62443 series of standards through an inclusive, open, and collaborative forum with its members companies and organizations. This consortium aims to lead cybersecurity culture transformation, increase awareness of operational technology (OT) cybersecurity throughout the public and private sectors, and bridge the gap between ISA/IEC 62443 standards and market adoption. You can learn more by going to isa.org/ISAGCA.
- ICS4ICS: Incident Command System for Industrial Control Systems establishes a standing organization and playbook for responding to cyber attacks on automation in critical infrastructure. Learn more by visiting www.ics4ics.org.
- ISA100: The ISA100 Wireless Compliance Institute provides assured interoperability for wireless products conforming to the ISA100.11a (IEC62734) international wireless standard. Learn more at https://isa100wci.org/.
- Linking the Oil and Gas Industry to Improve Cybersecurity (LOGIIC): The LOGIIC program is a collaboration of oil and natural gas companies with the U.S. Department of Homeland Security (DHS) Science and Technology Directorate. LOGIIC initiatives collaborative research and development projects to improve cybersecurity in critical systems of interest to the sector, with an objective to promote their interests while maintaining impartiality, independence, and vendor neutrality. You can learn more here and here.
- Training and Certification: ISA offers a suite of trainings suited to any automation professional, control system, engineer, or security professional looking to deepen their knowledge and understanding of cybersecurity threat response. One of our most popular courses, IC32, Using the ISA/IEC 62443 Standards to Secure Your Control System, covers the current industry security environment, addressing risk, and creating a security program. ISA also offers a certificate program for cybersecurity professionals that encompasses the complete lifecycle of industrial automation and control system assessment, design, implementation, operations, and maintenance.
- Cybersecurity Microlearning Modules (MLMs): New to ISA training in 2022, microlearning modules, or MLMs, provide short, 5- to 10-minute presentations designed to help those understand the purpose of the ISA/IEC 62443 series of standards, the topics covered in the standards, and how they can be used to implement successful cybersecurity programs. The first MLM learning map, IACS Cybersecurity for Chief Information Security Officers (CISOs), is available for free on ISA’s YouTube page. You can learn more about ISA’s MLMs here.
In addition to the above, ISA, as a trusted provider of global standards-based technical resources, provides other certifications; education and training; book/articles; conferences; and networking and professional development programs for its members to create a better world through automation. Learn more by going to https://www.isa.org.