This ISA webinar on how to protect critical control systems from cyber attack was presented by Wally Magda, an ISA instructor and an internationally recognized cybersecurity and physical security expert.
Editor's Note: This is the first eight minutes of the recorded webinar. To watch the entire webinar, click this link.
Legacy industrial devices are "insecure by design" and therefore vulnerable to interruption from cybersecurity threats or unintentional network incidents. Risk is increasing as Ethernet networking becomes more pervasive and more complex. Physical security has internet protocol (IP) based cameras and sensors sharing the same network infrastructure. Along with that comes the Internet of Things (IoT) and the Industrial Internet of Things (IIoT). Now your control room coffee pot and refrigerator may be connected to the internet and exposing your network to threat actors, ransomware and bots.
The move to using open standards such as Ethernet, TCP/IP, and web technologies in industrial automation and control systems (IACS), supervisory control and data acquisition (SCADA) and process control networks (PCN) has begun to expose these systems to the same cyberattacks that have wreaked so much havoc on corporate information systems. The introduction of complex Windows 7 and 10 operating systems (OS) deployed along with the existing legacy Windows XP OS means that the security risk is even higher.
This presentation provides a high-level overview on how the ISA/IEC 62443 standards can be used to protect your critical control systems. It also explores the procedural and technical differences between the security for traditional IT environments and those solutions appropriate for IACS, SCADA, and PCN environments.
As part of ISA's continued efforts to meet the growing need of industrial control systems professionals and to expand its global leader outreach into the security realm, ISA has developed a knowledge-based certificate recognition program designed to increase awareness of the ISA99 committee and the ISA/IEC 62443 standards. The ISA/IEC 62443 Cybersecurity certificate program is designed for professionals involved in IT and control system security roles that need to develop a command of industrial cybersecurity terminology and understanding of the material embedded in the ISA/IEC 62443 standards.
- Use the ISA/IEC 62443 standards to secure your control systems
- Discover the five common myths regarding industrial automation and control system (IACS) security
- Assess the cybersecurity of new or existing control systems
- Understand cybersecurity design & implementation & testing of control systems
ISA offers standards-based industrial cybersecurity training, certificate programs, conformity assessment programs, and technical resources. Please visit the following ISA links for more information:
- Cybersecurity Resources Portal
- Cybersecurity Training
- IEC 62443 Conformance Certification
- Family of Standards
- ISA/IEC 62443 Cybersecurity Certificate Programs
- Suite of Security Standards
About the Presenter
Wally Magda is an internationally recognized cyber and physical security expert for Industrial Control Systems (ICS) with many years of practical hands on experience. His deep security experience spans military nuclear missile command and control systems, intelligence agencies and enterprise cyber and physical security. As a regional North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) compliance auditor, Wally set a professional tone demonstrating for all stakeholders the necessity of adhering to governing rules of procedure. He successfully completed over 100 on and off site audits. Wally is the 2018 Information Systems Security Association (ISSA) International Security Professional of the Year. As an ISSA Fellow Member, he is recognized for his active contributions to the security community. Wally currently focuses on providing ICS cyber and physical security training courses. He also conducts cyber and physical security assessments for industries such as electric energy, natural gas, chemical, liquefied natural gas (LNG), water, water reclamation and manufacturing facilities.