DURHAM, N.C., July 23, 2024 /PRNewswire/ — The International Society of Automation (ISA), the leading professional association for automation, announces the release of a white paper outlining recommendations to raise the bar for safety and security in automation and control systems. ISA published the white paper in collaboration with the ISASecure® Cybersecurity Certification Program and the ISA Global Cybersecurity Alliance (ISAGCA).
The paper advocates for designing and certifying commercial off-the-shelf (COTS) components to meet, at a minimum, security level 2 (SL2) as defined in the ISA/IEC 62443 series of standards, the world’s leading consensus-based standards for cybersecurity of control systems. The 23-page report, titled “The Case for ISA/IEC 62443 for Minimum Security Level 2 for COTS Components,” outlines how the SL2 standard increases product security capabilities over the previous, less stringent SL1 requirements. SL1 security features are not intended to protect against malicious or intentional security breaches. ISA’s report explains how SL2 provides stronger measures to mitigate attack vectors that are more prevalent today.
“Intentional cyber attacks against industrial automation and control systems are on the rise,” said Andre Ristaino, managing director of ISA Conformity Assessment Programs. “Commercially available products are becoming targets of these targeted attacks. The ISA/IEC 62443 series is the leading international cybersecurity standard in the operational technology (OT) sector, and Security Level 2 capabilities provide the ideal minimum guidelines for securing COTS products. This new white paper provides an excellent overview of the security capabilities required to meet ISA/IEC 62443 SL2.”
The report includes a review of how the SL2 standard can increase the resilience of COTS components in cybersecurity incidents and the systems they are integrated into. The SL2 standard requires components to:
Uniquely distinguish individual human or non-human users interacting with a component, enhancing the ability to trace the source of user activity that may constitute an attack; Authenticate across systems with which they are integrated, increasing the level of trust between systems and components; Provide the ability to customize human role definitions to reflect site operations, limiting unwanted insider access; Close inactive communication sessions that are left open as a potential attack vector; Verify the source of communications to a component, limiting the sources of network attacks; Protect against test interfaces being used as a potential attack vector; Provide increased assurance that running code, including mobile code, updates, and upgrades, is from a trusted source and has not been tampered with.
“The Case for ISA/IEC 62443 Security Level 2 as Minimum Requirements for COTS Components” can be downloaded from the ISASecure and ISAGCA websites.
About ISASecure
Founded in 2007 by the International Society of Automation (ISA), the mission of the ISASecure program is to provide the highest possible level of assurance for the cybersecurity of automation and control systems.
ISASecure® founders and key supporters include BP, Chevron, ExxonMobil, Saudi Aramco, Shell, YPF, GSK, Honeywell, Johnson Controls, Schneider Electric, Trane, Yokogawa, Carrier, Siemens, YPF, Amazon Web Services, exida, TUV Rheinland, CSSC, FM Approvals, Synopsys, Trust CB, UL Solutions, SecurityGate, Interstates, BYHON, TUV SUD, ITRI and Bureau Veritas.
The program’s ISASecure™ designation represents to the market that automation and control systems products comply with industry-agreed cybersecurity standards. The ISASecure trademark provides confidence to users of ISASecure certified products and systems and provides product differentiation for suppliers that comply with ISASecure specifications. For more information, visit www.isasecure.org.
About ISAGCA
The ISA Global Cybersecurity Alliance (ISAGCA) is a collaborative forum to advance OT cybersecurity awareness, education, preparedness, standardization, and knowledge sharing. ISAGCA is comprised of more than 50 member companies and industry groups with combined revenues of more than $1.5 trillion across more than 2,400 locations worldwide. Our automation and cybersecurity provider members serve 31 different industries, demonstrating the broad applicability of the ISA/IEC 62443 series of standards. For more information, visit www.isagca.org.
About ISA
The International Society of Automation (ISA) is a non-profit professional association founded in 1945 to create a better world through automation. ISA’s mission is to strengthen the worldwide automation community through standards and knowledge sharing. ISA develops widely used global standards and conformity assessment programs, accredits professionals, provides education and training, publishes books and technical articles, organizes conferences and exhibitions, and offers networking and career development programs for its members and customers worldwide. For more information, visit www.isa.org.
Source: International Society of Automation