| |

Update to ISA/IEC 62443 Standards Addresses Organization-Wide Cybersecurity in Industrial and Critical Infrastructure Operations

February 5, 2025

Update to ISA/IEC 62443 Standards Addresses Organization-Wide Cybersecurity in Industrial and Critical Infrastructure Operations

Update to ISA/IEC 62443 Standards

The International Society of Automation (ISA) — the leading professional society for automation — has announced the publication of ANSI/ISA-62443-2-1-2024, Security for Industrial Automation and Control Systems. It is the latest update to the ISA/IEC 62443 series of standards, the widely used global consensus-based automation and control systems cybersecurity standards.
 
Addressing cybersecurity on an organization-wide basis can be a daunting challenge for companies that rely on industrial automation and control systems (IACS) in their manufacturing, processing and critical infrastructure operations. While no one-size-fits-all set of security practices can meet the widely varying security needs across global industry, ANSI/ISA-62443-2-1-2024 addresses the complexity by setting forth requirements for establishing, implementing, maintaining and continually improving a security program intended to reduce IACS security risks to tolerable levels.

The requirements are written to be implementation independent, allowing asset owners to select approaches most suitable to their needs. This update of the 2010 version provides significant technical changes including a revision of the requirement structure into security program elements and a maturity model for evaluating requirements.
 
The standards are developed by the ISA99 Standards Committee as American National Standards, with simultaneous review and adoption by the Geneva-based International Electrotechnical Commission. ISA99 draws on the input of cybersecurity experts across the globe in developing the standards, which are applicable to all industry sectors and critical infrastructure in providing a flexible and comprehensive framework to address and mitigate current and future security vulnerabilities in IACS.
 
“Security is a balance of risk versus cost, and each situation will be different,” said ISA99 Co-Chair Eric Cosman of OIT Concepts. “In some, the risk can be related to health, safety and environmental factors rather than purely economic impact — presenting the possibility of an unrecoverable consequence instead of a temporary financial setback. Thus, a predetermined set of mandatory security practices could be overly restrictive and costly — or else insufficient to address the risk. This newly updated standard provides the flexibility to reach the right level of risk versus cost for a given operation.”
 
To learn more about the 62443 series of standards, click here

Source

Related Stories

Drives and Controls Bimonthly Digest Archives

Related Articles



Editor’s Pick: Featured Article

Weidmüller’s u-control 2000: The Automation Controller

Weidmüller’s u-control 2000: The Automation Controller

Weidmüller’s scalable engineering software, u-control 2000, adapts individually to your requirements. And, the u-control is powerful, compact and fully compatible with Weidmüller’s I/O system u-remote. This article looks at what makes u-control the heart of your automation.

Programmable logic controllers (PLCs) are one of the main components of any automated system. A typical control system has inputs, outputs, controllers (i.e., PLCs), and some type of human interaction with the system, a human machine interface (HMI), for example.

Read More



Latest Articles

  • Thermal Imaging for Data Centres

    February 18,, 2025 Thermal Imaging for Data Centres Data centre maintenance teams have a big share in safeguarding the critical resource that customers and businesses depend upon. Fortunately, they have one secret weapon that enables them to spot issues in an early stage before they turn into big problems: FLIR thermal imaging. The data centre… Read More…

  • What Are Custom Enclosures and Why Might You Need One?

    February 18, 2025 In the world of industrial and commercial applications, custom enclosures play a critical role in protecting sensitive equipment and ensuring operational efficiency. But what exactly are custom enclosures, and why might you need one? Proax Technologies breaks it down. What Are Custom Enclosures? Custom enclosures are protective casings designed to house electrical, mechanical, or… Read More…