New ISA/IEC Standard Specifies Cybersecurity Capabilities for Control System Components

ISA

 

September 28, 2018

The ISA/IEC 62443 series of standards, developed by the ISA99 committee as American National Standards and adopted globally by the International Electrotechnical Commission (IEC), is designed to provide a flexible framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems (IACS).

A newly published standard in the series, ISA/IEC 62443-4-2-2018, Security for Industrial Automation and Control Systems: Technical Security Requirements for IACS Components, provides the cybersecurity technical requirements for components that make up an IACS, specifically the embedded devices, network components, host components and software applications. The standard sets forth security capabilities that enable a component to mitigate threats for a given security level without the assistance of compensating countermeasures.

“The standard definition of the security capabilities for system components provides a common language for product suppliers and all other control system stakeholders,” emphasizes Kevin Staggs of Honeywell, who led the ISA99 development group for the standard. “This simplifies the procurement and integration processes for the computers, applications, network equipment and control devices that make up a control system.”

The new standard follows the February 2018 publication of ISA/IEC 62443-4-1, Product Security Development Life-Cycle Requirements, which specifies process requirements for the secure development of products used in an IACS and defines a secure development life-cycle for developing and maintaining secure products. The life-cycle includes security requirements definition, secure design, secure implementation (including coding guidelines), verification and validation, defect management, patch management and product end-of-life.

The ISA99 standards committee draws on the input and knowledge of IACS security experts from across the globe to develop consensus standards that are applicable to all industry sectors and critical infrastructure. Previous documents in the ISA/IEC 62443 series cover terminology, concepts, and models; establishment of an IACS security program; patch management; and system security requirements and security levels. All may be accessed at www.isa.org/findstandards.

For more information https://www.isa.org/

 

 

Related Articles

DCS ABB to Acquire Siemens Low Voltage NEMA Motor Business 1a 400x275

ABB To Acquire Siemens Low Voltage NEMA Motor Business

 

ABB announced recently it has signed an agreement to purchase Siemens’ low voltage NEMA motor business. With manufacturing operations in Guadalajara, Mexico, this acquisition provides a well-regarded product portfolio, a longstanding North American customer base, and an experienced operations, sales, and management team. The business employs around 600 people and generated revenues of approximately $63 million in 2021. Financial terms of the transaction were not disclosed. The transaction is expected to close in the second quarter of 2023.

 

TT3 NEO – a Component for Quality Journalism “on Water”

TT3 NEO – a Component for Quality Journalism “on Water”

The Office of the Federal President, the Federal Chancellery and the Parliament: the most important government buildings in Berlin are connected by the water of the river Spree. Since 2020, this liquid connection is carrying the editorial ship “Pioneer One”. Together with the LUX shipyard in Niederkassel, the editorial team of mediapioneer has been working on this project from the first planning sketches in August 2018 until the launch this spring.

 

 

 

Editor’s Pick: Featured Article

Weidmüller’s u-control 2000: The Automation Controller

Weidmüller’s u-control 2000: The Automation Controller

Weidmüller’s scalable engineering software, u-control 2000, adapts individually to your requirements. And, the u-control is powerful, compact and fully compatible with Weidmüller’s I/O system u-remote. This article looks at what makes u-control the heart of your automation.

Programmable logic controllers (PLCs) are one of the main components of any automated system. A typical control system has inputs, outputs, controllers (i.e., PLCs), and some type of human interaction with the system, a human machine interface (HMI), for example.

Read More

Latest Articles

  • The Future of Barcodes: Understanding the 2027 Digital Transformation

    January 17, 2025 In the world of industrial automation and manufacturing, a significant change is on the horizon. The familiar UPC barcode – a staple of product identification for nearly five decades – is evolving into a more sophisticated system. This transformation, known as “Sunrise 2027,” will revolutionize how businesses handle product identification, tracking, and… Read More…

  • High-Performance Drives for the Food Industry

    January 15, 2025 Food production is subject to the strictest of requirements. Operations in this highly sensitive hygienic environment must run smoothly to manufacture the large volume and diverse range of products efficiently and sustainably. What does this mean for companies that are active on a market characterized by fierce competition and high consumer expectations?… Read More…