The ISA 62443 series is the cybersecurity standard of reference for manufacturing and other critical infrastructure sectors. Most end uses in the manufacturing and other industries will tell you that they follow the standard but, in fact, many do not really understand what this means or what they must do to conform.
As a lifecycle standard, ISA 62443 addresses cybersecurity from product selection, engineering, and project implementation, through operations. This adds another layer of complexity.
One of the key problems is that standards are not typically written for the people that use them. The elements, practices, and value of a standard must be communicated in a way that people outside of the standards world can easily understand. The purpose of the newly formed International Society of Automation Global Cybersecurity Alliance (ISAGCA) is to communicate the elements of the standards in a way that everybody can understand and provide education and outreach to all industry and application sectors that need it. These include process and discrete manufacturing, smart cities, building automation, and other critical infrastructure sectors that must run their operational technology securely.
ISAGCA Founding Members and Mission Statement
The International Society of Automation (ISA) recently announced the formation of the ISAGCA to “advance cybersecurity readiness and awareness in manufacturing and critical infrastructure facilities and processes.” ISA, of course, developed the ISA/ANSI 62443 series of automation and control system-related cybersecurity standards also been adopted by the IEC. The ISAGCA founding members include well-known automation and ICS cybersecurity suppliers, such as Claroty, Honeywell, Johnson Controls, Nozomi Networks, Rockwell Automation, and Schneider Electric.
Most end users believe they are aware of and follow the ISA 62443 standards. Recent high-profile cyber-attacks, however, suggest that many of these organizations do not always implement their cybersecurity strategy in accordance to the standard.
ISAGCA will propagate adoption of the standards across all manufacturing and critical infrastructure industries, including smart cities and building automation. According to a statement from ISA, ISAGCA’s mission is “to work to increase awareness and expertise, openly share knowledge and information, and develop best practice tools to help companies navigate the entire lifecycle of cybersecurity protection. The Alliance will work closely with government agencies, regulatory bodies, and stakeholder organizations around the world. “
The Complex Landscape of Standards
The problem is that most standards are not written for the people that are meant to use them. A standard like ISA 62443 is particularly complex since it contains multiple working groups that address multiple topics and includes multiple documents and publications. ISA 62443 is also a lifecycle-focused standard that requires that certain steps be followed at different stages of the project or system lifecycle. This level of complexity, combined with the pressing need for organizations to become more cyber-secure, requires a new level of public outreach and education to hasten effective adoption of the standard. That is the purpose of the ISAGCA.
ARC Advisory Group clients can view the complete report at ARC Client Portal
If you would like to buy this report or obtain information about how to become a client, please Contact Us
Keywords: ISA, ISAGCA, Cybersecurity, Alliance, Training, ARC Advisory Group.