DURHAM,
N.C., July 23, 2024 /PRNewswire/ -- The
International Society of Automation (ISA) — the leading
professional society for automation — has announced the release of
a white paper describing recommendations for raising the safety and
security bar for automation and control systems. ISA published the
paper in tandem with its ISASecure® cybersecurity
certification program and the ISA Global Cybersecurity Alliance
(ISAGCA).
![International Society of Automation (ISA) logo (PRNewsfoto/The International Society of Automation) International Society of Automation (ISA) logo (PRNewsfoto/The International Society of Automation)](https://mma.prnewswire.com/media/2391445/ISA_logo_name__tagline_blue_PRINT_Logo.jpg)
This paper advocates for designing and certifying commercial off
the shelf (COTS) products to a minimum of security level 2 (SL2) as
defined in the ISA/IEC 62443 series of standards, the world's
leading consensus-based standards for control systems
cybersecurity. Titled "The Case for ISA/IEC 62443 Security Level 2
as a Minimum for COTS Components," the 23-page report outlines how
SL2 criteria increases product security capabilities over the
previous, less stringent requirements in SL1. SL1 security
capabilities are not intended to protect against malicious or
deliberate security violations. ISA's report describes how SL2
offers stronger measures to mitigate against attack vectors that
are more prevalent today.
"We are seeing an increasing number of intentional cyberattacks
against industrial automation and control systems," said
Andre Ristaino, managing director,
ISA conformity assessment programs. "Commercial off the shelf
products are being subjected to these targeted attacks. The ISA/IEC
62443 series is the leading set of international cybersecurity
standards for the operational technology (OT) landscape, and
security level 2 capabilities present the ideal minimum guidelines
for protecting COTS products. This new paper provides a great
briefing on the security capabilities necessary to meet ISA/IEC
62443 SL2."
The report includes a review of how SL2 criteria can increase
the resiliency of COTS components in a cybersecurity incident, as
well as that of any system into which the components are
integrated. SL2 criteria require that a component:
- Uniquely distinguish between individual human or non-human
users interacting with the component, increasing the ability to
trace the source for user activity that may constitute an
attack
- Authenticate itself to an overall system into which it has been
integrated, raising the level of trust between the system and
component
- Provide the ability to tailor human role definitions to reflect
site operations, limiting unnecessary insider access
- Close inactive communication sessions that remain open as
potential attack vectors
- Verify the source of communications to the component, limiting
sources for network attacks
- Protect test interfaces from use as potential attack
vectors
- Increase assurance that code in execution, including mobile
code, updates and upgrades came from a trusted source and has not
been subject to tampering.
"The Case for ISA/IEC 62443 Security Level 2 as a Minimum for
COTS Components" is available for download on the ISASecure and
ISAGCA websites.
About ISASecure
Founded in 2007 by the International
Society of Automation (ISA), the ISASecure program's mission is to
provide the highest level of assurance possible for the
cybersecurity of automation and control systems.
Founders and key supporters of ISASecure® include: BP,
Chevron, ExxonMobil, Saudi Aramco, Shell, YPF, GSK, Honeywell,
Johnson Controls, Schneider Electric, Trane, Yokogawa, Carrier,
Siemens, YPF, Amazon Web Services, exida, TUV Rheinland, CSSC, FM
Approvals, Synopsys, Trust CB, UL Solutions, SecurityGate,
Interstates, BYHON, TUV SUD, ITRI and Bureau Veritas.
The Program's ISASecure™ designation signifies to the
marketplace that automation and control system products conform to
industry-consensus cybersecurity standards. The ISASecure trademark
provides confidence to users of ISASecure-certified products and
systems and creates product differentiation for suppliers who
conform to the ISASecure specifications. Learn more at
www.isasecure.org.
About ISAGCA
The ISA Global Cybersecurity Alliance
(ISAGCA) is a collaborative forum to advance OT cybersecurity
awareness, education, readiness, standardization, and knowledge
sharing. ISAGCA is made up of 50+ member companies and industry
groups, representing more than $1.5
trillion in aggregate revenue across more than 2,400
combined worldwide locations. Automation and cybersecurity provider
members serve 31 different industries, underscoring the broad
applicability of the ISA/IEC 62443 series of standards. Learn more
at www.isagca.org.
About ISA
The International Society of Automation
(ISA) is a non-profit professional association founded in 1945 to
create a better world through automation. ISA's mission is to
empower the global automation community through standards and
knowledge sharing. ISA develops widely used global standards and
conformity assessment programs; certifies professionals; provides
education and training; publishes books and technical articles;
hosts conferences and exhibits; and provides networking and career
development programs for its members and customers around the
world. Learn more at www.isa.org.
View original content to download
multimedia:https://www.prnewswire.com/news-releases/commercial-off-the-shelf-components-need-elevated-cybersecurity-protection-isas-new-report-302204462.html
SOURCE The International Society of Automation