The chairpersons of the ISA99 Industrial Automation and Control Systems Security committee (a committee of the Instrumentation, Systems, and Automation Society – ISA) have announced plans to establish ISA99 Working Group 7 (WG7): Safety and Security of Industrial Automation and Control Systems. This is a joint working group between the ISA99 committee and the ISA84 functional safety standards committee, as well as other international standards programs and related interest groups, to promote greater awareness of the impact of cyber security issues on the safe operation of industrial processes.
ISA99 Working Group 7 will be chaired by Mike Boudreaux of Emerson Process Management and ISA99 co-chair Bryan Singer, of Kenexis Security. James Gilsinn of the National Institute of Standards and Technology (NIST) will serve as the technical editor. The working group’s initial tasks include:
• Completing a Security Assurance Level methodology for cyber security, similar to that of the current Safety Integrity Levels (SIL) defined in ISA84, and
• Defining and developing processes for identifying intentional and systematic threats that can expose process hazards.
“Today when we consider only the probability of hardware failures in a hazards analysis, we can miss significant sources of risk to process safety,” says ISA99 co-chair Eric Cosman. “This can be a dangerous assumption, in the modern interconnected and software-driven plant, when considering intentional threats such as viruses, malware, and hackers, but also unintentional systematic faults like poor network performance or network failures. This working group is important to helping engineers solve the problem of cyber security in industrial process safety systems.”
To get involved in the working group, please contact either of the WG7 co-chairs: Mike Boudreaux (firstname.lastname@example.org), or Bryan Singer (email@example.com).