The International Society of Automation (ISA) and the ISA Global Cybersecurity Alliance (ISAGCA), with contributing author Harold Thomas, release a white paper entitled, "Leveraging ISA 62443-3-2 For IACS Risk Assessment and Risk Related Strategies." The white paper provides the reader with an overview of ISA 62443-3-2, “Security Risk Assessment for Design,” as well as a summary of some of the methodologies that can be used to assist the execution of the industrial automation control system (IACS) cybersecurity risk assessment work process requirements, detailed in the standard.
The major steps include:
- Identification of the System under Consideration (SuC)
- Perform an Initial Cyber Risk Assessment
- Partition the SuC into Zones and Conduits
- Perform a Detailed Level Cyber Risk Assessment
- Document Updated Cyber Security Requirements for Detailed Design
“ISAGCA’s mission is to enable and accelerate adoption of cybersecurity practices for all stakeholder groups based on the ISA/IEC 62443 family of automation cybersecurity standards,” says Andre Ristaino, ISAGCA managing director. “Our member companies are working in collaboration with one another, industry partners and regulatory/legislative bodies to secure automation that affects our everyday lives.”
In addition to the white paper, ISAGCA and Thomas previously released a May 6 webinar on the subject, as well as a blog entitled “Getting Started With Cybersecurity Risk Assessment: When It’s Not About Information Technology” published on May 11.
For more information, visit: www.isa.org