The International Society of Automation (ISA), developer of ANSI/ISA 62443 series of automation and control systems cybersecurity standards (adopted by the International Electrotechnical Commission and endorsed by the United Nations), has created an open, collaborative forum to advance cybersecurity awareness, readiness and knowledge sharing.
The ISA Global Cybersecurity Alliance will bring together a global group of stakeholders from end-user companies, control system vendors, IT and OT infrastructure providers, system integrators and others affiliated with global industry.
Industrial sectors, including manufacturing, commercial buildings, and critical infrastructure facilities, need to explore new ways to better prevent, mitigate, and respond to catastrophic threats and attacks on their safety- and mission-critical assets, operations, and applications. Food & beverage certainly is included; malware may have cost Mondelez $100 million in a mid-2017 global attack.
“Several leading automation and other technology providers have engaged ISA to explore how they can work with us to proactively increase awareness and adoption of cybersecurity best practices, standards, and compliance in all relevant sectors,” said ISA Executive Director Mary Ramsey. “As an independent non-profit organization dedicated to improving operational excellence, ISA is uniquely able to fulfill the need for open, collaborative discussions and knowledge sharing.”
Among its defined objectives, the Global Cybersecurity Alliance will work to proliferate adoption of and compliance with global standards. The acceleration and expansion of standards will help address technology-related gaps and set best practices for managing processes within an open architecture. The alliance will also develop certification and education programs for industry professionals; drive advocacy and thought leadership; and facilitate new levels of knowledge sharing among its members. Member companies will identify and prioritize initiatives, ensuring that the Alliance’s approach is multi-faceted.
“The ICS cybersecurity threat landscape is becoming more complex, with more direct attacks on control system, IT and OT infrastructure. Frequently backed by hostile nation-states, malevolent actors are becoming more sophisticated at targeting specific aspects of industrial control systems that have the potential to wreak havoc in the physical world, such as process safety systems,” said Larry O’Brien, vice president of research for ARC Advisory Group. “Standards and frameworks are valuable, but end users also need the resources to take the guidance provided by standards and put it into practice in real-world plant and OT environments. ARC applauds this effort to increase the security of industrial facilities.”
The food and beverage industry needs to prepare for the next cyber attack. "The [industry] has been fortunate, but as a result is further back on the learning curve -- which means food and beverage is less secure than those other industries," said Eric Byres, an expert on cyber security. Eric also authored a column, Bring Your Own Device Security: Safety Or Control?
ISA will announce initial members of the Global Cybersecurity Alliance in the coming weeks, as the organization is currently in advanced conversations with several multi-national companies. Annual contributions to fund Alliance initiatives are based on company revenues and are tax-deductible. For more information, see isaautomation.isa.org/cybersecurity-alliance. End users, companies and industry organizations interested in joining the alliance should contact Rick Zabel at email@example.com.