November 2, 2020
The International Society of Automation (ISA) and the ISA Global Cybersecurity Alliance (ISAGCA) have released a new guide to the security lifecycles outlined in the ISA/IEC 62443 series of standards and technical reports. ISA/IEC 62443 constitutes the world’s only consensus-based series of automation cybersecurity standards.
“Security Lifecycles in the ISA/IEC 62443 Series: Security of Industrial Automation and Control Systems,” now available for download at isa.org/securitylifecycles, provides a high-level view of the product security lifecycle and the automation solution security lifecycle. The guide defines principal roles and responsibilities in industrial automation and control systems (IACS), and it explores how to apply specific standards documents to each phase within the security lifecycles.
This new guide answers some of the most common questions about security lifecycles in the ISA/IEC 62443 Standards, including:
- – How can various roles share the responsibility of IACS cybersecurity?
- – What are the differences between the product security lifecycle and the automation solution security lifecycle?
- – Who should be accountable for cyber risk?
- – How does an organization maintain effective, resilient IACS cybersecurity?
The ISA Global Cybersecurity Alliance’s Training and Education work group coordinated the development of the guide, which was authored by Johan Nye and reviewed by the ISA99 committee. Nye is an independent consultant specializing in industrial control systems (ICS) and cybersecurity. During his career spanning more than 38 years, Nye has designed ICS system architectures, created company standards and policies, implemented major ICS projects, supported ICS site engineers, and contributed to the design of several ICS products.
“Automation cybersecurity standards are crucial in this increasingly connected world,” says Mary Ramsey, ISA executive director. “The ISA/IEC 62443 series of standards leads the way as the world’s only consensus-based standards that focus on automation cybersecurity. One goal of the ISA Global Cybersecurity Alliance is to raise awareness of these standards and encourage their adoption across a wide range of industries. We are grateful to the ISAGCA Training and Education work group, the ISA99 committee, and Johan Nye for creating a guide to exploring security lifecycles in the ISA/IEC 62443 series in a user-friendly format.”