In This Issue
- From the Executive Liaison
- ChemITC Strategy Renewal
- Cyber Storm II
- Manufacturing and Control Systems Security
- Telecommunications Networking Group
- Cyber Security Program in Europe
Upcoming Events
- Sept. 29-Oct. 2, 2008
Annual Conference
SAP Headquarters
Newtown Square, Pa.
Approx. 20 miles from Philadelphia
Manufacturing and Control Systems Security
M&CS Team Members Provide Chemical Industry Input to External Standards Organization, New Standard Now Available
“If time be of all things the most precious, wasting time must be the greatest prodigality.” This is one of the many insights that Benjamin Franklin bestowed upon the American people in writings dating back to the 1750s.
More than two centuries have passed since this scientist, inventor, author, politician, statesman, diplomat and Founding Father of our great nation published these words. Yet in today’s turbulent business environment, the idea still holds true. It is imperative that companies in all industries make the most of the time, talent and resources within their organization. Reinventing the wheel is not a viable option. Rather, working together at the sector level and representing chemical industry interests in the efforts of other industry organizations has proven to be an effective way for chemical companies to work toward desired goals without going back to the drawing board.
When the U.S. Chemical Sector Cyber Security Strategy was originally published in 2002, chemical industry cyber security experts made a conscious decision to do just that – leverage work underway within existing external organizations rather than create new standards for the chemical industry. Nowhere has this concept proven more successful than in the manufacturing and control systems arena.
For the last six years, manufacturing and control systems security experts from ChemITC member companies have diligently represented chemical sector interests in a number of external organizations. Perhaps the most notable of this work has been the participation of several Manufacturing and Control Systems Security Team members in activities underway in ISA, a global, nonprofit organization working to develop standards and provide professional development opportunities for industrial automation professionals.
The ISA99 Committee, one of many standards development committees within ISA, is working to establish standards, recommended practices, technical reports and related information that will define procedures for implementing electronically secure manufacturing and control systems and assessing electronic security performance. The committee reached a significant milestone earlier this year with the long-awaited publication of part one of a new American National Standards Institute Standard.
ANSI/ISA-99.00.01-2007, Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts and Models, is the first part in a multi-part standard that addresses cyber security for industrial automation and control systems. This first part of the standard focuses on key concepts, terminology and models, and will serve as a foundation for additional standards currently in development in the ISA99 series. It is also being incorporated into international standard IEC/TS 62443-1.
Cyber Security Program Steering Team sponsor for the Manufacturing and Control Systems (M&CS) Team, Eric Cosman from The Dow Chemical Company, is co-chairman of the overall ISA99 effort and served as lead editor of part one of the standard. Cyber Security Program Steering Team member and M&CS Team member Tom Good from DuPont was a contributing author to the standard as well. Their participation fulfills one of the core objectives of the Cyber Security Program’s M&CS Team – to leverage the work of external industry organizations for elevations of cyber security preparedness.
Now that ISA99 Part 1 is published, the ISA99 Committee has turned its attention to Parts 2 and 4 of the standard. Chaired by Good, the ISA99 Part 2 workgroup focuses on establishing an industrial automation and control systems cyber security program. The Cyber Security Program shared its Guidance for Addressing Cyber Security in the Chemical Sector with the workgroup developing ISA99 Part 2. The goal was to offer a foundation upon which to build enhanced industry-wide guidance on industrial automation and control systems security. The Part 2 portion of the standard was approved on the last ballot and will be published by ISA this year following completion of the formal edit and comment process.
ISA99 Part 4 outlines technical security requirements for industrial automation and control systems. This part of the standard will be the detailed portion of the standard addressing security practices and features important in industrial automation and control systems.
In addition to the standards development work in progress, the ISA99 Committee has also produced a technical report on security technologies and is considering a technical report on patch management.
ChemITC members are encouraged to visit the ISA99 Committee online to obtain a copy of the ISA99 Part 1 standard and technical reports. It is also a great place to learn more about the important work underway in this area. ChemITC members are also welcome to reach out to the Cyber Security Program’s M&CS Team members, who will continue to share ChemITC perspectives with external organizations like ISA.