What’s different?  

Both the Achilles and MUSIC certification programs put controllers through a large number of tests designed to determine robustness and resistance to cyber attacks. But during an interview with Automation World, Adam Stein, Mu Security vice president of marketing, emphasized two points that he said make MUSIC different.  

One is the availability of Mu Security’s security appliance for use in on-site testing. The company’s Mu-4000 Security Analyzer appliance is not only being offered for use by vendors for certification testing, but is also being marketed to end-users. “Now you’ve got a way, if you’re a user, to be able to verify that the [certification] test claimed by a vendor has actually been done, and if you’re looking at equipment that is not certified, but a vendor is claiming it’s just as good, you’ve got a way to independently benchmark it,” Stein said.

Vendors can also do certification testing using the Mu-4000 as part of product quality development at their own sites, using their own personnel, as opposed to the traditional need to ship product for testing to a certification authority, Stein added. The Mu-4000 generates digitally signed test reports, which users can then submit to Mu Security or a Mu authorized partner who can provide certification, he said.  

The other point emphasized by Stein is that the MUSIC certification will provide an open transition to industrial cyber security standards currently under development, including the ISA-99 standard being developed by the SP99 committee of the Instrumentation, Systems and Automation Society. “Mu is tied into a lot of standards developments, like ISA SP99 and also the ISA Security Compliance Institute (ICSI), and I do not believe any other developments out there, including Wurldtech, is tied into the standards track,” Stein said.  

In fact, according to Kevin Staggs, engineering fellow and global security architect at Honeywell Process Solutions, that is a primary reason that Honeywell decided to go for MUSIC certification instead of Achilles. “Our interest is in having a certification to the evolving open standards, and we wanted to make sure that our investment lined up with that,” Staggs told Automation World.  

Counterpoint 

At Wurldtech, however, executives are quick to dispute any assertion that Achilles won’t provide mapping to the future ISA-99 standard. “We’ve been at every SP99 meeting, so we’re more than happy to be involved in the ISA process,” said Wurldtech Chief Executive Officer Tyler Williams.  

In addition, according to Nate Kube, Ph.D., Wurldtech chief technology officer, the company has been beta-testing at several customer sites an appliance called the Achilles Assurance Platform that can be used as a quality assurance tool for security testing by controls vendors. And on Aug. 24, Wurldtech announced a new version of the platform code named the Achilles Satellite, which Kube says is geared more for use by end-users.  

The Achilles Satellite will be introduced during the ISA Expo Oct. 2-4 in Houston, Wurldtech said. Both the current version of the Achilles Assurance Platform and the new Satellite version will be commercially available in ...