this year’s fourth quarter.  

Certification wars?  

The emergence of dueling security certification programs is raising concerns among some process control vendors. “I don’t want to see us get into certification wars, where we’ve got to start getting multiple certifications that essentially do the same thing,” said Bob Huba, senior product manager, DeltaV, at Emerson Process Management, in Austin, Texas.  

Emerson acquired Achilles certification for its flagship DeltaV Controller at the request of certain customers, Huba told Automation World. If Emerson receives requests from customers to also acquire MUSIC certification, the company will look into it, he noted. But Huba sees a need for a third-party to arbitrate the best security certification approach. “Somebody along the line has got to decide which one of these (Achilles or MUSIC) fits the bill, if it comes down to a choice, or if they’re both acceptable,” Huba observed.  

Ernie Rakaczy, director of control systems security at Invensys Systems Canada Inc., took a similar tack during an interview. “We’re at a point in time where security testing is going to be critical for manufacturing products coming out of the factory,” Rakaczy noted. “We’ll have to embed in our QA (quality assurance) practices a set of criteria that will validate the security settings of the devices, and the source code that’s being created.” But those criteria haven’t yet been established, he said. So to some degree, both Wurldtech and Mu Security “are putting the cart before the horse” in offering certifications today, Rakaczy opined.  

Rakaczy said that the needed criteria may eventually come together through the activities of various organizations, including the proposed ISA Security Compliance Institute. The ISCI—which is still in its formative stages—has as part of its mission to “accelerate the development of industry standards that can be used to certify that control systems products meet a common set of security requirements.” The body is seeking founding members from among the vendor and user communities who will provide funding and strategic direction. The ISCI membership application due date is Sept. 1, and if the organization hits its 21-month launch plan, conformance certifications would begin in June 2009.

Emerson Process Management
www.emersonprocess.com

Honeywell Process Solutions
http://hpsweb.honeywell.com

Invensys
www.invensys.com

Mu Security
www.musecurity.com

Wurldtech Security Technologies
www.wurldtech.com