The rise of new cybersecurity technology providers, along with the growing alliances between those companies and established automation suppliers, are not the only sources of heightened activity around industrial cybersecurity these days. Well-known industry organizations and technology suppliers are joining forces too.
A high-profile example of this can be seen in the recently formed global partnership between Siemens and the International Society of Automation (ISA). According to the press release announcing the partnership, Siemens and ISA “will share expertise in protecting the automation environment based on the IEC 62443 standard and appropriate security measures in the form of events, webinars and further educational material. Together, ISA and Siemens intend to raise awareness and share best practices for industrial security with owner-operators of industrial equipment.”
Explaining the development of this Siemens/ISA partnership, Henning Rudolf, global head of Siemens Plant Security Services, said, “The work of the ISA laid the foundation for the multi-standard IEC 62443 series as we know it today. Siemens industrial security offerings, including automation and network products as well as services, are structured around IEC 62443. In addition, Siemens has created an Industrial Holistic Security Concept built on the security levels as defined in the IEC 62443 and the maturity model based on ISO 27001. Siemens has been certified, according to IEC 62443, for its critical processes and systems by the German TÜV. Due to this close collaboration, Siemens and ISA have decided to join forces to raise the awareness around cybersecurity in the automation world.”
The first projects planned as part of this partnership are two live webinars, the first of which is titled "Cybersecurity for Control Systems in Process Automation" with Siemens Plant Security Services Product & Solution Security Officer (PSSO) Robert Thompson and ISA 99/IEC 62443 Committee Co-Chair Eric Cosman taking place on the 28th of September. The second webinar, focusing on discrete manufacturing, will be announced soon.
Commenting on the current state of activity in the industrial cybersecurity market, Rudolf said, “Cybersecurity is a general challenge for the automation industry; therefore, we welcome cooperation between security technology providers and automation vendors.”
Rudolf noted that Siemens follows a risk-based defense-in-depth approach as defined in the IEC 62443. “A defense-in-depth approach consists of a multi-layered approach of protection, where only the combination of different security measures leads to the fulfillment of the needed security level,” he said.
In addition to such protection measures, Rudolf said industrial companies should implement detection and remediation measures depending on the automation operator’s risk profile. “Implementing security measures is of vital importance for owners and operators of automation environments to ensure that their production is not negatively impacted,” he said. “In the light of a maturing industry, we believe that different technologies need to be integrated on a common platform to ensure consistency and modular usage based on customer needs.”