One of the biggest trends around industrial cybersecurity has been the emergence of various alliances to educate industry on the need for greater cybersecurity protections and to align available technologies. Automation World covered these alliances in depth in a recent feature article: “Putting the Pieces Together for a Secure Industry."
Since the publication of that article in May, another industrial cybersecurity alliance has been announced. This new alliance is the ISA Global Cybersecurity Alliance. According to the ISA (International Society of Automation), this alliance is designed to bring together a global group of stakeholders from end-user companies, control system vendors, IT and OT infrastructure providers, system integrators, and others affiliated with global industry to benefit everyone.
Founding members of this alliance are Claroty, Honeywell, Johnson Controls, Nozomi Networks, Rockwell Automation, and Schneider Electric. Though the founding members are all industrial technology suppliers, the ISA stresses that membership is open to any organization involved in industrial cybersecurity, including end users, automation providers, system integrators, consultants, insurance providers, and government agencies. Membership contributions to the alliance are revenue-based and tax-deductible, according to the ISA.
Explaining how this ISA Global Cybersecurity Alliance will differentiate itself from other industrial cybersecurity alliances, Andre Ristaino, managing director at ISA, said: “Many companies are addressing cybersecurity issues in their own ecosystems, which is a good, but limited, approach. The issues we’re trying to address are multivendor issues. Our focus is on marketplace enablement, which includes collaboration among industry groups to implement standards. We want to move cybersecurity from an art to an engineering discipline like we did years ago with safety.”
“With the ISA99 security standard, we have demonstrated that we can collaborate on this issue,” Eric Cosman, ISA’s 2019 president-elect, said, adding that the ISA99 committee now has more than 900 members. “We will be extrapolating that model for the ISA Global Cybersecurity Alliance.”
Ristaino noted that a primary goal of this ISA Global Cybersecurity Alliance is to proliferate adoption of and compliance with global standards. More specifically, this goal will concentrate on the ISA99/IEC 62443 series of standards, with the aim of developing application guides that help specific industry verticals apply these standards.
The ISA notes that the ISA99/IEC 62443 series of standards is the world’s only consensus-based cybersecurity standard for automation and control system applications. These standards codify hundreds of years of operational technology and IoT cybersecurity subject matter expertise, defining requirements and procedures for implementing electronically secure automation and industrial control systems and security practices, and assessing electronic security performance to bridge the gap between operations and information technology and between process safety and cybersecurity.
ISA Executive Director Mary Ramsey added that a key plan for the alliance is to move from standards development to documentation and skill development.
“Standards are not meant to be read by civilians,” added Cosman. “They need guidance, and that’s what this alliance is being developed for.”
In addition to the alliance’s work around the ISA99/IEC 62443 series of standards, ISA noted that members of the alliance will bring their expertise and experience together to increase thought leadership and industry-wide awareness; expand advocacy and outreach to governments, regulatory agencies, and stakeholder organizations around the world; share knowledge and information in an open environment; expand compliance and prevention initiatives; and provide best practice tools to help companies navigate the entire lifecycle of cybersecurity protection.
