ISCI Achieves First Milestone on Path to Industrial Cyber-security Compliance Test Specification
Sept. 2, 2009
The ISA Security Compliance Institute announces approval of an Embedded Controller Security Assurance Framework.
{mosimage} The ISA Security Compliance Institute (ISCI, www.isa.org/isasecure) announced on Sept. 1 that it has formally approved an Embedded Controller Security Assurance (ECSA) Framework.
The ECSA Framework approval is an initial milestone in the effort by the ISCI—an industry consortium affiliated with the International Society of Automation (ISA)—to produce a specification for cyber-security compliance testing of industrial automation control products. Control systems that achieve compliance under the tests will receive the ISASecure designation.
The ECSA Framework establishes important foundational definitions necessary for completion of the ISASecure ECSA test specification, ISCI said. It establishes the scope of the ISASecure test specification, and identifies the embedded controller testing approach and high level criteria for passing or failing the ISASecure tests.
A publicly available version of the ISASecure ECSA Framework describing the ECSA certification program will be published and posted on the ISCI Web site during September, according to the announcement.
Test trio
The detailed ISASecure ECSA certification includes three broad areas of assessment for embedded controllers—Security Functional Assessment, Protocol Robustness Testing, and Software Development Security Assessment. The ECSA test specification will undergo an independent review and is slated for completion at the end of this year’s third quarter, the ISCI said.
“This is an important first milestone toward our original vision for the ISCI,” said Johan Nye, chairman of the ISCI governing board. “The ISASecure certification program will provide assurances to owner/operators that products meet known cyber security requirements based on industry standards.”
The ISASecure test specification is designed to be used by suppliers in their product development and manufacturing processes to facilitate baseline security levels in industrial automation control systems products. The same ISASecure test specification will also be used by ISCI-accredited independent labs to certify cyber-security characteristics of industrial automation control products using ISCI accredited test tools. ISASecure certification testing will begin in the first quarter 2010, the ISCI said.
Shorten project timelines with these hidden-gem Ignition efficiency tips for designing HMIs, provided by Inductive Automation Sales Engineer Reese Tyson.
Get ready for that “where has this been all my life?” moment—over 25 hidden Ignition features await in our webinar. Our experts show how to boost your productivity and streamline...
Advanced software solutions, like those built in the Ignition platform from Inductive Automation, can provide a crucial means to navigating electrical grid challenges.
Unlock seamless data flow across your manufacturing sites with MQTT and Ignition—turn siloed operations into a connected, data-driven enterprise. Discover how standardization,...
