With increased connectivity at all levels, it is more important than ever that industrial automation suppliers secure not only networks or individual components but entire automation systems as well. After years of work toward this goal, Emerson has achieved the industry’s first ISASecure System Security Assurance (SSA) Level 1 certification for its DeltaV distributed control system (DCS) and safety instrumented system (SIS) v.14.3.
Emerson executives mentioned the certification a couple times during the Emerson Global Users Exchange in San Antonio last fall, noting how it set the company’s DeltaV apart. “It’s the first and only process control system to receive ISASecure SSA Level 1 certification, rather than look at individual components,” said Peter Zornio, chief technology officer for Emerson Automation Solutions, at the time.
Now Emerson has made a formal public announcement, sharing further details behind the certification. Issued by industry consortium ISA Security Compliance Institute (ISCI), it certifies that Emerson’s DeltaV control and safety systems are robust against network and system attacks. ISASecure SSA Level 1 certification covers the most critical standards of cybersecurity standards ANSI/ISA 62443 (IEC 62443). The SSA certification applies to industrial control systems and ensures the required security features can be supplied to build a defendable system. Components within the system are also subjected to robustness testing.
In addition, Emerson sites in Austin, Texas, and Manila, Philippines, have received ISASecure Security Development Lifecycle Assurance (SDLA) Level 1 certification. This ensures that the processes at these sites used to develop all new code in DeltaV v.14.3 meet the security requirements specified in the ISASecure standards.
Emerson began the preparation for ISASecure SSA Level 1 certification in 2015, including the development of more advanced hardware and implementation of secure software code development practices. The certification program relies on a functional security assessment based on the ISA/IEC 62443-3-3 standard. “There is also an overall system architecture that must be created to test for compliance to the ISASecure standards,” Emerson noted. “The reference architecture enables assessment of available security features and testing of all embedded components to ensure they comply with the standards.”
With the DeltaV deployed in key industries as oil and gas, refining, chemical, power and life science, end users are looking to move along a digital transformation—but securely. This new certification for the DCS does not mean that end users no longer need to be proactive about cybersecurity in their facilities, but it does assure them that their DeltaV DCS and SIS have the security features needed to deploy a defendable solution.
“The world’s leading industrial manufacturers are leveraging transformative digital technologies and methods to improve production reliability, safety and overall performance while focusing intensely on cybersecurity,” Zornio said. “We are committed to helping our customers securely optimize their operations across the globe in an environment of increasing cyber threats.”
The ISA cybersecurity certification is designed to help the industry navigate this digital landscape and recognize products with enhanced cybersecurity measures.
“ISA developed the ISASecure cybersecurity certification to give asset owners confidence in their industrial control systems and to promote supplier best practices that protect automation systems and the operations they control,” said Andre Ristaino, managing director of ISCI. “Emerson is taking a leading role that we hope other vendors will follow in further protecting personnel and processes alike from today’s increasing security threats.”