New ISA99 standard addresses risks of IT cybersecurity solutions

International Society of Automation released a new standard in the ISA-62443 series addressing risks stemming from the use of business information technology cybersecurity solutions. The use of such solutions is growing in complex and dangerous manufacturing and processing applications to mitigate vulnerabilities in industrial automation and control systems (IACS), but security goals often differ for IACS and IT. While IACS prioritizes control system availability, plant protection and operations, and time-critical system response, IT security focuses on protecting information rather than physical assets.

According to ISA, “use of IT cybersecurity solutions to address IACS security must be implemented knowledgeably to prevent unintended vulnerabilities that could lead to potentially disastrous health, safety, environmental, financial and/or reputational impacts in deployed control systems.” The new standard is designed to address that concern by defining system requirements based on risk assessment, functional requirements and an awareness of operational issues.

“This standard provides highly relevant and practical direction to asset owners, system integrators and suppliers by describing the major system-level technical requirements for a secure IACS,” says ISA99 co-chair Eric C. Cosman of the Dow Chemical Company. “It serves as a cornerstone in the ISA-62443/IEC 62443 series, complementing other standards including ISA-62443-2-1, which addresses the processes and procedures needed for security.”

The standard is available at www.isa.org/findstandards by selecting 62443 from the drop-down list or by calling 1-919-990-9200.