New ISA/IEC cybersecurity standard released


Friday, 28 September, 2018
New ISA/IEC cybersecurity standard released

The ISA/IEC 62443 series of standards, developed by the ISA99 committee as American National Standards and adopted globally by the International Electrotechnical Commission (IEC), is designed to provide a flexible framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems (IACS).

A newly published standard in the series — ISA/IEC 62443-4-2-2018, Security for Industrial Automation and Control Systems: Technical Security Requirements for IACS Components — provides the cybersecurity technical requirements for components that make up an IACS, specifically the embedded devices, network components, host components and software applications. The standard sets forth security capabilities that enable a component to mitigate threats for a given security level without the assistance of compensating countermeasures.

"The standard definition of the security capabilities for system components provides a common language for product suppliers and all other control system stakeholders," said Kevin Staggs of Honeywell, who led the ISA99 development group for the standard. "This simplifies the procurement and integration processes for the computers, applications, network equipment and control devices that make up a control system."

The new standard follows the February 2018 publication of ISA/IEC 62443-4-1, Product Security Development Life-Cycle Requirements, which specifies process requirements for the secure development of products used in an IACS and defines a secure development life cycle for developing and maintaining secure products. The life cycle includes security requirements definition, secure design, secure implementation (including coding guidelines), verification and validation, defect management, patch management and product end-of-life.

The ISA99 standards committee draws on the input and knowledge of IACS security experts from across the globe to develop consensus standards that are applicable to all industry sectors and critical infrastructure. Previous documents in the ISA/IEC 62443 series cover terminology, concepts and models; establishment of an IACS security program; patch management; and system security requirements and security levels. All may be accessed at www.isa.org/findstandards.

For more information on ISA99 and the ISA/IEC 62443 series of standards, contact Eliana Brazda, ISA Standards, ebrazda@isa.org.

Image: ©stock.adobe.com/au/Jürgen Fälchle

Related News

AVEVA collaborates with Microsoft on industrial AI assistant

AVEVA's industrial AI assistant, running on Microsoft Azure OpenAI Service, is designed to be...

Hexagon and Dragos announce technical partnership on OT cybersecurity

The technical partnership will focus on integrating the OT cybersecurity capabilities of the...

Claroty appoints Wavelink as sole distributor for entire Australian business

Wavelink has announced that cybersecurity solutions company Claroty has awarded Wavelink the sole...

Content from other channels on our network

EV future for Monash Uni

Shell Cove battery launched on NSW South Coast

Million-dollar rooftop solar for Kimberley hospital

Protecting wildlife from electrical assets — and vice versa

Immersive VR training for electricians

The countdown to Melbourne is on

Diversity and inclusion program launched for trucking industry

Safe and sound: SafeWork SA launches hearing loss campaign

Scrap metal recycler fined $40K over crush injury

Engaging the workforce with safety wearables: key considerations

Could carbon financing boost green wastewater treatment?

Better data is the key to meeting ESG standards

Transforming pill packaging into fencing

Can I see your (product) passport please!

New partnership to focus on textile recycling

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd