ISA committee launches major effort, nears completion of standards

By Plant Engineering Staff October 24, 2006

In meetings at ISA EXPO this week, the ISA-SP99 Industrial Automation and Control Systems Security Committee focused on preparations to issue its first two standards and an updated guideline for committee voting, while launching a new working group to develop another standard in the ISA-99 series.

The committee decided to issue its Part 1 draft standard in November for what is expected to be a final round of committee voting. This standard, “Security for Industrial Automation and Control Systems: Concepts, Terminology and Models,” will define the concepts, terminology, and models of industrial automation and control systems security, establishing the basis for the remaining standards in the ISA-99 series.

“Previous reviews and voting on the Part 1 draft generated over 250 comments from control system security experts across industry,” stated Eric Cosman, of Dow Chemical Company and ISA-SP99 principal editor. “This input has considerably strengthened the draft and we are very confident our upcoming ballot will lead to publication of Part 1 as an American National Standard in early 2007,” he added.

Prior reviews and voting on the Part 2 draft standard, “Establishing an Industrial Automation and Control Systems Security Program,” resulted in a similar influx of comments that are being factored into a revised draft planned for committee balloting in early 2007. “As with Part 1, the review and commenting process has strengthened the Part 2 draft considerably,” stated Part 2 editor James Gilsinn of the National Institute of Standards and Technology. The Part 2 standard will provide detailed guidance for developing a management system and program for the cyber security of industrial automation and control systems.

The ISA-SP99 committee made two additional announcements at ISA EXPO:

%%POINT%% Launch of a new working group to develop the ISA-99 Part 4 standard, Specific Security Requirements for Industrial Automation and Control Systems, which will provide the details of how security levels can be measured and established for specific systems, hardware and software.

%%POINT%% The impending release for committee voting of an update of ISA-TR99.00.01, Security Technologies for Industrial Automation and Control Systems, which provides an evaluation and assessment of current types of electronic security technologies and tools that may be employed by end-user companies for securing these systems against cyber attack.