Friday, April 5, 2013

Automation in US's Cybersecurity Framework initiative

Representatives of Automation professionals to participate in the first US Standard's body meeting for developing the Cybersecurity Framework!

At the request of the American National Institute of Standards and Technology (NIST), representatives from the Automation Federation  were invited to participate in the first NIST meeting for developing a national cybersecurity program called for by President Barack Obama.

The Wednesday meeting, held at the office of the United States Department of Commerce offices in Washington, DC, is an important step in establishing the Cybersecurity Framework within President Obama’s Executive Order announced in his State of the Union address to confront the growing threat of cyberattacks on our nation’s critical infrastructure. The Cybersecurity Framework will include “standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks,” and “help owners and operators of critical infrastructure identify, assess, and manage cyber risk.”
"...align...technological approaches to address cyber risks.." US President Obama (12/2/2013)
Pat Gallagher, Director of NIST, has been instructed to lead the effort to develop the Cybersecurity Framework. Responding to NIST’s invitation to participate in the initial meeting were Automation Federation’s Leo Staples, 2013 Automation Federation Energy Committee Chair; Eric Cosman, Chair of ISA99 Security Committee; Steve Mustard, member of the Automation Federation Government Relations Committee; and Mike Marlowe, Automation Federation Managing Director and Government Relations Director. Cosman, in addressing the NIST Cybersecurity Framework meeting, said that “securing automation control systems from cyberattacks is at the heart of protecting our nation’s critical infrastructure.”

The NIST Cyber Security Framework for Reducing Cyber Risks to Critical Infrastructure is a mechanism to help secure a wide range of systems by working with industry and standards organizations to leverage existing industry standards. As the founding organization of the Automation Federation, the International Society of Automation (ISA) provides cybersecurity standards, processes, and training focused on Industrial Automation & Control Systems (IACS). Since 1945, ISA has a proven track record creating and extending standards as demonstrated by successful IACS- related standards, including ISA95, ISA88 and ISA84. ISA provides users with cybersecurity training programs for building the next generation of cybersecurity professionals.

Automation Federation and ISA are committed to working with NIST to meet targeted deadlines in completing the Cybersecurity Framework as outlined in President Obama’s Executive Order. Members of the Automation Federation will participate at the next NIST Cybersecurity Framework meeting, which is scheduled for 29-31 May 2013 at Carnegie Mellon University in Pittsburgh, (PA, USA).

The Automation Federation has advocated the development and application of consensus industry standards to protect vital industrial and critical infrastructure. It has voiced the importance of including the American National Standards developed by ISA99, Industrial Automation and Control Systems Security, a multi-industry initiative of ISA as part of the Cybersecurity Framework. These standards apply to all key industry sectors and critical infrastructure. Given the interconnectivity of today’s advanced computer and control networks--where vulnerabilities exploited in one sector can impact and damage multiple sectors--it’s essential that cybersecurity standards be broadly applicable across industries.

ISA Security Compliance Institute (ISCI), an affiliate of ISA, has also developed a widely recognized compliance and testing program that ensures that industrial automation and control devices and equipment conform to consensus cybersecurity standards. The Automation Federation is promoting the work of ISCI as part of the Cybersecurity Framework.

No comments:

Post a Comment