Friday, 15 February 2013

Automation input into US cybersecurity standards

Working with the US Government, the Automation Federation is helping to forge national security standards, guidelines and compliance testing for safeguarding America’s critical infrastructure from cyberattacks. At the request of the administration and in the wake of the US President’s executive order on cybersecurity, representatives of the Automation Federation participated in key meetings yesterday with White House National Security Staff and other key stakeholders.

In his traditional State of the Union address Tuesday evening, US President Obama emphasised the significance of cybersecurity standards in protecting “our national security, our jobs, and our privacy.”

A key section within the president’s executive order calls for the establishment of a “Cybersecurity Framework,” to include “standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks,” and will “help owners and operators of critical infrastructure identify, assess, and manage cyber risk.”

Leo Staples,
2013 AF Energy Committee Chair
 at US Government talks
The Automation Federation supports continued development and application of consensus industry standards, in conjunction with key regulatory bodies, to protect vital industrial and critical infrastructure. The Automation Federation is advocating the inclusion of American National Standards developed by ISA99, Industrial Automation and Control Systems Security, a multi-industry initiative of the International Society of Automation (ISA). ISA99 standards apply to all key industry sectors and critical infrastructure. Given the interconnectivity of today’s advanced computer and control networks--where vulnerabilities exploited in one sector can impact and damage multiple sectors--it’s essential that cybersecurity standards be broadly applicable across industries.

Developed by a cross-section of international cybersecurity subject-matter experts from industry, government and academia, the ISA99 standards represent a comprehensive approach to cybersecurity in all industry sectors. As a result of their global compatibility, ISA99 standards are being adopted by the International Electrotechnical Commission (IEC) and will be referenced as IEC 62443.

ISA Security Compliance Institute (ISCI), an affiliate of ISA, has also developed a widely recognised compliance and testing program that ensures that industrial automation and control devices and equipment conform to consensus cybersecurity standards. The Automation Federation is promoting the work of ISCI as part of the implementation of the president’s executive order.

According to Michael Daniel, Special Assistant to the President and White House Cybersecurity Coordinator, standards development is one of the three pillars of the president’s executive order, with information sharing and privacy being the other two.

Leo Staples, 2013 Automation Federation Energy Committee Chair, said the Automation Federation and its member organizations are honored to assist the US administration in establishing effective cybersecurity safeguards for America’s industrial automation and control systems.

Staples, along with Steve Mustard, member of the Automation Federation Government Relations Committee; Michael Marlowe, Automation Federation Managing Director and Government Relations Director; members of the ISA99, Industrial Automation and Control Systems Security committee; and ISCI members participated in cybersecurity planning meetings on Wednesday (13/2/2013) in the US capitol.

Key government officials in attendance, in addition to Daniel, included Rebecca Blank, Deputy Secretary, US Department of Commerce; General Keith Alexander, Commander of US Cyber Command and the Director of the National Security Agency; and Jane Holl Lute, Deputy Secretary of the US Department of Homeland Security.

The president’s commitment to cybersecurity reflects rapidly growing governmental concerns about the risks of cyberattacks against the nation’s critical infrastructure. Last year, the US Department of Homeland Security reported nearly 200 attacks on the nation’s critical infrastructure, a 52% increase from the prior year.

White House National Security Staff encourage the continued participation of the Automation Federation in the implementation of the executive order, and working toward the development of federal cybersecurity legislation.

No comments:

Post a Comment