Scribd
Upload
138 views18 pages

ISA-99 - Industrial Automation & Control Systems Security: Jim Gilsinn

The document discusses ISA-99, which addresses security for industrial automation and control systems. It has over 500 members from various sectors including chemical processing, power, and manufacturing. ISA-99 works to develop standards and guidance through various documents series, technical committees, and international cooperation to help secure industrial control systems and critical infrastructure.

Uploaded by

chashmian9652
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
138 views18 pages

ISA-99 - Industrial Automation & Control Systems Security: Jim Gilsinn

The document discusses ISA-99, which addresses security for industrial automation and control systems. It has over 500 members from various sectors including chemical processing, power, and manufacturing. ISA-99 works to develop standards and guidance through various documents series, technical committees, and international cooperation to help secure industrial control systems and critical infrastructure.

Uploaded by

chashmian9652
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

ISA-99 – Industrial Automation & Control

Systems Security
Jim Gilsinn
National Institute of Standards & Technology (NIST)
Engineering Laboratory

#GridInterop
Grid-Interop 2011
ISA99 Committee

• Addresses Industrial Automation and Control


Systems
• Compromise could result in:
– Endangerment of public or employee safety
– Loss of public confidence
– Violation of regulatory requirements
– Loss of proprietary or confidential information
– Economic loss
– Impact on entity, local, state, or
national security

#GridInterop Phoenix, AZ, Dec 5-8, 2011 Grid-Interop 20112


• Over 500 members
• Sectors include:
– Chemical Processing
– Petroleum Refining
– Food and Beverage
– Power
– Pharmaceuticals
– Discrete Part Manufacturing
– Process Automation Suppliers
– IT Suppliers
– Government Labs
– Consultants

#GridInterop Phoenix, AZ, Dec 5-8, 2011 Grid-Interop 20113


Connecting with Others
ISA84
(Safety)

ISA100
MSMUG
(Wireless) ISA99
Committee

IEC & ISO ISCI


(International) (Compliance)

#GridInterop Phoenix, AZ, Dec 5-8, 2011 Grid-Interop 20114


ISA-99 Work Products

• 4 Main Series
– General
– Policies &
Procedures
– System
– Component
• IEC 62443
Series Matches

Current as of December 2011


#GridInterop Phoenix, AZ, Dec 5-8, 2011 Grid-Interop 20115
ISA-99 Work Products

• Terminology,
concepts and
models
– Foundational
Material
– Consistent
Terminology

Current as of December 2011


#GridInterop Phoenix, AZ, Dec 5-8, 2011 Grid-Interop 20116
ISA-99 Work Products

• Security
Compliance
Metrics
– Consistent
– Usable
– Quantitative
– Non-trivial
– Measure
Achieved SALs

Current as of December 2011


#GridInterop Phoenix, AZ, Dec 5-8, 2011 Grid-Interop 20117
ISA-99 Work Products

• Establishing &
Operating a
Security
Program
– Asset Owner
Focused
– Non-Technical
– Based upon
ISO/IEC 27002
– IACS-Specific
Requirements &
Guidance
Current as of December 2011
#GridInterop Phoenix, AZ, Dec 5-8, 2011 Grid-Interop 20118
ISA-99 Work Products

• Patch
Management
– Applying Well-
Established
Practices to
IACS
– XML Schema for
Patch
Descriptions

Current as of December 2011


#GridInterop Phoenix, AZ, Dec 5-8, 2011 Grid-Interop 20119
ISA-99 Work Products

• Security
Technologies
– Guidance on
Applying
Existing Tools,
Technology and
Controls to IACS

Current as of December 2011


#GridInterop Phoenix, AZ, Dec 5-8, 2011 Grid-Interop 2011
10
ISA-99 Work Products

• Zones &
Conduits
– Defining Logical
Architecture
Breakdown
– Determine
Target SALs

Current as of December 2011


#GridInterop Phoenix, AZ, Dec 5-8, 2011 Grid-Interop 2011
11
ISA-99 Work Products

• System-Level
Security
Requirements
– Technical
Controls
– IACS-Specific
Requirements &
Guidance
– Specifies
Capability SALs

Current as of December 2011


#GridInterop Phoenix, AZ, Dec 5-8, 2011 Grid-Interop 2011
12
ISA-99 Work Products

• Product
Development
Lifecycle
– Requirements
for Each
Development
Phase
– Building Security
in From Ground
Up

Current as of December 2011


#GridInterop Phoenix, AZ, Dec 5-8, 2011 Grid-Interop 2011
13
ISA-99 Work Products
• Component-Level
Security
Requirements
– Technical
Controls
– Expand System-
Level Reqs. For
Individual
Components
– IACS-Specific
Requirements &
Guidance
– Specifies
Capability SALs

Current as of December 2011


#GridInterop Phoenix, AZ, Dec 5-8, 2011 Grid-Interop 2011
14
IEC 62443 Document Series

• IEC 62443-2-4
– Additional
Document in
IEC Series
– Outside ISA99
Structure
– Vendor
Certification
Requirements

Current as of December 2011


#GridInterop Phoenix, AZ, Dec 5-8, 2011 Grid-Interop 2011
15
Additional Technical Working Groups

• WG7 – Security & Safety


• WG8 – Communications & Outreach
• WG9 – Wireless Security
• WG11 – Nuclear Plant Security

#GridInterop Phoenix, AZ, Dec 5-8, 2011 Grid-Interop 2011


16
Applying the ISA-99 Work Products

• Several organizations using


– Concepts as defined in ISA-99.01.01
– Programs as defined in ISA-99.02.01
– Zone & Conduit model
• Case studies are becoming available
• Overall, the feedback is quite good!

#GridInterop Phoenix, AZ, Dec 5-8, 2011 Grid-Interop 2011


17
More Information

• ISA99 Wiki
– http://isa99.isa.org
• Contacts
– Eric Cosman, [email protected]
– Bryan Singer, [email protected]
– Jim Gilsinn, [email protected]
• ISA Staff
– Charley Robinson, [email protected]

#GridInterop Phoenix, AZ, Dec 5-8, 2011 Grid-Interop 2011


18

You might also like