New Alliance Aims to Boost Industrial Cybersecurity Awareness
The group hopes to increase cybersecurity awareness, education, and knowledge sharing around industrial cybersecurity concerns.
An organization behind one of the leading automation standards is hoping a new consortium will bring better cybersecurity awareness to the manufacturing and critical infrastructure sector.
The International Society of Automation, a non-profit technical society that specializes in all matters of automation announced Wednesday the creation of a new group, the ISA Global Cybersecurity Alliance.
"Several leading automation and other technology providers have engaged ISA to explore how they can work with us to proactively increase awareness and adoption of cybersecurity best practices, standards, and compliance in all relevant sectors," said ISA Executive Director Mary Ramsey. "As an independent non-profit organization dedicated to improving operational excellence, ISA is uniquely able to fulfill the need for open, collaborative discussions and knowledge sharing."
ISA is also behind ANSI/ISA 62443, a series of standards, technical reports, and related information used to implement secure Industrial Automation and Control Systems (IACS). The standard was formerly known as ISA-99 but was renamed in 2010 when it was released by the American National Standards Institute.
ISA says the group will bring together representatives from companies, control system vendors, IT and OT infrastructure providers, system integrators, and others involved in the industry to workshop ways to better mitigate risks to their systems.
The group will also be tasked with furthering adoption of compliance and standards – including its own – throughout the field, something it hopes will address gaps and inform best practices, and develop certification and education programs for industry professionals. It’s assumed the certification programs will be in addition to those that ISA already offers. The group currently runs two certification programs, both around manufacturing and automation - one's specific to those working in process automation and manufacturing automation industries, the other certifies workers who handle control systems.
Plenty of private corporations form their own partnerships to pool their resources and raise awareness; there’s also no shortage of non-profits working to raise awareness around cybersecurity, including the National Cyber Security Alliance, the Cyber Threat Alliance, the IoT Cybersecurity Alliance, the Global Cyber Alliance, and the Cloud Security Alliance, to name a few, there is a lack of groups that specialize in industrial and manufacturing cybersecurity.
The formation of the alliance comes at the right time.
With the industrial supply chain becoming increasingly more splintered, the sector has ripened as a target for attackers, especially those in search of valuable intellectual property. Manufacturing firms, this year especially, have been plagued by ransomware, including Illinois' C.E. Niehoff & Co., Europe's Aebi Schmidt, and Norway's Norsk Hydro. Last year Russia was linked to a strain of malware, Triton, which seeks to disrupt industrial control systems by disabling safety systems.
"The ICS cybersecurity threat landscape is becoming more complex, with more direct attacks on control system, IT, and OT infrastructure. Frequently backed by hostile nation-states, malevolent actors are becoming more sophisticated at targeting specific aspects of industrial control systems that have the potential to wreak havoc in the physical world, such as process safety systems," Larry O'Brien, Vice President of Research for Massachusetts-based ARC Advisory Group told ISA, "Standards and frameworks are valuable, but end users also need the resources to take the guidance provided by standards and put it into practice in real-world plant and OT environments.”