JAN-FEB 2019

Issue link:

Contents of this Issue


Page 45 of 55

46 INTECH JANUARY/FEBRUARY 2019 WWW.ISA.ORG United Nations commission to integrate ISA/IEC 62443 into Cybersecurity Regulatory Framework organization de pending upon the threats it is exposed to, the likelihood of those threats arising, the inherent vulnerabilities in the system, and the consequences if the system were to be compromised. Further, each organization that owns and operates an IACS has its own tolerance for risk. ISA/IEC 62443-3-2 will define a set of engineering measures to guide organiza- tions through the process of assessing the risk of a particular IACS and identifying and applying security countermeasures to reduce that risk to tolerable levels. A key concept is the application of IACS security zones and conduits, which were introduced in ISA/IEC 62443-1-1: Con- cepts and Models. The new standard provides a basis for specifying security countermeasures by aligning the identi- fied target security level with the required security level capabilities set forth in ISA/ IEC 62443 - 3 - 3: System Security Require- ments and Security Levels. For information on viewing or obtain- ing any of the ISA/IEC 62443 standards, visit For infor- mation on ISA99 and the ISA/IEC 62443 series of cybersecurity standards, contact Eliana Brazda, ISA Standards, ebrazda@ or +1-919-990-9200. n nents, host components, and software applications. The standard, which is based on the IACS security requirements of ISA/IEC 62443 - 3-3, System Security Requirements and Security Levels, speci- fies security capabilities that enable a component to mitigate threats for a giv- en security level without the assistance of compensating countermeasures. n ISA/IEC 62443-4-1, Security for Indus- trial Automation and Control Systems: Product Security Development Life- Cycle Requirements, specifies process requirements for the secure develop - ment of products used in an IACS and defines a secure development life cycle for developing and maintaining secure products. The life cycle includes secu - rity requirements definition, secure de- sign, secure implementation (includ- ing coding guidelines), verification and validation, defect management, patch management, and product end-of-life. In addition, another standard in the se- ries is nearing completion. ISA/IEC 62443- 3-2, Security Risk Assessment, System Partitioning and Security Levels, is based on the understanding that IACS security is a matter of risk management. That is, each IACS pres ents a different risk to an T he United Nations Economic Com- mission for Europe (UNECE) con- firmed at its annual meeting in late 2018 that it will integrate the widely used ISA/IEC 62443 series of standards into its forthcoming Common Regulatory Frame- work on Cybersecurity (CRF). The CRF will serve as an official UN policy po si- tion statement for Europe, establishing a common legislative basis for cybersecu- rity practices within the European Union trade markets. At the same time, the UNECE's Work- ing Party on Regulatory Cooperation and Standardization Policies recognized the ISA99 standards development commit - tee for its leading role in conceiving and developing the widely used standards. The ISA/IEC 62443 standards are devel- oped primarily by the ISA99 committee, with simultaneous review and adoption by the Geneva-based International Electro- technical Commission (IEC). ISA99 draws on the input of cybersecurity experts across the globe in developing consensus standards that are applicable to all industry sectors and critical infrastructure, provid- ing a flexible and comprehensive frame- work to address and mitigate current and future security vulnerabilities in industrial automation and control systems (IACS). UN recognition of ISA99 capped a year in which two major standards in the ISA/ IEC 62443 series were completed: n ISA/IEC 62443-4-2, Security for Indus- trial Automation and Control Systems: Technical Security Requirements for IACS Components, provides the cybersecurity technical requirements for components that make up an IACS, specifically the embedded devices, network compo- standards | New Benchmarks & Metrics Updated fire and gas technical report completed by ISA84 A newly revised technical report has been completed by the ISA84 standards committee, Instrumented Systems to Achieve Functional Safety in the Process Industries. ISA-TR84.00.07, Guidance on the Evaluation of Fire, Combustible Gas, and Toxic Gas System Effectiveness, is intended to help address detection and mitigation of fire, combustible gas, and toxic gas hazards in process areas. Fire detec- tion and mitigation within nonprocess areas are outside the scope of the document. Fire and gas systems per this technical report are a subset of industrial automation and control systems that are used in the process industries to detect loss of contain- ment of hazardous materials from a process and initiate a response to mitigate the release impact. Loss of containment can be a small leak or a catastrophic release. It can be detected by measuring the presence of the released materials or inferred from the effects of the release. For information on viewing or obtaining this or any of the ISA84 standards and tech- nical reports, visit n

Articles in this issue

Links on this page

Archives of this issue

view archives of InTech - JAN-FEB 2019