Members

ISA Insights

August 2008

Automation Federation Spotlight: Cybersecurity

Cybersecurity has quickly climbed up the priority list of importance among governmental agencies that are charged with the protection of our nation against the risk of a terrorist threat. Anyone working in industries serving the public, such as the power, food, and pharmaceuticals industries know the importance of developing a sound way to deal with cyber security and the issues involved. In general, cyber security involves protecting information by preventing, detecting, and responding to attacks. The issue of security has been on ISA’s radar for decades, and as a member of the American National Standards Institute, ISA has harnessed this multi-sector expertise in two major ongoing industrial cyber security initiatives:

• The ISA99 Standards Development Committee, which is developing American National Standards and guidelines on Automation and Control Systems (IACS) cybersecurity technologies and programs that can be universally applied across all industry sectors. ANSI/ISA-99.00.01-2007 Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts, and Models, is the first in a series of ISA standards that addresses the subject of cybersecurity for industrial automation and control systems. This Part 1 standard describes the basic concepts and models related to cyber security.
• The ISA Security Compliance Institute, which supports effective implementation of industry standards via compliance testing, market awareness, technical support, and education.

In the U.S., cybersecurity has grown into a multi-billion industry and threats to cybersecurity falls under the Homeland Security Subcommittee on Emerging Threats. At the request of the Subcommittee staff the Automation Federation sent a cybersecurity team to meet with committee staff in May and most recently in July to discuss the issue of cybersecurity and to get important insight on what steps should be taken to secure our nation from an attack. The Automation Federation team met with Erik Hopkins, legislative staff member for Tom Carper (DE); David Cole, legislative staff member for Senator Susan Collins (ME); and Adam Sedgewick, legislative staff member for Senator Joe Lieberman (CT) to discuss key questions poised by the Members of the Senate Subcommittee. Subcommittee staff asked the Automation Federation team to continue working with the Senators in the months to come as the Subcommittee prepares action items for the Members of Congress to consider regarding the issue of cybersecurity. Mike Marlowe, Government Relations Director for the Automation Federation said “The Automation Federation is becoming a valued resource that Congressional staff and Members are looking to for information to address issues such as cybersecurity as well as other issues pertaining to automation.”

The Automation Federation team also met with Homeland Security Committee staff to discuss cybersecurity questions poised by House Members. The team shared a written response to the questions and then elaborated on the information that was provided.

The Automation Federation has been asked to participate in cybersecurity briefings this fall with representatives from our nation’s power companies and to also comment on a General Accounting Office (GAO) report on cybersecurity standards and regulations that will be released this fall. A follow-up meeting with committee staff will be scheduled before the end of this year to determine the Automation Federation’s future work with the Committee.

“Working closely with the Members of Congress is an important part of the Automation Federation’s goal of becoming the ‘Voice of Automation’ and the more we build on our meetings with the Members and the information resources we bring to the table, the more impact the Federation has on issues of importance to automation” said Mike Marlowe.