ISASecure Embedded Controller Security Assurance Certification Framework approved

ISA Security Compliance Institute (ISCI) has formally approved an Embedded Controller Security Assurance (ECSA) Framework, identifying the embedded controller testing approach and high level criteria for passing or failing the ISASecure tests.


The ISA Security Compliance Institute (ISCI) has formally approved an Embedded Controller Security Assurance (ECSA) Framework, the group said in a statement today.

The ECSA Framework establishes important foundational definitions necessary for completion of the ISASecure ECSA test specification. It establishes the scope of the ISASecure test specification, and identifies the embedded controller testing approach and high level criteria for passing or failing the ISASecure tests.

A publicly available version of the ISASecure ECSA Framework describing the ECSA certification program will be published and posted on the ISCI website this month.

The detailed ISASecure ECSA certification includes three broad areas of assessment for embedded controllers - Security Functional Assessment, Protocol Robustness Testing, and Software Development Security Assessment. The ECSA test specification will undergo an independent review and is slated for completion at the end of third-quarter 2009.

Johan Nye, chairman of the ISCI Governing Board, says the certification program "will provide assurances to owner/operators that products meet known cyber security requirements based on industry standards."

The ISASecure test specification is designed to be used by suppliers in their product development and manufacturing processes to facilitate baseline security levels in Industrial Automation Control Systems (IACS) products, he says. The same ISASecure test specification will also be used by ISCI accredited independent labs to certify cyber security characteristics of IAC products using ISCI accredited test tools. ISASecure certification testing will commence in first-quarter 2010.

The ISA Security Compliance Institute was founded in 2007. Founding Members include Chevron, ExxonMobil Research and Engineering, Honeywell, Invensys Process Systems, Siemens, and Yokogawa. Key Technical Members include Exida, Mu Dynamics, Rockwell Automation, and Wurldtech Security Technologies, ISCI says.

Also read, from Control Engineering : , and see the

Industrial Cyber Security blog .

-Edited by Mark T. Hoske, editor in chief, Control Engineering

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Choosing controllers: PLCs, PACs, IPCs, DCS? What's best for your application?; Wireless trends; Design, integration; Manufacturing Day; Product Exclusive
Variable speed drives: Smooth, efficient, electrically quite motion control; Process control upgrades; Mobile intelligence; Product finalists: Vote now; Product Exclusives
Machine design tips: Pneumatic or electric; Software upgrades; Ethernet advantages; Additive manufacturing; Engineering Leaders; Product exclusives: PLC, HMI, IO
This article collection contains the 5 most referenced articles on improving the use of PID.
Learn how Industry 4.0 adds supply chain efficiency, optimizes pricing, improves quality, and more.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Cyber security cost-efficient for industrial control systems; Extracting full value from operational data; Managing cyber security risks
Drilling for Big Data: Managing the flow of information; Big data drilldown series: Challenge and opportunity; OT to IT: Creating a circle of improvement; Industry loses best workers, again
Pipeline vulnerabilities? Securing hydrocarbon transit; Predictive analytics hit the mainstream; Dirty pipelines decrease flow, production—pig your line; Ensuring pipeline physical and cyber security