Security: ISA Security Compliance Institute Proposed
Research Triangle Park, NC—At a May 2007 meeting with the ISA-sponsored Automation Standards Compliance Institute (ASCI), an ad-hoc group of users and suppliers of industrial automation technology and services moved forward with a plan to establish an ISA Security Compliance Institute.
Research Triangle Park, NC —At a May 2007 meeting with the ISA-sponsored Automation Standards Compliance Institute (ASCI) , an ad-hoc group of users and suppliers of industrial automation technology and services moved forward with a plan to establish an ISA Security Compliance Institute . The organization is seeking founding members. Its mission the proposed organization is to decrease the time, cost and risk of developing, acquiring, and deploying control systems by establishing a collaborative industry-based program among asset owners (users), suppliers, and other stakeholders.
The institute will be managed by ISA through the Automation Standards Compliance Institute (ASCI), an ISA-owned non-profit organizational entity that will assess automation-related standards compliance, in partnership with The Open Group , who will provide certification management expertise.
“The ISASecure designation that is expected to arise from the effort will identify and promote security standards conformant products and systems,” said ASCI managing director Andre Ristaino. “Certification provides the formal recognition of a product's conformance to an industry standard security specification, creating a key differentiator for the product.” Specifically, the program will:
Facilitate the independent testing and certification of control system products to a defined set of control system security standards;
Use existing control system security industry standards where available, develop or facilitate development of interim standards where they don't already exist, and adopt new standards when they become available; and
Accelerate the development of industry standards that can be used to certify that control systems products meet a common set of security requirements.
The standards, tests and conformance processes for control systems products will allow the products to be securely integrated. An ultimate goal of the organization is to push the conformance testing into the product development life cycle, so that the products are more intrinsically secure.
The rewards to the automation controls industry and consortium members are significant, according to ISA. For asset owners, a well designed and managed product security certification process results in reduced costs and time commitment in product selection and deployment. For suppliers and integrators, the certification process provides a single conformance framework and an industry stamp of approval, resulting in faster time to market and lower development and integration costs. For the standards bodies and government agencies developing industrial security specifications, the result will be better, field-tested standards that are clearly being followed by industry.
A membership prospectus summarizing the ISA Security Compliance Institute program scope, member benefits, and member commitments is being distributed to leading suppliers and users of automation controls. The prospectus solicits Founding Strategic Members, who will provide strategic direction and funding necessary to launch the activity. The due date for membership applications is Sept. 1, 2007. The consortium has a 21-month launch plan, with conformance certifications slated to begin in June 2009.
The ISA Security Compliance Institute will be managed by ISA through ASCI, in partnership with The Open Group, who will provide certification management expertise.
— Renee Robbins , editorial director, Control Engineering Daily News Desk
( Register here and scroll down to select your choice of eNewsletters free.)