Analysis
Attacks and Vulnerabilities
Control device security
Industrial Cyber Attacks
ISA/IEC 62443
News
OT Network security
Regulation, Standards and Compliance
Threat Landscape
Utilities: Energy & Power, Water, Waste
Vulnerabilities

New Electric Energy OT Security Profile working group set up as part of ISA99 standards committee

May 25, 2022
New Electric Energy OT Security Profile working group set up as part of ISA99 standards committee

The U.S. Department of Energy (DOE), global equipment suppliers, and other stakeholders announced on Tuesday setting up an Electric Energy OT Security Profile working group. The group will be hosted by the International Society of Automation ISA99 standards committee.

The Electric Energy OT Security Profile will be a cybersecurity work product utilizing the ISA/IEC 62443 series of standards. The final product will be a formal ISA/IEC 62443 application guide, recognized globally as the consensus work product for securing various control systems used in electric energy generation, transmission, and distribution operations.

The ISA Electric Energy OT Security Profile working group is seeking participation from industry groups, including the Institute of Electrical and Electronics Engineers (IEEE), the International Electrotechnical Commission (IEC), the International Council on Large Electric Systems (CIGRE), and other industry stakeholders. The move will help ensure consideration of and alignment with other cybersecurity work product development efforts.

“The Securing Energy Infrastructure Executive Task Force developed an OT-specific reference architecture for electricity systems to provide a common language for control system environments that can be used to design and assess security applications,” Puesh Kumar, director at the DOE Office of Cybersecurity, Energy Security, and Emergency Response (CESER), said in a media statement. “The ISA Working Group represents an opportunity to validate these profiles and put them into practice for the energy industry. CESER is excited to see energy sector stakeholders carrying forward the task force’s reference architecture work.”

“Global standards and supporting specifications provide efficiencies for end users, product suppliers, and system integrators that design, deliver, and support products and systems all around the world,” Eric Cosman, co-chair of the ISA99 Standards Committee, said. “One specification and one globally recognized certification provides needed transparency and reduces the regulatory burden on manufacturers,” he added.

The ISA/IEC 62443 standards are designated as horizontal standards, applicable to many industry sectors and applications. Industry groups leverage the ISA/IEC 62443 standard series as the basis for securing industrial control systems (ICS). DOE’s Securing Energy Infrastructure Executive Task Force (SEI ETF) evaluated available industry standards and recommended the electric energy OT applications be formalized as ISA/IEC 62443-5 security profile applications. The measure could help gain international energy sector consensus on applying ISA/IEC 62443 to electric energy OT applications.

The initiative will leverage the DOE SEI ETF’s Reference Architecture and Profiles for Electric Energy OT as a foundation for the ISA/IEC 62443-5 application profile development. The SEI Reference Architecture and Profiles and associated whitepaper will be available on the DOE website in the upcoming weeks.

The Electric Energy OT Security Profile will be publicly available at no charge for asset owners, manufacturers, standards organizations, and other industry stakeholders. The application profiles will be used as a basis for designing, implementing, testing, and maintaining electric energy OT systems and their cybersecurity capabilities. They will also be useful to third-party assessment organizations and regulatory authorities around the globe.

Last week, MITRE in partnership with the DOE’s CESER announced the expansion of the Common Weakness Enumeration/Common Attack Pattern Enumeration and Classification (CWE/CAPEC) program. Operated by the CISA-funded Homeland Security Systems Engineering and Development Institute (HSSEDI), the CWE/CAPEC program announces a new special interest group (SIG) focusing on security weaknesses in ICS and operational technology (OT) frameworks.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

CISA announces Cyber Storm IX cybersecurity exercise to strengthen national cyber readiness
CISA announces Cyber Storm IX cybersecurity exercise to strengthen national cyber readiness
New NSA guidance identifies need to update AI systems to address changing risks, bolster security
New NSA guidance identifies need to update AI systems to address changing risks, bolster security
Claroty’s Team82 details cyber attack by Blackjack hackers on Moscow's emergency detection systems
Claroty’s Team82 details cyber attack by Blackjack hackers on Moscow’s emergency detection systems
Kaspersky ICS CERT reports on escalating consequences of cyber attacks on industrial organizations
Kaspersky ICS CERT reports on escalating consequences of cyber attacks on industrial organizations
Continuous need to face challenges, build strategies across industrial cybersecurity amidst evolving threats
Continuous need to face challenges, build strategies across industrial cybersecurity amidst evolving threats
CISA partners with private sector after Sisense security breach, as critical infrastructure sector potentially impacted
CISA partners with private sector after Sisense security breach, as critical infrastructure sector potentially impacted
Forescout discloses Connect:fun exploitation campaign targeting organizations using Fortinet's FortiClient EMS
Forescout discloses Connect:fun exploitation campaign targeting organizations using Fortinet’s FortiClient EMS
CISA issues Emergency Directive 24-02 in response to Russian cyber threat targeting Microsoft email accounts
CISA issues Emergency Directive 24-02 in response to Russian cyber threat targeting Microsoft email accounts
European Commission recommends Coordinated Implementation Roadmap for transition to Post-Quantum Cryptography
European Commission recommends Coordinated Implementation Roadmap for transition to Post-Quantum Cryptography
HP details evolution of Raspberry Robin malware, shift in distribution method and threat landscape
HP details evolution of Raspberry Robin malware, shift in distribution method and threat landscape