The ISA99 standards committee and the NATO Energy Security Center for Excellence (NATO ENSEC COE) entered this week into an agreement to exchange information and collaborate on the application of industrial cybersecurity standards and guidelines in the energy sector.
The agreement with NATO ENSEC COE is the latest in a string of notable milestones in the development and global application of the ISA/IEC 62443 series of industrial cybersecurity standards. It comes after an earlier decision by the United Nations Economic Commission for Europe to integrate the ISA99 standards into its Common Regulatory Framework on Cybersecurity, which serves as an official UN policy position statement for Europe.
The ISA99 standards committee focuses its attention on enhancing the confidentiality, integrity, and availability of components or systems used for manufacturing or control, and provides criteria for procuring and implementing secure control systems. Compliance with the committee’s guidance will improve manufacturing and control systems electronic security and will help identify vulnerabilities and address them, reducing the risk of compromising confidential information or causing manufacturing control systems degradation or failure.
The ISA/IEC 62443 standards are developed primarily by the ISA99 committee with simultaneous review and adoption by the Geneva-based International Electrotechnical Commission (IEC). Standards are, essentially, a set of characteristics or quantities that describe features of a product, process, service, interface, or material. In addition to making life easier, they make it safer and enhance companies’ profitability.
Earlier this year, the ISA Global Cybersecurity Alliance (ISAGCA) intended to advocate the inclusion of the ISA/IEC 62443 series of cybersecurity standards in global policies that intend to improve critical infrastructure cybersecurity and publish a fully detailed, auditable cross-referencing guide that maps the ISA/IEC 62443 standards to other cybersecurity standards across multiple industries.
The ISA alliance also plans to issue comparison analysis reports that identify the implications of selecting and applying the ISA/IEC 62443 series of industrial cybersecurity standards and help minimize the effort it takes to comply with cybersecurity standards and policies.
NATO ENSEC COE became interested in applying the ISA/IEC 62443 standards during the course of a 2018-2019 cyber-risk study of the industrial control systems used in the NATO Central Europe pipeline system, according to Vytautas Butrimas, who spearheaded the agreement and now represents NATO ENSEC COE on ISA99.
“With this agreement,” Butrimas stated in a press statement, “we look forward to exploring new ways of collaboration with ISA to improve the safety, reliability, and performance of the backbone technologies that support economic activity, national security, and well-being of our societies.”