ISAGCA adds Matt Bohne, Chris McLaughlin to its Advisory Board Leadership for 2023-24

The ISAGCA (ISA Global Cybersecurity Alliance) announced its new advisory board leadership for 2023-2024 with Matt Bohne, vice president and chief product cybersecurity officer at Honeywell, taking charge as the chair. Chris McLaughlin, chief information security officer (CISO) at Johns Manville (JM) takes over as vice chair of the advisory board.

Chief among the goals of the ISAGCA includes broad awareness and understanding of the consensus-based cybersecurity standards for automation and control system applications ISA/IEC 62443 series. 

The ISAGCA has mapped the ISO/IEC 27001/2 standards for IT security in the office environment to ISA/IEC 62443, including a presentation at the North American Technology Forum (NATF) to demonstrate how the standards are aligned to support cybersecurity requirements. It also provided technical expertise with various groups, including the ​​NIST (National Institute of Standards and Technology), DHS (Department of Homeland Security), and SMART Grid Forum.

The collaborative forum to advance OT cybersecurity awareness, education, readiness, standardization, and knowledge sharing has also driven global reliance on ISA/IEC 62443 through national adoptions, the latest example being an approved proposal to adopt the standard in Malaysia. It is also pushing U.S. national reliance on ISA/IEC 62443 through incorporation by reference into other standards and codes, including the National Electrical Code.

The ISAGCA is also increasing awareness of ICS4ICS, a public-private partnership program for managing industrial cybersecurity incident response. The ISAGCA initiative has identified over 1,200 volunteers and interested parties contributing to its efforts to adopt the Incident Command System outlined by FEMA.

“ISAGCA is a critical voice in our industry advocating for OT cybersecurity standards and conformance, and I am honored to lead the Advisory Board alongside many of this industry’s thought leaders and experts,” Bohne said in a media statement last week. “Honeywell has been a member of ISAGCA since the consortium’s foundation, and I am excited about the opportunity to drive even more awareness of the ISA/IEC 62443 series of standards around the world.” 

“Industrial systems security has finally become a big part of the conversation that I am having with my peer CISOs,” according to McLaughlin. “ISAGCA has an opportunity to help organizations understand the ISA/IEC 62443 framework that they can use to help them secure their industrial assets. This is a great opportunity, and I am excited to continue my partnership with the community to keep us all safe and secure.”

“We are honored to have two of the industry’s most recognizable cybersecurity professionals as the new leaders of the ISAGCA Advisory Board,” Andre Ristaino, ISA managing director of global consortia and conformance programs, said. “ISAGCA was created to address cybersecurity threats and vulnerabilities that are clear and present dangers to our facilities, our processes, and the safety of our communities. With so much work to be done, we will benefit from the balance of a vendor and end-user in the Chair and Vice Chair roles respectively. Matt and Chris are extremely busy in their company roles, and we are grateful for their generous leadership commitment to ISAGCA.”

The ISAGCA also thanked its outgoing ISAGCA Chair Megan Samford, vice president, and chief product security officer for energy management at Schneider Electric. The alliance also acknowledged outgoing Vice-Chair, Sharul Rashid, head of technical excellence and group technical authority of instrumentation and control at PETRONAS. “Megan and Sharul have contributed more than we could have ever hoped in establishing the foundational successes for ISAGCA,” they added.

Also, last week, the International Society of Automation (ISA) Security Compliance Institute (ISCI) announced that IriusRisk SL has joined ISCI as a Technical Member in support of the ISASecure Cybersecurity Conformance Scheme.

IriusRisk has worked with several organizations to help them overcome the complexity of manual threat modeling with its IriusRisk Automated Threat Modeling platform, an automation engine, extensive security standards, and integration with issue trackers. The move will give engineering teams access to a self-service tool for designing secure applications, while the automation process can guide each company’s approach to compliance, and prioritize risk, based on each unique security, governance, and compliance requirement.

The ISASecure certification program is an industry-led effort composed of the leading stakeholders in the process industry. It assesses ICS products and systems to ensure they are robust against network attacks, free from known vulnerabilities, and meet the security capabilities defined in the ISA/IEC 62443 standards. The program includes end users in its certification development process. End-user members directly contribute to ISASecure certification development, ensuring their needs are reflected in the certification requirements.

“ISCI’s pursuit of better security standards across a broad range of industries is such important work,” Charles Marrow, head of the Center of Excellence at IriusRisk, said in a media statement. “Threat modeling and risk assessments can also play a pivotal role in this: all organizations operating in the industrial, automotive, transport, and medical industries should be doing it on a regular basis, building in security from the very beginning of the software development lifecycle.”

In February, the ​​International Society of Automation (ISA) and the ISCI announced their intention to create an all-new conformity assessment scheme for automation systems deployed at operating sites. The site assessment program is based on the ISA/IEC 62443 consensus-based automation and control systems cybersecurity standards. It will apply to all types of automation and control systems in industries ranging from traditional process industries to critical infrastructure such as oil and gas, chemicals, and water/wastewater.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.