UL panel upholds ISA appeal of UL cybersecurity standard

April 24, 2019 – An appeals panel formed by Underwriters Laboratories has ruled in favor of the International Society of Automation (ISA) in an appeal against UL 2900-2-2, Standard for Software Cybersecurity for Network-Connectable Devices, Part 2-2: Particular Requirements for Industrial Control Systems. UL was seeking approval of the document as an American National Standard, but ISA’s successful appeal prevents that status at this time.
ISA’s appeal was driven by an underlying goal in standards development—to avoid burdening users with overlapping and duplicating standards. ISA was specifically concerned about overlap with the widely used ISA/IEC 62443 series of standards on industrial automation and control systems security. The ISA/IEC standards are developed by the ISA99 standards committee as American National Standards with simultaneous review and adoption by the Geneva-based International Electrotechnical Commission through IEC partner committee TC65. With more than 900 members, ISA99 draws on the input of cybersecurity experts across the globe in developing the standards, which are applicable to all industry sectors and critical infrastructure.
ISA’s successful appeal asserted that UL failed to follow a key clause in its procedures as accredited by the American National Standards Institute (ANSI), intended to prevent duplication and overlap. ISA’s concern was shared by many, including leaders within IEC TC65 and by NEMA, the largest trade association of electrical equipment manufacturers in the US. A NEMA letter to UL in December 2017 had formally requested that “UL withdraw UL 2900-2-2 and … focus on the adoption of the relevant parts of the ISA/IEC 62443 series of standards.”
Prior to the appeal, UL acknowledged that it had missed earlier opportunities to identify potential overlap and duplication,” pointed out Charley Robinson, Director of ISA Standards. “However, UL declined an offer from ISA to drop the appeal if UL would agree to work with ISA99 to conduct a detailed gap analysis and comparison in order to revise UL 2900-2-2 to remove overlaps and make it truly complementary to the ISA/IEC 62443 series.” Had UL accepted the invitation, he added, it could have avoided a finding that the Appeals Panel failed “to find strong evidence of a good faith effort made by UL to collaborate and resolve duplication as required by ANSI once potential duplication was identified.”
“ISA continues to be willing to work with UL to make the UL document complementary to the ISA/IEC 62443 series,” stated long-time ISA99 co-chair Eric Cosman, an industrial cybersecurity consultant and retired Dow Chemical Engineering Fellow. “To that end, we invited UL once again to work with us as soon as the appeal decision was announced.”
Without approval as an American National Standard, the UL document is unlikely to achieve international standard status through the IEC. IEC TC65 leaders had previously made clear that the UL document would have little chance of achieving that status in any event, as in their view it would violate a long-standing IEC principle of “one standard, one test -- accepted everywhere.” That principle is vitally important to both end-user and supplier companies that sell and operate in multiple countries.
The ISA/IEC 62443 standards are recognized and applied by companies and organizations across the globe. The standards are cited throughout the US NIST Cybersecurity Framework, and are being integrated into the Common Regulatory Framework on Cybersecurity of the United Nations Economic Commission for Europe, which will establish a common legislative basis for cybersecurity practices within the massive EU trade markets.
About ISA
The International Society of Automationis a nonprofit professional association that sets the standard for those who apply engineering and technology to improve the management, safety, and cybersecurity of modern automation and control systems used across industry and critical infrastructure. Founded in 1945, ISA develops widely used global standards; certifies industry professionals; provides education and training; publishes books and technical articles; hosts conferences and exhibits; and provides networking and career development programs for its 40,000 members and 400,000 customers around the world.
ISA owns Automation.com, a leading online publisher of automation-related content, and is the founding sponsor of The Automation Federation, an association of non-profit organizations serving as “The Voice of Automation.” Through a wholly owned subsidiary, ISA bridges the gap between standards and their implementation with the ISA Security Compliance Instituteand the ISA Wireless Compliance Institute

Check out our free e-newsletters
to read more great articles.
MORE INDUSTRY NEWS
-
IFR Report: Korea hits record 300,000 industrial robots
Within five years, the country has doubled its number of industrial robots. Following Japan and China, the country ranked third in 2018. But the...
-
Senseye partners with ATS Global to accelerate smart factory strategies
ATS will support Senseye's clients with the design, implementation, or integration of automated machine data systems such as historians or...
-
ARC Advisory Group Report: ABB leads DCS market for 20th consecutive year
According to the report, ABB’s presence in many end-user industries was a major factor in this success. The DCS market saw its main growth in oil...
-
Zigbee Alliance announces IKEA as member of Board of Directors
This decision validates the IKEA’s commitment to universal open IoT standards for its smart home product offerings and complements IKEA’s...
-
NUM announces opening of Indian office
NUM AG has opened a branch in Bangalore in November 2019. With this expansion in Asia, the international company with headquarters in Teufen,...
RELATED
-
Industrial Internet Consortium and oneM2M release whitepaper on Advancing the Industrial Internet...
The joint whitepaper, “Advancing the Industrial Internet of Things,” written by the IIC and oneM2M, demonstrates how these two IoT...
-
Litum IoT helps Ferrero Group enhance worker tracking
Ferrero needed a way to confirm that all its employees could be safely accounted when an emergency evacuation was underway.
-
Association for Advancing Automation Report: North American machine vision market down in 2019
Machine vision systems saw a decrease of 2% year over year, at $599.9 million. This category includes smart cameras and application specific...
-
The Death of the Family Album: Specifying the right cleanroom environment
By Mark Howard, EU Automation
It is vital to understand how cleanrooms truly operate if you are to get the best out of yours. This article... -
Inside the Rise of 5G Industrial Automation Networking
By Bill Lydon, Automation.com
5G is starting to make the goal of wireless industrial automation a reality. Companies are already starting to...