ISA Director: Oil & Gas facilities must take action now to protect against cyberattack
February 20, 2017 -- Patrick J. Gouhin, Executive Director and CEO of the International Society of Automation (ISA), speaking at a Bloomberg LIVE conference in Houston, Texas on the future of cybersecurity in the US oil and gas sector, urged energy executives to take action now to protect their facilities and operations from cyberattack.
“Given the increasing number of cyberattacks on oil and gas facilities, the importance of these facilities to the economy and national security, and the fact that there are effective cybersecurity standards for the energy industry available today, the time to act is now—not years in the future,” emphasized Gouhin, before an audience of approximately 100 senior technology executives and government officials.
Gouhin participated in a panel session that examined: the need for solutions that can both prevent a cyberattack from occurring and mitigate the damage if one does occur; and the future of cybersecurity strategies and defenses in the oil and gas industry given the absence of mandated standards and regulations.
Gouhin pointed to ISA’s series of industrial automation and control system (IACS) security standards— adopted internationally as ISA/IEC 62443—as a flexible framework for preventing and limiting potentially devastating cyber damage to the industrial systems and networks used in oil and gas facilities and other critical infrastructure.
Developed by leading international cybersecurity experts from industry, government and academia, ISA/IEC 62443 addresses industrial cybersecurity vulnerabilities across all key industry sectors and is regarded as the world’s only consensus-based series of IACS security standards.
IACS, such as supervisory control and data acquisition systems (SCADA), are relied upon to monitor and control the operation of industrial machinery and associated devices. Because most IACS are not designed to ensure resilience against cyberwarfare, an IACS cyberattack can impair and disable safe operations of industrial facilities. The consequences—which can include plant shutdowns, widespread power blackouts, explosions, chemical leaks and more—can place national and economic security as well as lives, personal safety and the environment at risk.
ISA/IEC 62443 enables owners and operators of critical infrastructure to achieve and maintain IACS security improvements through a lifecycle that integrates design, implementation, monitoring and continuous improvement.
ISA’s expertise in industrial cybersecurity standards has been honed through experience. Gouhin pointed out that ISA has been developing industry standards for more than 67 years, with 150 different standards in its portfolio, representing the knowledge of more than 4,000 industry experts worldwide.
He explained that while the US does not legally require implementation of industrial cybersecurity standards and best practices, the government has developed a voluntary plan to follow. The plan, known as the US Cybersecurity Framework, serves as a how-to guide for American industry and operators and owners of critical infrastructure to strengthen their cyber defenses.
Representatives of both ISA and its affiliate, the Automation Federation, served as expert consultants to the National Institute of Standards and Technology (NIST)—an agency of the US Department of Commerce—as it coordinated the development of the framework. The ISA/IEC 62443 series of IACS security standards are key components of the framework recommendations, which were made public in early 2014.
ISA’s leadership in industrial cybersecurity also prompted the US Army National Guard to select ISA as an industry partner. Last year, ISA provided control systems security training at the National Guard’s Cyber Shield 2016 exercise at Camp Atterbury, Indiana. More than 900 soldiers, airmen, Marines, sailors and civilians representing 47 states and territories participated at the event to assess their skills in responding to cyber-incidents on the National Guard computer network.
Furthermore, the Automation Federation is the host organization for the LOGIIC (Linking Oil and Gas Industry to Improve Cybersecurity) Program, an ongoing collaboration of major oil and natural gas companies and the US Department of Homeland Security, Science and Technology Directorate. LOGIIC undertakes collaborative research and development projects to improve the level of cybersecurity in critical systems of interest to the oil and natural gas sector.
ISA has leveraged ISA/IEC 62443 to develop industrial cybersecurity training courses, certificate programs and conformance certification
ISA has harnessed the ISA/IEC 62443 standards to develop a comprehensive set of industrial cybersecurity training courses and aligned certificate programs—covering the complete lifecycle of IACS assessment, design, implementation, operations and maintenance.
ISA’s suite of industrial cybersecurity courses include:
- Introduction to Industrial Automation Security and the ISA/IEC 62443 Standards (IC32C)
- Using the ISA/IEC 62443 Standards to Secure Your Control Systems (IC32)
- Using the ISA/IEC 62443 Standard to Secure Your Control Systems (IC32E - Online Version)
- Assessing the Cybersecurity of New or Existing IACS Systems (IC33)
- IACS Cybersecurity Design & Implementation (IC34)
- IACS Cybersecurity Operations & Maintenance (IC37)
ISA cybersecurity certificate programs are awarded to those who successfully complete the requirements of ISA’s related cybersecurity courses. Individuals who complete all four ISA certificate programs earn the designation of ISA/IEC 62443 Cybersecurity Expert. For more details on the four certificate programs and their aligned courses, visit www.isa.org/CYBERcertificate.
In addition, ISA has developed a certification program—ISASecure—that ensures that control systems conform to relevant ISA/IEC 62443 cybersecurity standards and apply to the security lifecycle concept that forms the basis of the standards.
Asset owners and integrators that include the ISASecure designation as a procurement requirement for control systems projects have confidence that the selected products are robust against network attacks and free from known vulnerabilities.
The International Society of Automation is a nonprofit professional association that sets the standard for those who apply engineering and technology to improve the management, safety, and cybersecurity of modern automation and control systems used across industry and critical infrastructure. Founded in 1945, ISA develops widely used global standards; certifies industry professionals; provides education and training; publishes books and technical articles; hosts conferences and exhibits; and provides networking and career development programs for its 40,000 members and 400,000 customers around the world.
ISA owns Automation.com, a leading online publisher of automation-related content, and is the founding sponsor of The Automation Federation, an association of non-profit organizations serving as “The Voice of Automation.” Through a wholly owned subsidiary, ISA bridges the gap between standards and their implementation with the ISA Security Compliance Instituteand the ISA Wireless Compliance Institute
MORE INDUSTRY NEWS
ISA Society Goes to Washington: Building America's Engineering Vision
By Paul Gruhn, ISA Society Leader
Pat Gouhin (ISA CEO and Executive Director), Robert Lindeman (AAES Board member and former ISA Society...
IFR Report: US automotive industry installs a new record of ~17,500 industrial robots in 2016
These are preliminary results published by the Statistical Department of the International Federation of Robotics (IFR). During the same period,...
Telit partners with Freudenberg IT to support IIoT device management
The cooperation between FIT and Telit will focus on transforming the business service and offerings of manufacturers, enabling them to capitalize...
Rotork actuators used to help upgrade Brazilian water treatment plant
Profibus DP enabled Rotork IQ multi-turn electric valve actuators were installed during the upgrade and expansion of the water treatment plant. The...
Opto 22 announces joining of The Linux Foundation
In joining The Linux Foundation, Opto 22 hopes to spearhead the adoption of open-source technology in the industrial automation and process control...
Rockwell to share digital automation solutions at Offshore Technology Conference
Visitors to the Rockwell Automation booth (NRG Center, Booth 847) will also learn about the latest control and safety solutions for subsea and...
Why the Transition to IIoT will be an Evolution, Not a Revolution
By Jason Andersen, Stratus Technologies
The vision of an intelligent, connected automation infrastructure has the potential to dramatically...
Will B&R acquisition give ABB a boost in industrial automation?
By Alex West, IHS Markit
Early this month ABB; a supplier of robotics, process automation, and electrification components, acquired B&R...
What Production Data is Necessary to Drive Your Industry 4.0 Agenda?
By Mathew Daniel, Sciemetric Instruments
Data, data and more data. It’s the hot topic in manufacturing today with all the hype and anxiety...
Emerging Efficiencies for Packaging Lines
By Tom Egan, PMMI, The Association for Packaging and Processing Technologies
Robotics, automatic labelers, smart packaging and digital printing...