Selecting, engineering, implementing, and operating a control system is a significant, long-term investment. Yet applying a defense-in-depth strategy to protect the process from cybersecurity risks is another significant, long-term investment that can be made more complicated if the inherent security features of the control system are not strong, an industry expert said. Colin Prentice, an ISA99 expert at Emerson Automation Solutions, and OT cybersecurity leader in MEA region, stressed that emerging cybersecurity standards can help project personnel recognize process control systems that are cybersecure-ready. Working with automation suppliers and their customers, the International Society of Automation (ISA) developed the ANSI/ISA 62443 family of standards, aimed at guiding end users (or asset owners) in the best-practice application of cybersecurity principles and in choosing the control system possessing the features and functionality that help make it ready to be defendable against cyberattack. In addition, ISA has also established a cybersecurity conformity assessment program under the ISASecure brand. ISASecure product certifications help assure asset owners that their systems and automation products possess the security features required to deploy a defendable integrated control and safety system (ICSS), process control system (PCS), or safety instrumented system (SIS). These certifications give asset owners assurance that the products/systems are offered as a cyber-defendable solution and conform to the ISA/IEC 62443 standards. The ISASecure SDLA is a certification of the manufacturer's development and release processes — ensuring that the development processes used by the system manufacturer meet the security requirements of ISA/IEC 62443-4-1 using the ISASecure assessment specifications. Assessments are conducted by ISO/IEC 17065 accredited certification bodies (CB) on behalf of the ISASecure program. ISASecure CBs include globally recognized companies like TUV Rheinland, TUV SUD, CSA Group, and exida. To achieve ISASecure SSA, which is a product certification that applies to ICSS, PCS, and SIS, a system as a whole must go through the rigor of assessments to assure it provides a defendable solution. The SSA assessment process includes an audit of the product development process, assessment of security capability level for the product's intended use, and finally testing for known vulnerabilities and communication robustness. Components within a system are subjected to robustness testing in the SSA certification program based on the ISA/IEC 62443-3-3 and IEC 62443-4-1 standards. The goal of this certification is to make sure the control system reference architecture (COTS version) is designed such that the declared essential functions are protected at all times. ISASecure System Security Assessment (SSA) indicates a system can provide a defendable solution and includes certification of the manufacturer's development and release processes. An overall system architecture testing for the ISASecure certification involves making sure endpoints such as controllers are tested to verify that the system is defendable against common network cyberattacks such as malformed input message attacks. This kind of system-level cybersecurity strength brings higher availability, integrity, and network/communications security to the system and facility. Prentice explained that organizations such as the ISA99 committee create standards outlining a roadmap for system manufacturers and asset owners to prioritize cybersecurity across the system spanning the facility lifecycle. Independent certification bodies verify and award the certifications to system manufacturers. Their work reduces the effort required by the asset owner to know that the ICSS or other automation product — when properly used — can be a strong part of a process automation system that meets the security standard. Sharing the responsibility, control system manufacturers, the integrators, and the end users must deliver, install, commission, and maintain the control system according to the guidelines. The final architecture must be deployed by engineering project teams and maintained by users that understand the standards used in the ISASecure SSA certification, he elaborated. The ISA standards and ISASecure certifications help ensure and promote that facilities have strong cybersecurity foundations to defend and protect the process at the control-system level, Prentice further said. A certified process control system not only helps reduce the risks cyberattacks pose, but also aids a project team as they plot out the path toward cybersecurity. In partnership with the standards and the certified system, the project team and the asset owner take responsibility to form a critical layer of protection contributing to a well-designed and defendable process and facility, he added. — SG
