Update to ISA/IEC 62443 Standards addresses organization-wide cybersecurity
The International Society of Automation (ISA) — the leading professional society for automation — has announced the publication of ANSI/ISA-62443-2-1-2024, “Security for industrial automation and control systems.” This is the latest update to the ISA/IEC 62443 series of standards, the widely used global consensus-based automation and control systems cybersecurity standards.
Addressing cybersecurity on an organization-wide basis can be a daunting challenge for companies that rely on industrial automation and control systems (IACS) in their manufacturing, processing and critical infrastructure operations. While no one-size-fits-all set of security practices can meet the widely varying security needs across global industry, ANSI/ISA-62443-2-1-2024 addresses the complexity by setting forth requirements for establishing, implementing, maintaining and continually improving a security program intended to reduce IACS security risks to tolerable levels.
The requirements are written to be implementation independent, allowing asset owners to select approaches most suitable to their needs. This update of the 2010 version provides significant technical changes including a revision of the requirement structure into security program elements and a maturity model for evaluating requirements.
The standards are developed by the ISA99 Standards Committee as American National Standards, with simultaneous review and adoption by the Geneva-based International Electrotechnical Commission. ISA99 draws on the input of cybersecurity experts across the globe in developing the standards, which are applicable to all industry sectors and critical infrastructure in providing a flexible and comprehensive framework to address and mitigate current and future security vulnerabilities in IACS.
“Security is a balance of risk versus cost, and each situation will be different,” said ISA99 Co-Chair Eric Cosman of OIT Concepts. “In some, the risk can be related to health, safety and environmental factors rather than purely economic impact — presenting the possibility of an unrecoverable consequence instead of a temporary financial setback. Thus, a predetermined set of mandatory security practices could be overly restrictive and costly — or else insufficient to address the risk. This newly updated standard provides the flexibility to reach the right level of risk versus cost for a given operation.”
To learn more about the ISA/IEC 62443 series of standards, visit www.isa.org/62443standards.
Related News
Related News
- ADNOC Gas awards $2.1 B in contracts to enhance LNG supply infrastructure
- U.S. Department of the Treasury releases final rules for clean hydrogen production tax credit
- Nicor Gas celebrates its first renewable natural gas interconnection
- EnviTec Biogas looks to expand biogas production into the U.S.
- Phillips 66 outlines nearly $3-B capital program for 2025
Comments