100% found this document useful (6 votes)

3K views81 pages

Applying ISA/IEC 62443 To Control Systems: Mesa Mesa

The document discusses applying cybersecurity standards like ISA/IEC 62443 to control systems. It provides an overview of process control system architectures and examples of security incidents involving infrastructure systems to demonstrate why security is important for control networks.

Uploaded by

sahil4IND

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

100% found this document useful (6 votes)

3K views81 pages

Applying ISA/IEC 62443 To Control Systems: Mesa Mesa

Uploaded by

sahil4IND

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 81

ApplyingISA/IEC62443to

ControlSystems
GrahamSpeake
PrincipalSystemsArchitectYokogawa
Additional
partnerlogos
l

MESAKNOWS

SUSTAINABILITY&ECOEFFICIENCY LEAN METRICS&PERFORMANCEMANAGEMENT

INFORMATIONINTEGRATION SAFETY ASSETPERFORMANCEMANAGEMENT B2MML
QUALITY&COMPLIANCE PRODUCTLIFECYCLEMANAGEMENT AUTOMATION

Doyouknow MESA?

GrahamSpeake
BScElectricalandElectronicsEngineer
g
16yearsexperienceincomputersecurity
12Yearsexperienceinautomationsecurity
p
y
WorkedforFordMotorCompany,ICS,ATOS
OriginandBP
Workedasanindependentconsultanton
financialsecurity
2
MemberofISA,ISCI,ISC
b
f
PrincipalSystemsArchitectatYokogawa

2
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

ACRONYMS

ThepowerofknowingwhatMESAKNOWS

Acronyms
Acronyms

SCADA,DCS,PCN,industrialautomation
SCADA
DCS PCN industrial automation
PLC,embeddedcontroller
Processcontroll
HMI
PI,Historian

4
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

Acronyms 2
Acronyms
2

Whitelisting
IDS
IPSS
phising

ThepowerofknowingwhatMESAKNOWS

Language difficulties
Languagedifficulties

Iamnotintheofficeatthemoment.Sendany
worktobetranslated
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

PROCESS CONTROL
PROCESSCONTROL

7
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

What do we mean by Process Control?

WhatdowemeanbyProcessControl?
Isthisprocesscontrol?

8
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

What do we mean by Process Control?

WhatdowemeanbyProcessControl?
Howaboutthese?

9
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

Process Control in this context is:

ProcessControlinthiscontextis:

10
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

Level Control Example

LevelControlExample
Variableflowintotank(ratenotunderourcontrol)
Asthelevelinthetankincreases,
thelevelcontrollerprogressively
openstheoutletvalvetomaintain
h
l
l
i i
thelevelinthetank.
Astheleveldecreases,the
controllerclosesthevalve
t ll
l
th
l

Set
Point

Level
Controller

ThepowerofknowingwhatMESAKNOWS

Control up to 60ss
Controlupto60
Pneumaticsignal
proportionaltothe
tanklevel
kl l

Thumbwheelon
controllerto
determineset
point

Variableflowintotank(ratenotunderour
control)

Pneumaticsignalfrom
controllertovalve

Level
Controller

ThepowerofknowingwhatMESAKNOWS

Control in the late 60ss&early70

Controlinthelate60
& early 70ss
100

Electricalsignal
proportionalto
thetanklevel

Electroniccontrollerlocatedremote
fromplantincontrolroom.Operatorset
pointentryisstillviathumbwheel
p
y

Electricalsignalfrom
controllertovalve

ThepowerofknowingwhatMESAKNOWS

The1970sTheDistributed
C t lS t
ControlSystem
AnOperatorStation,levelindicatedonascreen,operatorchanges
setpointviakeyboardforthefirsttime!

Data Hiway
DataHiway

BasicController

Electricalsignalsto/fromcontroller,
controller handles 8 loop at once
controllerhandles8loopatonce

ThepowerofknowingwhatMESAKNOWS

The1970sTheDistributed
C t lS t
ControlSystem
MultipleOperatorStations,oneoperatorcancontrolarefiningunit

DataHiway

BasicController
Basic
Controller
#1

BasicController
Basic
Controller
#2

BasicController
Basic
Controller
#32

ThepowerofknowingwhatMESAKNOWS

1980ssTheDCSevolves
1980
The DCS evolves
Businesssystems

Morepowerfulop
stns

LocalControlNetwork
Gateway

Gateway

Basic
Controller

Process
Manager

Basic
Controller

Process
Manager

Basic
Controller

Process
Manager

DataHiway
Copyright2012,MESAInternational

DataHiway

Gateway

UniversalControlNetwork
ThepowerofknowingwhatMESAKNOWS

1990ssCOTSarriveonthescene
1990
COTS arrive on the scene
BusinessNetwork

TCP/IP
ProcessControlNetwork
Gatewayto
G
t
t
business
systemsisaPC

OpStnisaPCwitha
VendorPCIcard

LocalControlNetwork

ThepowerofknowingwhatMESAKNOWS

2000sEverythingconnected!

Remote Users

www

System
Server

Supervisory
Controller

Operator
Stations
Engineering
Station

[to plant IT
network]

Remote
Server

PCN
Multi-loop
p
Controller
Direct I/O Module

Other Industrial Devices

2001, Security Arrives

2001,SecurityArrives
Businessnetwork

ThepowerofknowingwhatMESAKNOWS

Cyber Security Overview

CyberSecurityOverview

ChangingComplianceenvironment
NERC CIP ISO/IEC 17799 API 1164 NIST ISA
NERCCIP,ISO/IEC17799,API1164,NIST,ISA

MoreaggressiveorganizedCyberthreats
aweaponofmassdisruption..
President Obama May 29, 2009
PresidentObamaMay29,2009

Confluenceoftechnologies

Therearefewindustry
experts
IT
Enterprise
Security

Control
Systems

Controlsystemcyber
security
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

OVERVIEW OF ARCHITECTURE
OVERVIEWOFARCHITECTURE

ThepowerofknowingwhatMESAKNOWS

TwoTiered
Two
TieredNetworkArchitecture
Network Architecture

ThepowerofknowingwhatMESAKNOWS

ThreeTiered
Three
TieredNetworkArchitecture
Network Architecture

ThepowerofknowingwhatMESAKNOWS

WHY SECURITY?
WHYSECURITY?

ThepowerofknowingwhatMESAKNOWS

Incident: Sewage Spill in Australia

Incident:SewageSpillinAustralia
BetweenJanuary2000andApril
2000 th M
2000,theMaroochy
h Shiresewage
Shi
treatmentplantinQueensland,
Australiaexperienced47unexplained
faults.
faults
Millionsoflitersofrawsewage
spilledoutintolocalparks,riversand
even the grounds of a Hyatt Regency
eventhegroundsofaHyattRegency
hotel.
Marinelifedied,thecreekwater
turned black and the stench was
turnedblackandthestenchwas
unbearableforresidents,saidJanelle
BryantoftheAustralian
Environmental Protection Agency
EnvironmentalProtectionAgency.
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

Incident: Sewage Spill in Australia

Incident:SewageSpillinAustralia
OnOctober31,2001,VitekBodenwasconvictedof26countsof
willfullyusingarestrictedcomputertocausedamageand1count
illf ll
i
ti t d
t t
d
d1
t
ofcausingseriousenvironmentalharm.
Bodenworkedforthecontractorinvolvedintheinstallationofthe
sewage treatment plant in the state of Queensland in Australia He
sewagetreatmentplantinthestateofQueenslandinAustralia.He
leftthecontractorinDecember1999andapproachedtheshirefor
employment.Hewasrefused.
Bodenmadeatleast46attemptstotakecontrolofthesewage
systemduringMarchandApril2000.OnApril23,thedateof
Boden'slasthackingattempt,policewhopulledoverhiscarfound
radioandcomputerequipment.
LaterinvestigationsfoundBoden
Later investigations found Boden'sslaptophadbeenusedatthe
laptop had been used at the
timeoftheattacksandhisharddrivecontainedsoftwarefor
accessingandcontrollingthesewagemanagementsystem.

ThepowerofknowingwhatMESAKNOWS

Incident:VirusAttacksTrainSignaling
System
InAugust2003,acomputerviruswas
bl
blamedforbringingdowntrainsignaling
df b i i d
t i i li
systemsthroughouttheeasternU.S.The
signalingoutagebrieflyaffectedtheentire
CSXsystem,whichcovers23stateseastof
y
,
theMississippiRiver.
Thevirusinfectedthecomputersystemat
CSXCorp'sJacksonville,Fla.,headquarters,
shutting down signaling dispatching and
shuttingdownsignaling,dispatching,and
othersystemsatabout1:15amEDT,CSX
spokesmanAdamHollingsworthsaid,The
causewasbelievedtobeawormvirus
similartothosethathaveinfectedthe
systemsofmajorcompaniesandagenciesin
recentdays.

ThepowerofknowingwhatMESAKNOWS

Incident: Gasoline Pipeline Rupture

Incident:GasolinePipelineRupture

InJune1999,a16inchdiametersteelpipelineownedbyThe
Olympic Pipe Line Company ruptured and released about 237 000
OlympicPipeLineCompanyrupturedandreleasedabout237,000
gallonsofgasolineintoacreekthatflowedthroughWhatcomFalls
ParkinBellingham,Washington.
About11/2hoursaftertherupture,thegasolineignitedand
burned about 1 1/2 miles along the creek Two 10 year old boys
burnedabout11/2milesalongthecreek.Two10yearoldboys
andan18yearoldyoungmandiedasaresultoftheaccident.
Eightadditionalinjuriesweredocumented.
AsinglefamilyresidenceandthecityofBellingham'swater
treatmentplantwereseverelydamaged.Olympicestimatedthat
l
l d
d Ol
i
i
d h
totalpropertydamageswereatleast$45million.

ThepowerofknowingwhatMESAKNOWS

Incident: Gasoline Pipeline Rupture

Incident:GasolinePipelineRupture
OneofthecausesoftheaccidentwasOlympicPipe
LineCompany'spracticeofperformingdatabase
developmentworkontheSCADAsystemwhilethe
systemwasbeingusedtooperatethepipeline.
y
g
p
pp
Shortlybeforetherupture,newrecordsforpump
vibrationdatawereenteredintotheSCADAhistorical
database. The records were created by a pipeline
database.Therecordswerecreatedbyapipeline
controllerwhohadbeentemporarilyassignedasa
computersystemadministrator.
Accordingtotheaccidentreport,thedatabaseupdates
According to the accident report the database updates
ledtothesystem'sbecomingnonresponsiveata
criticaltimeduringpipelineoperations.
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

Incident:SasserWormDisrupts
CoastgaurdComputersinUK
d

InMay2004,coastguardstationsaroundtheUKwereseverelydisrupted
afteracomputerwormbroughtdownITsystems.TheSasser wormhitall
19coastguardstationsandtheservice'smainheadquarters,leavingstaff
reliantonpapermapsandpens.
TheMaritimeandCoastguardAgencysaidstaffhadrevertedtomanual
mapreadingassoonasitscomputerizedmappingsystemsstartedtofail.
Coastguardstaffwerestillabletousetelephonesandradiosbutfaxand
telexmachineshadbeenputoutofaction.
l
hi
h db
f i

ThepowerofknowingwhatMESAKNOWS

Accidental Incidents
AccidentalIncidents
Accidentalincidentsremainaseriousconcern:
Accidental incidents remain a serious concern:
PLCscrashedbyITsecurityaudit.
DCSdatafeedcausesgatewayfailure.
DCS data feed causes gateway failure
DuplicateIPaddresspreventsmachinestartup.
IPaddresschangeshutsdownchemicalplant.
IP dd
h
h t d
h i l l t

ThepowerofknowingwhatMESAKNOWS

Todayssthreats?
Today
threats?
Targetedattacks
Targeted attacks
Spearphising
Employees
l

ThepowerofknowingwhatMESAKNOWS

OVERVIEW OF ISA/IEC STANDARDS

OVERVIEWOFISA/IECSTANDARDS

ThepowerofknowingwhatMESAKNOWS

Overview

TheSituation
The
Situation
ChlorineTruckLoadingUseCase
Design&RiskManagementProcess
i & ik
Systemsvs.Zones&Conduits
DesignConsiderations
Security Level Vector Discussion
SecurityLevelVectorDiscussion

34
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

The Situation
TheSituation

TheProblem
Withsomanystandardsoutthere,howdoyoupickthebestone?
h
d d
h
h d
k h b
?
Onceyouvepickedasetofstandards,howdoyouapplythem?

SecurityStandards

ISA/IEC62443(13)
ISA/IEC
62443 (13)
ISO/IEC2700x(10+)
ITStandards
NISTFIPSandSP800(7+)
NERCCIP(8)
S
SmartGrid(?)
G id (?)
SectorSpecificStandards

Andthatsjustthesecuritystandards,thentakeintoaccountthe
functionalstandards

Wireless=ISA100.11a,WirelessHART,Zigbee,WiFi,Bluetooth
,
, g
,
,
Safety=ISA84,IEC61508/61511,DO254,OSHA
Management=ISO9000,14000,31000,50001,SixSigma
Andplentyofothers

35
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

ISA/IEC 62443 Series (Proposed)

ISA/IEC62443Series(Proposed)

36
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

Zones and Conduits

ZonesandConduits

37
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

Security Standards
SecurityStandards

Securitystandardsgenerallytellyouwhathastobedoneorspecified,but
dont tell you how to go about doing it
donttellyouhowtogoaboutdoingit
Functionalspecifications
Securitycontrols/countermeasures

Somestandardsshowagenericprocess,butleaveituptothereaderto
g
p
,
p
applyitintheircase
Afewusecasesexist,butmanytimestheseare:
Sectorspecific
Onlyapplyincertaincases
O l
l i
t i
Limitedinscope

Veryfewendusersdiscussthedetailsoftheirprocesses
Restrictinformationfrompotentialattackers
p

Almostnovendorsorsystemintegratorsdiscussthedetailsoftheir
processes
Restrictinformationfrompotentialcompetitors

38
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

Chlorine Truck Loading Use Case

ChlorineTruckLoadingUseCase
SettingtheStage
ISA99istryingtouseasingleusecasethroughouttheentire
seriestoshowhoweachpartofthestandardfitsintothe
process
Whilethechlorinetruckloadingexampleisrelatedtothe
Whil th hl i t k l di
l i l t d t th
chemicalindustry,theconceptspresentedcouldrelatetoany
industry
Theexampleallowsforsomewhatmorerealisticdiscussionsof
The example allows for somewhat more realistic discussions of
riskthaninanITfocused,DHSfocused,orpurelyhypothetical
example

Usecaseinearlydevelopmentandideaphase
y
p
p
Willtakequitealongtimetocompleteentireusecase
Differentpartsofusecasewillprobablyemergeatdifferent
times
39
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

ChlorineTruckLoadingUseCase:
TheNarrative
h

PharmaceuticalCompanyXYZCorp

Wantstostartproducingnewproduct(FixItAll)
d
d
(
ll)
Noroomfornewproductionplantatexistingfacilities
Chemicalprocessrequiresrelativelysmallamountsofchlorine
Existingfacilityproduceschlorineinlargeenoughquantities
g
yp
g
g q

XYZCorp considerstheiroptions
Conductsbusinessassessmentofbuildingnewfacility
Existingfacilitiesallnearspacecapacity
Newfacilityhasgoodaccesstoroads
N f ili h
d
d
Landissuitableandavailable
Existingchlorineproductionfacilityover50milesaway
Considersoptionsfortransportingchlorine
p
p
g
Pipeline
Rail
Truck

40
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

ChlorineTruckLoadingUseCase:
ThePlan
h l
Buildtruckloading/unloadingfacilities
Loading@existingfacility,unloading@newfacility
Unmannedexceptduringloading/unloadingoperations
Hazardouschemicalrequiresspecialhandling&safety

Generationsofequipment
G
ti
f
i
t
Existingfacilityuseslegacyequipment(brownfield)
Newfacilitydesignedwithcurrenttechnology(greenfield)

Facilitymonitoring&control
Facility monitoring & control
Unmanned centralizedmonitoring@controlcenter
Manned&operational localcontrolwithbothlocal&centralized
monitoring

Attachedtobusinesssystems
Billing&logistics
Inventorytracking
y
g
41
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

ChlorineTruckLoadingUseCase:
DesignConsiderations
d
Systemsneeded
Syste s eeded

SafetyInstrumentedSystem(SIS)
BasicProcessControlSystem(BPCS)
Controlcenter
PlantDMZ
Enterprisesystems

LevelofSISintegrationwithBPCS?
Airgapped
Ai
d
Interfaced
Integrated
42
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

InitialDesignProcess:
IdentifytheControlAssets
d
f h
l
ProcessEquipment

PumpController
Transmitters
BlockandControlValves

BPCS&SIS

FunctionalSafetyPLC
ControlPLC
EngineeringWorkstation(s)
InstrumentAssetManagementSystem
HumanMachineInterface(s)

C t lC t
ControlCenter

ControlCenterWorkstations

PlantDMZ

DataHistorian

Enterprise
i

EnterpriseWebServer
EnterpriseWLAN
BusinessLogisticsSystem
Billing S stem
BillingSystem

43
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

NOW WHAT???
NOWWHAT???

44
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

Design Process
DesignProcess
Nowthatthebusinesscaseandsomeinitialdesign
ideashavebeenputdown,wheredoyougofrom
here?
A. Designthecontrolsystemwithoutworryingaboutthe
g
y
y g
security?
B. Designeverythingsosecurethatitbecomesunusable?
C Throwinfirewallseverywhere?
C.
Throw in firewalls everywhere?
D. Conductadetailedriskassessmentatthedevicelevel?
E. Conductamultistageriskassessmentstartingwiththe
top level and working down to the low level as the design
toplevelandworkingdowntothelowlevelasthedesign
progresses?

Generally,theISA99approachbeginswithE
45
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

ModifiedISO/IEC27005Risk
ManagementProcess
ISA99,WorkingGroup2
workingonmodified
ki
difi d
ISO/IEC27005risk
managementprocess
U
Usesbasicshellfrom27005
b i h ll f
27005
Modifiesitformultistage
riskassessmentprocess
Discussesjumpinpoint
Discusses jump in point
Relatesriskmanagement
processtooverallcyber
security management
securitymanagement
systemdesignprocess
Businessplanning
Changemanagement
Decommissioning
46
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

Systems vs. Zones & Conduits

Systemsvs.Zones&Conduits
SystemsZones
Conductingasystembreakdownmaygivesomeindicationoffuture
zones,butthereisnodirectonetoonecorrelationbetweenthetwo
Systems=Collectionsofequipment/assetsthatlogicallyfunction
together to perform at least one task
togethertoperformatleastonetask
Zones=Collectionsofequipment/assetsthatlogicallyhavesimilar
securityrequirements

Systembreakdownhelpstoidentifydifferentsetsofequipment
d i
duringtheriskassessmentphase
h ik
h
Zonesarecreatedaftertheriskassessmentphasebasedonthe
particularsecurityrequirementsforthatsetofequipment/assets
Conduitsareaspecialkindofzonecontainingacommunication
C d it
i l ki d f
t i i
i ti
channel

47
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

DesignConsiderations:SISAirGapped
vs Interfaced vs Integrated
vs.Interfacedvs.Integrated

48
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

SecurityLevelVector
Discussion
i
i
IndustrialSecurityIsnt
AlwaysAboutDeath&
y
Dismemberment
Somesecurityconceptsdont
fitintothatmodel

UsetheFoundational
h
d
l
RequirementstoEngineer
theSystemSecurity
Id
Identification&
tifi ti &
AuthenticationControl
UseControl
SystemIntegrity
y
g y
DataConfidentiality
RestrictedDataFlow
TimelyResponsetoEvents
ResourceAvailability
49
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

SecurityLevelVector
Discussion
i
i
Howwilltheswitchesaffect
the security of the BPCS &
thesecurityoftheBPCS&
SIS?
Highavailabilityisfairly
common
Uncommonforswitchesto
havegoodaccesscontrol
(natively)
Confidentialitydepends,is
SNMPenabledANDsecured?
Ifswitchfailscompletely,what
h
happenstosystemintegrity?
i
i ?
Whataboutintermittent
failures,orbadports? What
aarethesafetyimplications?
e t e sa ety p cat o s
50
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

SecurityLevelVector
Discussion
i
i
Now,whataboutother
components?
Howdoeachofthe
component capabilities
componentcapabilities
rollintoasystem
capability?
Mathematical/Additive?
/
Qualitativeassessmentof
capabilities?
p

Howdocapabilities
relatetoachieved
securitylevels?
i l l?
51
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

SecurityLifecycles
Product
Development
Lifecycle

System
Integration
Lifecycle

System/Project
Lif
Lifecycle
l

52
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

Security Lifecycle
SecurityLifecycle
Business
Planning

Detail
Planning
Facility
Planning

Construction

Implementation

Facility
Operations

Startup&
Commissioning

Facility
Decommissioning

Product
Supplier

Engineering
Entity

Asset
Owner
53
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

ISASECURITYCOMPLIANCE
ISA
SECURITY COMPLIANCE
INSTITUTE(ISCI)ORGANIZATION
54
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

An ISA Owned Organization

AnISAOwnedOrganization
Automation
Standards
Compliance
Institute

ISA

ISA Security Compliance Institute

Interest Group

Industrial
Interoperability

Wireless

Other Interest
Groups

Governing Board

Technical Steering
g
Committee

Working
g
Groups

55
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

ISA Security Compliance Institute (ISCI)

ISASecurityComplianceInstitute(ISCI)
WhoWeAre
ConsortiumofAssetOwners,Suppliers,andIndustryOrganizationsformedin
2007undertheISAAutomationStandardsComplianceInstitute(ASCI):
Mission
i i
Establishasetofwellengineeredspecificationsandprocessesforthetesting
andcertificationofcriticalcontrolsystemsproducts
Decreasethetime,cost,andriskofdeveloping,acquiring,anddeploying
controlsystemsbyestablishingacollaborativeindustrybasedprogram
among asset owners suppliers and other stakeholders
amongassetowners,suppliers,andotherstakeholders

56
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

ISCI Member Companies

ISCIMemberCompanies

ISCImembershipisopentoallorganizations
Strategicmembershiplevel
b h l l
Technicalmembershiplevel
Informationalmembershiplevel

Currentmembership

Chevron
Egemin
exida
ExxonMobil
Honeywell
Invensys
Siemens
Yokogawa
IPA
ISA99/ISCI J i W ki G
ISA99/ISCIJointWorkingGroupLiaison
Li i

57
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

ISASecure Designation
Trademarkeddesignationthatprovidesinstant
recognitionofproductsecuritycharacteristicsand
iti
f
d t
it h
t i ti
d
capabilities.
IndependentIndustrystampofapproval.
SimilartoSafetyIntegrityLevelCertification
(ISO/IEC61508).
58
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

ANSI/ACLASSAccreditedConformance
Scheme
h
ISASecure EmbeddedDeviceSecurityAssurance(EDSA)
y
(
)
certificationaccreditedasanISO/IECGuide65conformance
schemebyANSI/ACLASS.ThisincludesbothISO/IEC17025and
ISO/IEC 17011
ISO/IEC17011.
Gotowww.ansi.org/isasecure fordetails.
1.ProvidesglobalrecognitionforISASecure certification
2 Independent CB accreditation b ANSI/ACLASS
2.IndependentCBaccreditationbyANSI/ACLASS
3.ISASecure canscaleonaglobalbasis
4 Ensures certification process is open fair credible and
4.Ensurescertificationprocessisopen,fair,credible,and
59

robust.

ThepowerofknowingwhatMESAKNOWS

Why Do We Need Secure Devices

WhyDoWeNeedSecureDevices
Increased
IncreasedIndustrialControlSystemexploits
Industrial Control System exploits
andattacks
Stuxnet
Nearly40exploitsreleasedrecently

Hackerconferencesstartingtohavecontrol
g
systemtracks
BlackHat
HackerHalted

ControlsystemsusingstandardITdevices
y
g
60
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

ISASecureCertification Specification
Process
ISCIboarddefinesscopeandworkprocess
p
p
Technicalsteeringcommitteemanagesworkinggroups
whodraftspecifications
Specificationsreviewedbyexternal3rd partyifrequired
VotedandapprovedbyfullISCIvotingmembership
ApprovedspecificationsadoptedbyISCIGoverning
A
d
ifi ti
d t d b ISCI G
i
Boardandpostedonwebsite
Specificationsdevelopedto
Specifications developed todate
datehavebeendonatedto
have been donated to
ISAforsubmissiontotheISA99StandardsCommittee

61
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

ISASecureVendorDeviceApproval
Process
VendorsubmitsdevicetoANSIACLASScharted
lab
Chartedlabcompletesthreepartassessment
Physicallyevaluatesdeviceforfunctionalsecurity
h
ll
l
d
f f
l
(FSA)
Conductscommunicationrobustnesstest(CRT)using
(
)
g
ISCI appovedtesttool
Chartedlabcompletesvendoraudit(SDSA)on
software development practices
softwaredevelopmentpractices

Chartedlabissuesfinalassessmentreportand
certificationuponsuccessfultestandaudit
62
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

ISA 62443/99 Work Products

ISA62443/99WorkProducts

63
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

ISCI Program Outreach

ISCIProgramOutreach
Websitewww.isasecure.org
ISASecure EDSACertificationSpecificationsand
Program Definition Documents Approved and
ProgramDefinitionDocumentsApprovedand
postedforpublicaccessatwww.isasecure.org
ISCIBoarddonatedEDSAFSAandSDSAtechnical
dd
d
d
h
l
specificationtoISA99CommitteeviaISA99ISCI
JointWorkingGroup
WebinarSeriesthroughout2011
64
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

ISASECURE EMBEDDEDDEVICE
SECURITYASSURANCEPROGRAM
65
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

Embedded Device
EmbeddedDevice
Specialpurposedevicerunningembedded
softwaredesignedtodirectlymonitor,controlor
actuateanindustrialprocess
Examples:

ProgrammableLogicController(PLC)
DistributedControlSystem(DCS)controller
S f t L i S l
SafetyLogicSolver
ProgrammableAutomationController(PAC)
IntelligentElectronicDevice(IED)
DigitalProtectiveRelay
S
SmartMotorStarter/Controller
S
/C
ll
SCADAController
RemoteTerminalUnit(RTU)
Turbinecontroller
Vibrationmonitoringcontroller
Compressorcontroller

66
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

EmbeddedDeviceSecurityAssuranceCertification

Integrated Threat Analysis

(ITA)
SoftwareDevelopmentSecurity
Assurance(SDSA)

DetectsandAvoidssystematicdesignfaults
Thevendorssoftwaredevelopmentandmaintenance
processesareaudited
Ensurestheorganizationfollowsarobust,securesoftware
developmentprocess
DetectsImplementationErrors/Omissions

FunctionalSecurityAssessment
(FSA)

A
Acomponent
componentsssecurityfunctionalityisauditedagainstits
security functionality is audited against its
derivedrequirementsforitstargetsecuritylevel
Ensurestheproducthasproperlyimplementedthesecurity
functionalrequirements
Identifies vulnerabilities in networks and devices
Identifiesvulnerabilitiesinnetworksanddevices

CommunicationsRobustness
Testing(CRT)

Acomponentscommunicationrobustnessistestedagainst
communicationrobustnessrequirements
Testsforvulnerabilitiesinthe4layersofOSIReference
Model

ThepowerofknowingwhatMESAKNOWS

ISASecure Levels

SDSA
FSA
CRT

LEVEL 3

Requirements Necessary to Achieve Certification Levels

Level 1 Level 2 Level 3
Total Count in Specification
130
149
170
170
20
49
82
82
All

All

CRT Common Specification plus LEVEL 2

all 6 Protocol CRT Specifications

LEVEL 1

SoftwareDevelopment
p
SecurityAssessment
FunctionalSecurity
Assessment

SoftwareDevelopment
SecurityAssessment

FunctionalSecurity
Assessment

FunctionalSecurity
Functional
Security
Assessment

CommunicationRobustnessTesting

ThepowerofknowingwhatMESAKNOWS

CommunicationsRobustnessTest(CRT)

Measurestheextenttowhichnetworkprotocolimplementationsonanembedded
device defends themselves and other device functions against unusual or
devicedefendsthemselvesandotherdevicefunctionsagainstunusualor
intentionallymalicioustrafficreceivedfromthenetwork.
Inappropriatemessageresponse(s),orfailureofthedevicetocontinueto
adequately maintain essential services, demonstrates potential security
adequatelymaintainessentialservices,demonstratespotentialsecurity
vulnerabilitieswithinthedevice.

CommunicationRobustnessTesting

ThepowerofknowingwhatMESAKNOWS

FunctionalSecurityAssessment(FSA)
SecurityFeatureTests

Purpose:
Verificationandvalidationthatthedeviceorsystemundertest
incorporatesaminimumsetofsecurityfeaturesneededtocounteract
commonsecuritythreats
Composition
Setofrequirements,derivedfromexistingreferencestandardsand
traceabletosourcestandard
Oneormoreacceptablesolutions(countermeasures)identifiedfor
eachrequirement
Ifapplicable,procedurestoverifytherequirementhasbeensatisfied
Functional Security Assessment
FunctionalSecurityAssessment

ThepowerofknowingwhatMESAKNOWS

SoftwareSecurityDevelopmentAssessment

SecureSoftwareEngineering
Purpose:
Verificationandvalidationthatsoftwareforthedeviceorsystem
undertestwasdevelopedfollowingappropriateengineeringpractices
p
g pp p
g
gp
tominimizesoftwareerrorsthatcouldleadtosecurityvulnerabilities
Composition
Setofrequirements,derivedfromexistingreferencestandardsand
Set of requirements derived from existing reference standards and
traceabletosourcestandard(IEC61508,ISO/IEC15408)
Oneormoreacceptableargumentsidentifiedforeachrequirement

SoftwareDevelopmentSecurityAssessment

ThepowerofknowingwhatMESAKNOWS

Security Development Lifecycle

SecurityDevelopmentLifecycle
Thisphasespecifiesaprocessforplanningandmanagingsecuritydevelopmentactivitiestoensurethatsecurityisdesigned
intoaproduct.Forexample,thisphaseincorporatesrequirementsthatthedevelopmentteamhaveasecuritymanagement
SecurityManagement
planandthatthedevelopersassignedtotheprojectarecompetentandhavebeenprovidedbasictrainingingoodsecurity
Process
engineeringpracticesandprocesses.Alsoincludesrequirementsthattheprojectteamcreatesandfollowsaconfiguration
managementplan.
Mostvulnerabilitiesandweaknessesinsoftwareintensiveinformationsystemscanbetracedtoinadequateorincomplete
SecurityRequirements
requirements.Thisphaserequiresthattheprojectteamdocumentcustomerdrivensecurityrequirements,securityfeatures
Specification
andthepotentialthreatsthatdrivetheneedforthesefeatures.
Softwarearchitecturefacilitatescommunicationbetweenstakeholders,documentsearlydecisionsabouthighleveldesign,
SoftwareArchitectureDesign
Software
Architecture Design andallowsreuseofdesigncomponentsandpatternsbetweenprojects.Thisphaserequirestheprojectteamdevelopatop
and allows reuse of design components and patterns between projects This phase requires the project team develop a top
levelsoftwaredesignandensuresthatsecurityisincludedinthedesign.
SecurityRiskAssessmentand Thisphaserequirestheprojectteamdeterminewhichcomponentscanaffectsecurityandplanwhichcomponentswillrequire
ThreatModeling
securitycodereviewsandsecuritytesting.Alsorequiresthatathreatmodelbecreatedanddocumentedfortheproduct.
DetailedSoftwareDesign

Thisphaserequirestheprojectteamdesignthesoftwaredowntothemodulelevelfollowingsecuritydesignbestpractices.

DocumentSecurity
Document
Security
Guidelines
SoftwareModule
Implementation&
Verification

Thisphaserequirestheprojectteamcreateguidelinesthatusersoftheproductmustfollowtoensuresecurityrequirements
This
phase requires the project team create guidelines that users of the product must follow to ensure security requirements
aremet.

SecurityIntegrationTesting

Thisphaserequiresthattheprojectteamperformsecurityspecifictestssuchasfuzztestingandpenetrationtesting.

Thisphaserequirestheprojectteamimplementdesignbywritingcodefollowingsecuritycodingguidelines.Itensuresthat
softwaremodulesareimplementedcorrectlybyconductingsecuritycodereviews,staticanalysisandmoduletesting.

SecurityProcessVerification Thisphaserequiresanindependentassessmentthatallrequiredsoftwaredevelopmentprocesseshavebeenfollowed
Thisphaserequirestheprojectteamestablishaprocesstobeabletoquicklyrespondtosecurityissuesfoundinthefieldif
andwhentheyhappen.
Thisphaserequiresthattheprojectteamconfirmthatallsecurityrequirementshavebeenmetpreferablybytestorby
SecurityValidationTesting
analysis.
Thisphaserequirestheprojectteamrespondtosecurityproblemsinthefieldbytakingactiontobothpreventativeand
SecurityResponseExecution
correctiveaction.
SecurityResponsePlanning

72
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

EDSACertificationProcess
Typical Chartered Lab Level of Effort in Man Weeks
Level 1

Level 2

Level 3

1 - 2 weeks

CRT test all

accessible TCP/IP
interfaces

Perform FSA on
device and all
interfaces

< 1 week

1 week

1 2 weeks

3
3.

Audit
A
dit suppliers
li
software
development
process

1 week
k

1 2 weeks
k

Perform ITA and

issue report

1 week

3 5 weeks

4 6 weeks

4 10 weeks

ThepowerofknowingwhatMESAKNOWS

WHY ISASECURE?
WHYISASECURE?

74
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

Benefits
Enduser
End
user

Supplier

Easytospecify
Buildsecurityrequirement
intoRFP
ReducedtimeinFAT/SAT
Knowsecurityleveloutof
i l l
f
thebox

Evaluatedonce
Recognitionforeffort
Buildinsecurity
Productdifferentiator

75
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

WHOTOCONTACTFORMORE
WHO
TO CONTACT FOR MORE
INFORMATION
76
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

Who to Contact to Certify Products

WhotoContacttoCertifyProducts
ISASecure EDSACharteredLab
exida
JohnCusimano
DirectorofSecurityServices
Phone:(215)4531720
Fax:(215)2571657
E il j i
Email:jcusimano@exida.com
@ id
Website:http://www.exida.com
77
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

Who to contact for CRT Test Tool

WhotocontactforCRTTestTool
http://www wurldtech com
http://www.wurldtech.com
WurldtechSecurityTechnologies,Inc.
ld h S
i
h l i
GregMaciel
A hill S l M
AchillesSalesManager
Phone:(949)3004040
Email: gmaciel@wurldtech com
Email:gmaciel@wurldtech.com

78
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

Who to contact for ISCI Membership

WhotocontactforISCIMembership

AndreRistaino
ManagingDirector,ASCI
DirectPhone:9199909222
Fax:9195498288
Email aristaino@isa org
Email:aristaino@isa.org
Website:http://www.isasecure.org
79
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

Q&A

Questions?

80
Copyright2012,MESAInternational

ThepowerofknowingwhatMESAKNOWS

Cyber Crimes Cyber Laws and Intellectual Property Rights
100% (1)
Cyber Crimes Cyber Laws and Intellectual Property Rights
60 pages
Pega Scenario Based Interview Questions
100% (1)
Pega Scenario Based Interview Questions
25 pages
Isa 62443-3-2
100% (2)
Isa 62443-3-2
40 pages
DS - en Iec 62443-2-4 - 2024
100% (3)
DS - en Iec 62443-2-4 - 2024
100 pages
2024 LG Commercial TV E-Catalog (Low) - 20240307
100% (1)
2024 LG Commercial TV E-Catalog (Low) - 20240307
28 pages
Training - Day 2 v1.3
100% (2)
Training - Day 2 v1.3
70 pages
2021-Impact of BIM Based Quantity Take Off For Accuracy of Cost Estimation
No ratings yet
2021-Impact of BIM Based Quantity Take Off For Accuracy of Cost Estimation
15 pages
Mustard, Steve - Industrial Cybersecurity Case Studies and Best Practices-IsA - International Society of Automation (2022)
No ratings yet
Mustard, Steve - Industrial Cybersecurity Case Studies and Best Practices-IsA - International Society of Automation (2022)
346 pages
Industrial Network Security Architecture
100% (3)
Industrial Network Security Architecture
96 pages
IEC 62443 Guidelines
100% (4)
IEC 62443 Guidelines
85 pages
IEC 62443-2-4 Security Program Requirements For IACS Service Providers
88% (8)
IEC 62443-2-4 Security Program Requirements For IACS Service Providers
94 pages
ISA IEC 62443 Cybersecurity Certification - A Guide
75% (4)
ISA IEC 62443 Cybersecurity Certification - A Guide
19 pages
Cyber-Security of SCADA and Other Industrial Control Systems
100% (10)
Cyber-Security of SCADA and Other Industrial Control Systems
368 pages
Isa 62443-3-3-2013
50% (2)
Isa 62443-3-3-2013
84 pages
1st CD 62443-6-1
100% (2)
1st CD 62443-6-1
90 pages
Isa Iec 62443 Standard
100% (4)
Isa Iec 62443 Standard
36 pages
Applying ISA-IEC 62443 To Control Systems - Yokogawa (PDFDrive)
No ratings yet
Applying ISA-IEC 62443 To Control Systems - Yokogawa (PDFDrive)
81 pages
Isa 62443-2-4
No ratings yet
Isa 62443-2-4
96 pages
Isa 62443-2-3
100% (1)
Isa 62443-2-3
70 pages
Liebert Ac4 User Manual PDF
No ratings yet
Liebert Ac4 User Manual PDF
89 pages
IEC62443 Knowldge Check (IC32,33,34,37 Questions)
0% (1)
IEC62443 Knowldge Check (IC32,33,34,37 Questions)
19 pages
Aplicacion Isa 95
100% (1)
Aplicacion Isa 95
64 pages
ISA 62443 Controls
100% (1)
ISA 62443 Controls
96 pages
PQ CP-305 System Doc 31.05.2016
No ratings yet
PQ CP-305 System Doc 31.05.2016
89 pages
E4 E5 EWS CORE Qstns-1
80% (10)
E4 E5 EWS CORE Qstns-1
70 pages
GCP Sample Questions
No ratings yet
GCP Sample Questions
5 pages
Tuvit Whitepaper Iec62443
100% (2)
Tuvit Whitepaper Iec62443
31 pages
Establishing Zones and Conduits
100% (5)
Establishing Zones and Conduits
42 pages
CIARA 62443 Risk Assessment
100% (4)
CIARA 62443 Risk Assessment
17 pages
IEC62443
0% (1)
IEC62443
2 pages
Topic 3.2-ISA-IEC 62443 Odt
No ratings yet
Topic 3.2-ISA-IEC 62443 Odt
42 pages
Omnichannel Retailing
No ratings yet
Omnichannel Retailing
9 pages
I Supplier
100% (1)
I Supplier
16 pages
SolidCAM 2021 Multiblade Machining
No ratings yet
SolidCAM 2021 Multiblade Machining
47 pages
Huawei Optix RTN 900
100% (4)
Huawei Optix RTN 900
89 pages
ICS Risk & Compliance - R2
100% (1)
ICS Risk & Compliance - R2
23 pages
Samsung Galaxy s9 Quick Reference Manual
No ratings yet
Samsung Galaxy s9 Quick Reference Manual
23 pages
Cybersecurity Training: Safeguarding Industrial Automation and Control Systems
No ratings yet
Cybersecurity Training: Safeguarding Industrial Automation and Control Systems
12 pages
Boomi Q&A Flashcards - Quizlet
No ratings yet
Boomi Q&A Flashcards - Quizlet
11 pages
ISA99/IEC 62443: A Solution To Cyber-Security Issues?: District 12 & Qatar Section
100% (1)
ISA99/IEC 62443: A Solution To Cyber-Security Issues?: District 12 & Qatar Section
52 pages
Quick Start Guide:: An Overview of Isasecure Certification
No ratings yet
Quick Start Guide:: An Overview of Isasecure Certification
20 pages
Wire EDM Features - Suzhou Baoma Numerical Control Equipment Co., LTD
No ratings yet
Wire EDM Features - Suzhou Baoma Numerical Control Equipment Co., LTD
4 pages
The ISA/IEC 62443 Series: Security For Industrial Automation and Control Systems (IACS)
No ratings yet
The ISA/IEC 62443 Series: Security For Industrial Automation and Control Systems (IACS)
1 page
Specific Security Requirements For ICS-Presentation ISA PDF
No ratings yet
Specific Security Requirements For ICS-Presentation ISA PDF
44 pages
01 Introduction To CIM October 2010
No ratings yet
01 Introduction To CIM October 2010
118 pages
Modbus TCP Message Between Micro800 Master To MicroLogix1400 Slave
No ratings yet
Modbus TCP Message Between Micro800 Master To MicroLogix1400 Slave
12 pages
Vishal Resume Fina v1
No ratings yet
Vishal Resume Fina v1
2 pages
Isa 62443 3 3 2013 PDF
No ratings yet
Isa 62443 3 3 2013 PDF
43 pages
Sectrio - IEC 62443 2 1
No ratings yet
Sectrio - IEC 62443 2 1
20 pages
9) Front End Processor
No ratings yet
9) Front End Processor
23 pages
2018 IEC 62443 and ISASecure Overview - Suppliers Persp
100% (2)
2018 IEC 62443 and ISASecure Overview - Suppliers Persp
25 pages
Whitepaper Industrial Security Based On IEC 62443
100% (1)
Whitepaper Industrial Security Based On IEC 62443
32 pages
KUWAIT
No ratings yet
KUWAIT
3 pages
Hot To Implement 62443
No ratings yet
Hot To Implement 62443
24 pages
Mesatutorial - Isa95 Enterprise Integration
100% (1)
Mesatutorial - Isa95 Enterprise Integration
64 pages
Presentation On Input and Output Devices-2
No ratings yet
Presentation On Input and Output Devices-2
19 pages
NTB70CC
No ratings yet
NTB70CC
4 pages
10 Iec 62443
No ratings yet
10 Iec 62443
20 pages
Cse Ece Saturdays Work Sheet
No ratings yet
Cse Ece Saturdays Work Sheet
35 pages
Classification of Visualization System
No ratings yet
Classification of Visualization System
2 pages
Cybersecurity For IACS - Cyber Risk Management Procedure
No ratings yet
Cybersecurity For IACS - Cyber Risk Management Procedure
50 pages
ISA D14 TTT CyberSecurity
100% (1)
ISA D14 TTT CyberSecurity
12 pages
Unsw Energy Management Metering Rev4.2 08082013
No ratings yet
Unsw Energy Management Metering Rev4.2 08082013
48 pages
ICS - Asset Management
No ratings yet
ICS - Asset Management
59 pages
Whitepaper1 62443
No ratings yet
Whitepaper1 62443
27 pages
Applying Iso Iec 27001 2 and The Isa Iec 62443 Series White Paper
100% (1)
Applying Iso Iec 27001 2 and The Isa Iec 62443 Series White Paper
10 pages
Building Cyber Oveview R3
100% (1)
Building Cyber Oveview R3
38 pages
Sectrio WP IEC-62443-RIsk-assessment Final
No ratings yet
Sectrio WP IEC-62443-RIsk-assessment Final
11 pages
Special Working Rules For Bahadurgarh Station 1. General and Subsidiary Rules:-A)
No ratings yet
Special Working Rules For Bahadurgarh Station 1. General and Subsidiary Rules:-A)
12 pages
TRANSCRIPT - Maruti Suzuki Drives Business Growth On A Full Oracle Stack
No ratings yet
TRANSCRIPT - Maruti Suzuki Drives Business Growth On A Full Oracle Stack
2 pages
Cyber Security ISA 99 / IEC 62443
0% (1)
Cyber Security ISA 99 / IEC 62443
13 pages
The 62443 Series of Standards
No ratings yet
The 62443 Series of Standards
4 pages
Research Proposal DRAFT - Ver2
No ratings yet
Research Proposal DRAFT - Ver2
31 pages
Implementing An Isa/Iec-62443 and Iso/Iec-27001 Ot Cyber Security Management System at Dutch Dso Enexis
100% (1)
Implementing An Isa/Iec-62443 and Iso/Iec-27001 Ot Cyber Security Management System at Dutch Dso Enexis
5 pages
7SA6 Presentation Engl
100% (1)
7SA6 Presentation Engl
29 pages
Digital Marketing Sem 4
No ratings yet
Digital Marketing Sem 4
3 pages
Cybersecurity Guidebook For Process Control en
100% (1)
Cybersecurity Guidebook For Process Control en
7 pages
Demystifying ISA IEC 62443 and Secure Elements DS00003983
No ratings yet
Demystifying ISA IEC 62443 and Secure Elements DS00003983
18 pages
Case Study Herrera
No ratings yet
Case Study Herrera
4 pages
SAS Slides 10: ODS HTML
No ratings yet
SAS Slides 10: ODS HTML
24 pages
IEC - 62443 Whitepaper
100% (2)
IEC - 62443 Whitepaper
14 pages
Using-ISA - IEC-62443-Standards-WP-v1.2 - Establishing Conduits and Zones (May 2014)
No ratings yet
Using-ISA - IEC-62443-Standards-WP-v1.2 - Establishing Conduits and Zones (May 2014)
12 pages
IS920 Product Information: Inverter System 48 V DC For Telecommunication
No ratings yet
IS920 Product Information: Inverter System 48 V DC For Telecommunication
10 pages
Assignment 2
No ratings yet
Assignment 2
3 pages
The ICS Cybersecurity Lifecycle PDF
100% (3)
The ICS Cybersecurity Lifecycle PDF
16 pages
China: Intelligent Transportation Systems in
No ratings yet
China: Intelligent Transportation Systems in
13 pages
Industrial Cybersecurity For SMB WP
No ratings yet
Industrial Cybersecurity For SMB WP
18 pages
OT Security
50% (2)
OT Security
7 pages
ISAGCA Quick Start Guide FINAL
100% (1)
ISAGCA Quick Start Guide FINAL
14 pages
Securing Industrial Network - White Paper
100% (2)
Securing Industrial Network - White Paper
12 pages
Mijlog
No ratings yet
Mijlog
2 pages
Performance Based Comparative Analysis of Thermal Power Plant: A Review
No ratings yet
Performance Based Comparative Analysis of Thermal Power Plant: A Review
6 pages
Pea Scada/Dms: Technical Visit
No ratings yet
Pea Scada/Dms: Technical Visit
6 pages
Vertex VX-4500 Series SpecSheet FINAL 012011
No ratings yet
Vertex VX-4500 Series SpecSheet FINAL 012011
2 pages
Siemens Transportation Systems - Shaping Tomorrow's Railways: Innovation and Trust - Basis of Joint Success
No ratings yet
Siemens Transportation Systems - Shaping Tomorrow's Railways: Innovation and Trust - Basis of Joint Success
6 pages
Lab 7.2.9 Load Balancing Across Multiple Paths: Objective
No ratings yet
Lab 7.2.9 Load Balancing Across Multiple Paths: Objective
5 pages
Test - Post Curso IC32 - Respuestas
No ratings yet
Test - Post Curso IC32 - Respuestas
6 pages
Schedule - 4 Price Schedules - Currency Wise Breakup of Lump Sum Bid Price Against Various Cost Centre For Payment Purpose
No ratings yet
Schedule - 4 Price Schedules - Currency Wise Breakup of Lump Sum Bid Price Against Various Cost Centre For Payment Purpose
2 pages
The 62443 Series Overview
No ratings yet
The 62443 Series Overview
4 pages
Articles Related To ISA 62443
No ratings yet
Articles Related To ISA 62443
4 pages
ISA - 62443 Series Overview
No ratings yet
ISA - 62443 Series Overview
4 pages

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Applying ISA/IEC 62443 To Control Systems: Mesa Mesa

Uploaded by

Applying ISA/IEC 62443 To Control Systems: Mesa Mesa

Uploaded by

ApplyingISA/IEC62443to

SUSTAINABILITY&ECOEFFICIENCY LEAN METRICS&PERFORMANCEMANAGEMENT

What do we mean by Process Control?

What do we mean by Process Control?

Process Control in this context is:

Level Control Example

Control in the late 60ss&early70

Other Industrial Devices

2001, Security Arrives

Cyber Security Overview

Incident: Sewage Spill in Australia

Incident: Sewage Spill in Australia

Incident: Gasoline Pipeline Rupture

Incident: Gasoline Pipeline Rupture

OVERVIEW OF ISA/IEC STANDARDS

ISA/IEC 62443 Series (Proposed)

Zones and Conduits

Chlorine Truck Loading Use Case

Systems vs. Zones & Conduits

An ISA Owned Organization

ISA Security Compliance Institute

ISA Security Compliance Institute (ISCI)

ISCI Member Companies

Why Do We Need Secure Devices

ISA 62443/99 Work Products

ISCI Program Outreach

Integrated Threat Analysis

Requirements Necessary to Achieve Certification Levels

CRT Common Specification plus LEVEL 2

Security Development Lifecycle

CRT test all

Perform ITA and

Who to Contact to Certify Products

Who to contact for CRT Test Tool

Who to contact for ISCI Membership

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.