ISA–The Instrumentation, Systems, and Automation Society ISA SP-99 Introduction: Manufacturing and Control Systems Security -- Kickoff Meeting Call to.

Slides:

Advertisements

Similar presentations

ASTM OFFICERS CONFERENCE SUBCOMMITTEE CHAIRMENS DUTIES AND RESPONSIBILITIES.

Advertisements

Secure Systems Research Group - FAU Process Standards (and Process Improvement)

Security Controls – What Works

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

SECURITY SIG IN MTS 28 TH JANUARY 2015 PROGRESS REPORT Fraunhofer FOKUS.

Top Tactics for Maximizing GMP Compliance in Blue Mountain RAM Jake Jacanin, Regional Sales Manager September 18, 2013.

ISA–The Instrumentation, Systems, and Automation Society SP99 Work Group 2 TR#2 “Second Edition” Long Beach Meeting April 28, 2004.

SEC835 Database and Web application security Information Security Architecture.

S/W Project Management

Introduction to ISO International Organization for Standardization (ISO) n Worldwide federation of national standards bodies from over 100 countries,

Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.

Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2007 ISA ISA 99 WG4 Technical Requirements Organization and.

Doc.: IEEE TG4a January 2006 Pat Kinney - Kinney Consulting LLC.Slide 1 Project: IEEE P Working Group for Wireless Personal Area.

ISA–The Instrumentation, Systems, and Automation Society SP99 Work Group 2 Planning for TR#2 Second Edition Long Beach Meeting April 28, 2004.

Federal Aviation Administration Federal Aviation Administration 1 Presentation to: Name: Date: Federal Aviation Administration AMHS Security Security Sub-Group.

Deakin Richard Tan Head, Information Technology Services Division DEAKIN UNIVERSITY 14 th October 2003.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.

Introduction to the ISO series ISO – principles and vocabulary (in development) ISO – ISMS requirements (BS7799 – Part 2) ISO –

Systems and Software Consortium | 2214 Rock Hill Road, Herndon, VA Phone: (703) | FAX: (703) Best.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Standards Certification Education & Training Publishing Conferences & Exhibits ISA SP-99 Working Group #3 October 27, 2005 Chicago, IL Eric Cosman, Evan.

The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;

State of Kansas Financial Management System Needs Assessment Validation Steering Committee Meeting October 25, 2006.

Standards Certification Education & Training Publishing Conferences & Exhibits ISA SP-99 Structure & Organization October 24, 2005 Chicago, IL Bryan L.

Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2006 ISA ISA-SP99: Security for Industrial Automation and Control.

DOE Integrated Safety Management (ISM) Conference Knoxville, TN August 24-27, 2009 Colette Broussard, DOE-HQ Office of Quality Assurance Policy.

IEC TC57 WG15 - Security Status & Roadmap, TC57 Plenary, May 2007

1 HARMONIZATION OF ISO/IEC AND IEEE STD 1219 Thomas M. Pigoski Paul R. Croll IEEE Computer Society Montreal, May 2003.

HIPAA Security A Quantitative and Qualitative Risk Assessment Rosemary B. Abell Director, National Healthcare Vertical Keane, Inc. HIPAA Summit VII September.

IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.

Hull Survey for New Construction Z23 (July 2006) John Finch Chairman IACS expert group on the Hull survey for New Construction September 2006.

ISPE Cyber Security S99 Update December 08, 2009.

Guidance Training (F520) §483.75(o) Quality Assessment and Assurance.

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

1 ISO/PC 283/N 197 ISO Current status of development November 2015.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:

ISA99 - Industrial Automation and Controls Systems Security

Report of the Technical Subcommittee Mario Bergeron, Technical Subcommittee Chair/NGEC Vice Chair.

Risk Management and the Audit Plan abc CIPFA in the Midlands Audit Training Seminar Wednesday 24th November 2004 Tina Spiers.

Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc

Reliability Standards Development Plan David Taylor Manager Standards Development Standards Committee Meeting June 12-13, 2008.

Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.

Assistant Instructor Nian K. Ghafoor Feb Definition of Proposal Proposal is a plan for master’s thesis or doctoral dissertation which provides the.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Chapter 8 : Management of Security Lecture #1-Week 13 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.

Models of Security Management Matt Cupp. Overview What is Security Management? What is Security Management? ISO/IEC ISO/IEC NIST Special Publication.

Security Methods and Practice Principles of Information Security, Fourth Edition CET4884 Planning for Security Ch5 Part I.

Risk Assessments in Many Flavors George J. Dolicker, CISA, CISSP.

ICC Industry Advisory Committee Purpose and Scope The purpose of the Industry Advisory Committee (IAC) is to promote, in cooperation with the International.

1 Interfaces, Engineering and Standards. 2 Interfaces LoKI Interface document description for deliverables Elements: PBS number, Deliverable description,

Primary Steps for Achieving ISO Certification.

Standards Certification Education & Training Publishing Conferences & Exhibits 1 Copyright © ISA, All Rights reserved ISA99 - Industrial Automation and.

CPA Gilberto Rivera, VP Compliance and Operational Risk

Jürgen Großmann, Fraunhofer FOKUS

Risk management.

ISA-SP99: Security for Industrial Automation and Control Systems

Cyber Security Fingerprint Secure systems, protect production

[VHT SG Approach Proposal]

IEEE MEDIA INDEPENDENT HANDOVER DCN: sec

WG Chair: Charles Ehrlich, NIST, U.S.A. CIML Member

Group Meeting Ming Hong Tsai Date :

Neopay Practical Guides #2 PSD2 (Should I be worried?)

ISA-SP88 Update: Batch Control and Beyond

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

Presentation transcript:

ISA–The Instrumentation, Systems, and Automation Society ISA SP-99 Introduction: Manufacturing and Control Systems Security -- Kickoff Meeting Call to Order Images Contained Herein May Not be Used Without Explicit Permission

ISA SP-99 Agenda Item 2 Introductions/Circulate Roster

ISA SP-99 Agenda Item 3 Review and Modify the Agenda

ISA SP-99 Agenda Item 4 Nominate Vice-Chairman and Secretary Discussions on Nominations Identify Nominees if possible

ISA SP-99 Agenda Item 5 Review Officer Responsibilities and Guidelines Managing Director appoints Chairman Appoint Vice Chairman Appoint Secretary Other responsibilities … 1- From S&P Manual of Procedures, Dec

ISA SP-99 Agenda Item 6 Recommendations for Further Appointments Editor(s) Others

ISA SP-99 Agenda Item 7 S&P Procedures Standards and Practices Committee Guide Standard and Practices Department Manual of Procedures

ISA SP-99 Agenda Item 8 Review of Scope, Purpose, Title, Tasks

ISA SP-99 Scope and Purpose Manufacturing & Process Control systems whose failure or compromise of contained information could endanger public or employee health or safety, violate federal or state regulations, or cause economic loss, and which have interfaces providing communications with external systems. For the purposes of this standard, manufacturing & process control systems is taken in the broadest possible sense, to include both process control, manufacturing operations and systems, continuous, discrete, and batch, control and safety systems, serving all types of plants, facilities, and systems in all industries. Agenda Item 11

ISA SP-99 Title Manufacturing and Control Systems Security Agenda Item 11

ISA SP-99 Committee Liaisons ISA SP-95 Keith Unger ISA SP-67 Bob Webb ISA SP-91 TBD ISA SP-84 Vic Maggioli ISA SP-50 TBD NIST PCSRF – Dave Teumim IEC, IEEE, IAS? Others?

ISA SP-99 Vendor Representatives Who do we have Currently Represented? Who Else should we Attempt to Involve?

ISA SP-99 Agenda Item 10 Technical Report Working Group Initial Proposed Section Titles: Manufacturing and Control Systems Security Overview Survey of Technology as Applicable to Manufacturing and Control Systems Integrating Security into the Manufacturing and Control Systems Environment Audit and Metrics of Security Performance

ISA SP-99 Technical Report Purpose n “Close the Barn Door After the Horse is Gone.” Security is already a problem n Make technical and procedural recommendations that will improve current security of process control systems, but not necessarily finalized measures n Represent current “best practice” thoughts and general recommendations in absence of the full discovery and analysis of the standards creation process n Essence should be on speed of delivery with definite goals, under the premise that a full standards effort is right behind the technical report Agenda Item 11

Technical Report Section 1: Manufacturing and Control System Security Overview n Provide General Introduction, Statement of Intent, Purpose, Etc for Technical Report n Definition of Scope n Definition of Terminologies Used Within Report n Reference Resources Used in Creation of Report l ISO/IEC l BS l ISO/IEC l NIST PCSRF SPS l ISO/IEC l Others? Agenda Item 11

ISA–The Instrumentation, Systems, and Automation Society Technical Report Section 2: Survey of Technology as Applicable to Control Systems Eric Byres, P.Eng. Agenda Item 12

The Task n Prepare an abstract for: Section 2 -Survey of Technology as applicable to Manufacturing and Control Systems. n Base this on ISO standard.

Bad News… n The ISO Standard Doesn’t Really Address Technology Well. n Focuses on Audit “Check List” Agenda Item 12

Proposed Solution n Define 5 Broad Classes for Security Technology: 1. Filtering/blocking Technology (E.G. Firewalls) 2. Encryption Technology 3. Authentication Technology 4. Detection Technology (Intrusion Prevention) 5. Data Validation/ Integrity Technology Agenda Item 12

Comments? n Is There Better Technology Classifications to Be Found Elsewhere? n Are We Missing Anything? l E.G. Technology for Non-repudiation? l E.G. Should Filtering Be Part of Authentication? n Will Something New Show up Next Year? Agenda Item 12

Technical Report Section 3- Integrating Security into the Manufacturing and Control Systems Environment Agenda Item 13

Technical Report Section 3 Overview Agenda Item 13 n Guidelines for Asset Identification and Business Requirements Modeling for Process Control Systems n General Guidelines for Threat Vulnerability and Assessment n Application of Commonly Accepted Technologies and Security Practices to the Control Systems Environment

Technical Report Section 4 – Audit and Metrics Agenda Item 14 n Tools, Checklists, Etc for Self Evaluation of Security Policies, Practices, and Procedures n Evaluation Tools for Analyzing Technological Performance a Security Measures n Audit Procedures for Evaluating Performance of Business Model Including Security Policies.

ISA SP-99 Agenda Item 15 Next Steps for Technical Report Organize Committee Into General Subcommittees to Continue Work Produce Framework of Report Sections by January 2003 Produce Initial Draft of Sections by March 2003 Produce Final Draft for Approval by July 2003

ISA SP-99 Agenda Item 16 Schedule Next Meetings Conference Call in November? Conference Call in December? ISA Show in Houston, next Face to Face?

ISA SP-99 Agenda Item 17 Additional Agenda Items – New Business

ISA SP-99 Agenda Item 18 Review Action Items

ISA SP-99 Agenda Item 19 Final Comments/Adjourn