Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2006 ISA ISA-SP99: Security for Industrial Automation and Control Systems Status Update October 16, 2006 Eric C. Cosman Part 1: Terminology, Concepts & Models

2September 2006Copyright © 2006 ISA Objectives Report on: –the results on the first vote on d –efforts to address all comments received –current status of the draft standard Review major additions and improvements since Draft 2 Edit 9 Collect feedback Finalize plans for a new voting cycle

3September 2006Copyright © 2006 ISA Topics SP-99: General Review Part 1 Concepts Voting Results Processing of Comments Changes and Additions to Part 1 Discussion

4September 2006Copyright © 2006 ISA Common technologies, policies and practices ISA-SP99 Positioning IT Security Policies and Practices (ISO 17799) Mfg Security Policies and Practices (SP 99) Process Safety (ISA 84, IEC 61508, IEC 61511) Business Planning & Logistics Plant Production Scheduling, Operational Management, etc Manufacturing Operations & Control Dispatching Production, Detailed Production Scheduling, Reliability Assurance,... Batch Control Discrete Control Continuous Control Level 4 Level 3 Levels 2,1,0

5September 2006Copyright © 2006 ISA ISA-SP99 Structure ISA – Part 4: Security Requirements for Industrial Automation and Control Systems ISA – Part 3: Operating an Industrial Automation and Control Systems Security Program ISA – Part 2: Establishing an Industrial Automation and Control System Security Program ISA – Part 1: Terminology, Concepts and Models ANSI/ISA-TR : Security Technologies for Manufacturing and Control Systems Completed In Progress Starting Planned Legend ANSI/ISA-TR : Integrating Electronic Security into the Manufacturing and Control Systems Environment

6September 2006Copyright © 2006 ISA Questions

7September 2006Copyright © 2006 ISA Topics SP-99: General Review Part 1 Concepts Voting Results Processing of Comments Changes and Additions to Part 1 Discussion

8September 2006Copyright © 2006 ISA Purpose Review of some of the basic concepts in dS (Part 1), including: –security objectives –basic terms (e.g., security maturity, risk) –context model –policies –zones & conduits –reference models –model relationships

9September 2006Copyright © 2006 ISA Part 1 Structure Clause 3: Definitions and Abbreviations Clause 4: Concepts –Introduces basic concepts that form the foundation for the rest of Part 1, as well as other standards in the series. Clause 5: Models –The only normative section of the standard. –Describes the basic models that form the framework for ISA-99 series

10September 2006Copyright © 2006 ISA Security Objectives Priority Industrial Automation & Control Systems General Purpose Information Technology Systems Availability Integrity Confidentiality Integrity Availability

11September 2006Copyright © 2006 ISA Basic Terminology Access control Asset Attack Conduit Countermeasure Industrial automation and control system (IACS) Manufacturing Operations Policy Risk Security Level Threat Vulnerability Zone

12September 2006Copyright © 2006 ISA Context Model (from ISO 15408)

13September 2006Copyright © 2006 ISA Policies Various Levels (e.g., corporate, operational) Areas covered (examples): –Risk Management –Access Management –Remote Access –Physical Security –Portable Devices –Wireless –Auditing –Personnel

14September 2006Copyright © 2006 ISA Zones and Conduits

15September 2006Copyright © 2006 ISA Reference Model

16September 2006Copyright © 2006 ISA Model Relationships

17September 2006Copyright © 2006 ISA Questions

18September 2006Copyright © 2006 ISA Topics SP-99: General Review Part 1 Concepts Voting Results Processing of Comments Changes and Additions to Part 1 Discussion

19September 2006Copyright © 2006 ISA ISA Standards Approval Criteria Requires both: 1.Approval by majority of voting members and; 2.Approval by two-thirds of those voting members who actually voted, excluding abstentions.

20September 2006Copyright © 2006 ISA ANSI/ISA d Status Draft 2 Edit 9 released for vote in April 2006 (Target was Q1) –Voting closed May 30, 2006 >50% of eligible voting members approved –80% of those who voted approved –4 disapprovals, 1 abstention Majority of voting members  Two thirds of votes received  All comments are being addressed to prepare for publication by end of year.

21September 2006Copyright © 2006 ISA Topics SP-99: General Review Part 1 Concepts Voting Results Processing of Comments Changes and Additions to Part 1 Discussion

22September 2006Copyright © 2006 ISA Comments Received 277 comments received from 17 reviewers –177 editorial, 73 technical, 27 general all have been addressed, with work underway or complete All responses recorded

23September 2006Copyright © 2006 ISA Status as of October 1

24September 2006Copyright © 2006 ISA Feedback themes Consistency with other standards –Reference model from ANSI/ISA-95 Description of security levels –Presented as examples only; more specificity required Zones and Conduits concept –Complexity and some inconsistencies

25September 2006Copyright © 2006 ISA Questions

26September 2006Copyright © 2006 ISA Topics SP-99: General Review Part 1 Concepts Voting Results Processing of Comments Changes and Additions to Part 1 Discussion

27September 2006Copyright © 2006 ISA Areas of Focus Restructure Scope and Introduction Reordering of topics in Clause 4 (Concepts) Revised context model Maturity levels Security levels Consolidation of all models into Clause 5 as normative content Annex material on SCADA models

28September 2006Copyright © 2006 ISA Restructure Scope and Introduction Several comments related to language in these sections Introduction now “sets the stage” All description of “what” moved to scope

29September 2006Copyright © 2006 ISA Reordering of topics in Clause 4 Current Environment Security Context Zones Conduits Security Levels Policy Program Maturity Reference Model Levels Current Environment Security Context Program Maturity Policy Zones Conduits Security Levels Draft 2, Edit 9Revised

30September 2006Copyright © 2006 ISA Revised Context Model Original model taken from ISO (Common Criteria) –Provides an overview of relationships between various elements of security An alternate view proposed by Hans Daniel (IEC) Both views presented, with explanation of how they are related Clarification of purpose: to show how elements are related

31September 2006Copyright © 2006 ISA An alternate view of the Context Model TRA SA Evaluation Assurance Techniques Assurance Owners Confidence Risk Assets producegives evidence of giving require in to Threats using require Vulnera- bilities Counter- measures to minimize

32September 2006Copyright © 2006 ISA Maturity Levels Information taken from Annex of d (Part 2)

33September 2006Copyright © 2006 ISA Security Levels New material developed in response to comments received “Sets the stage” for more detailed information to follow in parts 2 and 4. Available as a separate “discussion paper”

34September 2006Copyright © 2006 ISA Security Levels Security Level Qualitative Description Quantitative Range MTTC (hrs) 1Low10 a to 10 b 2Medium10 b to 10 c 3High10 c to 10 d

35September 2006Copyright © 2006 ISA Types of Security Levels SL(Target) –Target Security Level for a zone or conduit SL(Achieved) –Achieved Security Level of a zone or conduit SL(Capability) –Security Level Capability of security measures associated with a zone or conduit or inherent Security Level Capability of devices or systems within a zone or conduit

36September 2006Copyright © 2006 ISA Security Level Lifecycle

37September 2006Copyright © 2006 ISA Clause 5 (Models) Reference model description (including layers) moved to Clause 5 Some of the “definition” material on zones and conduits moved back into Clause 4 (concepts)

38September 2006Copyright © 2006 ISA SCADA Models (Annex) Added as a means of describing applicability to SCADA systems “Interpretations” of the models using typical SCADA configurations and conventions.

39September 2006Copyright © 2006 ISA SCADA Reference Architecture Example

40September 2006Copyright © 2006 ISA SCADA Zone Example

41September 2006Copyright © 2006 ISA SCADA Conduit Example

42September 2006Copyright © 2006 ISA Questions

43September 2006Copyright © 2006 ISA Topics SP-99: General Review Part 1 Concepts Voting Results Processing of Comments Changes and Additions to Part 1 Discussion