Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISA-SP99: Security for Industrial Automation and Control Systems

Published byBruce Garrett Modified over 6 years ago

Similar presentations

Presentation on theme: "ISA-SP99: Security for Industrial Automation and Control Systems"— Presentation transcript:

1 ISA-SP99: Security for Industrial Automation and Control Systems
Bryan Singer, CISM, CISSP ISA-SP99 Chairman Manager – Network and Security Services Rockwell Automation Copyright © 2006 ISA

2 Current ISA-SP99 Structure
Working Group 5 Committee Leadership (Promotion, Recruitment, Advocacy & Awareness) Working Group 1 Technical Report 1 (Technology) Working Group 2 ISA-99 Part 2: Establishing a Security Program Working Group 3 ISA-99 Part 1: Terminology, Concepts & Models Working Group 4 ISA-99 Part 4:Specific Requirements October 2006 Copyright © 2006 ISA

3 ISA-SP99: Some Key Names Bryan Singer (ISA-SP99 Chair)
Evan Hand (Vice Chair, WG 3 chair) Bob Webb (Managing Director) Eric Cosman (Principal Editor) Eric Byres (WG 1 chair) Bob Evans (Editor, TR1 Revision) Tom Good (WG 2 chair) Jim Gilsinn (Editor, Part 2) Johan Nye (Part 4 Co-chair) Tom Phinney (Part 4 Co-chair) Dick Oyen (Editor, Part 4) Charley Robinson (ISA Staff) October 2006 Copyright © 2006 ISA

4 ISA-SP99: Committee Structure
Over 260 Members and 220+ companies Working Group 1 – Security Technologies Technical Report 1 & Revision Working Group 2 – Building & Maintaining a Security Program (Part 2 standard) Working Group 3 – Concepts, Models, and Terminology (Part 1 Standard) Working Group 4 – Security Requirements (Part 4 Standard): new Working Group 5 – ISA-SP99 Leadership October 2006 Copyright © 2006 ISA

5 Sectors Represented Include:
Chemical Processing Petroleum Refining Food and Beverage Power Pharmaceuticals Process Automation Suppliers IT Suppliers Government Labs Consultants October 2006 Copyright © 2006 ISA

6 ISA-SP99 Positioning Business Planning & Logistics Manufacturing
Plant Production Scheduling, Operational Management, etc Manufacturing Operations & Control Dispatching Production, Detailed Production Scheduling, Reliability Assurance, ... Batch Control Discrete Continuous Level 4 Level 3 Levels 2,1,0 IT Security Policies and Practices (ISO 17799) Common technologies, policies and practices Mfg Security Policies and Practices (SP 99) Process Safety IEC 61508, (ISA 84, IEC 61511) October 2006 Copyright © 2006 ISA

7 f ( ) Effective Automation Systems Security =
The Basic Equation… Effective Automation Systems Security = f ( Appropriate IT Security Technology, Specialized Security Expertise, ) Industrial Automation Domain Expertise October 2006 Copyright © 2006 ISA

8 Transmitters, meters, control valves, to enterprise wide HMIs, …
ISA-SP99 Scope Based on functionality; not industry, type of control or other limited views Includes SCADA/EMS DCS PLCs RTUs/IEDs Transmitters, meters, control valves, to enterprise wide HMIs, … Enterprise applications, to the extent they can affect control October 2006 Copyright © 2006 ISA

9 ISA-99.00.01 – Part 1: Terminology, Concepts and Models
ISA-SP99 Structure ISA – Part 1: Terminology, Concepts and Models ISA – Part 2: Establishing an Industrial Automation and Control System Security Program ISA – Part 3: Operating an Industrial Automation and Control Systems Security Program Completed In Progress Starting Planned Legend ISA – Part 4: Security Requirements for Industrial Automation and Control Systems ANSI/ISA-TR : Security Technologies for Manufacturing and Control Systems October 2006 Copyright © 2006 ISA

10 Technical Reports – Previously Published
ANSI/ISA-TR Security Technologies for Manufacturing and Control Systems Authors: Working Group 1 Status: Revision Currently in Committee Voting ANSI/ISA-TR Integrating Electronic Security into the Manufacturing and Control Systems Environment Authors: Working Group 2 Status: Will be replaced by ANSI/ISA-99 Part 2 Standard October 2006 Copyright © 2006 ISA

11 Standards in Progress ANSI/ISA-d Security for Industrial Automation and Control Systems – Part 1: Terminology, Concepts and Models Authors: Working Group 3 Second committee ballot: November 2006 ANSI/ISA-d Security for Industrial Automation and Control Systems – Part 2: Establishing an Industrial Automation and Control Systems Security Program Authors: Working Group 2 Second committee ballot: January 2007 October 2006 Copyright © 2006 ISA

12 ISA Standards Approval Criteria
Requires both: Approval by majority of voting members and; Approval by two-thirds of those voting members who actually voted, excluding abstentions. October 2006 Copyright © 2006 ISA

13 ANSI/ISA d Status Draft 2 Edit 9 released for vote in April 2006 (Target was Q1) Voting closed May 30, 2006 >50% of eligible voting members approved 80% of those who voted approved 4 disapprovals, 1 abstention Majority of voting members  Two thirds of votes received All comments are being addressed to prepare for publication by end of year. October 2006 Copyright © 2006 ISA

14 ANSI/ISA d99.00.01 – Comments Review
277 comments received from 17 reviewers 177 editorial, 73 technical, 27 general 208 have been addressed, with work underway or complete Major themes: Consistency with other ISA standards Description of security levels Zones and Conduits concept October 2006 Copyright © 2006 ISA

15 ANSI/ISA d Status Draft 2 Edit 9 released for vote in April 2006 Voting closed May 30, 2006 <50% of eligible voting members responded 66% of those who voted approved 1 disapproval, 5 abstentions Majority of voting members  Two thirds of votes received  Comments are being addressed to determine additions or changes to the standard. Expect next vote in January 2007. October 2006 Copyright © 2006 ISA

16 ANSI/ISA d99.00.02 – Comments Review
~400 comments received Analysis is in progress Initial focus is on comments related to document organization and structure Major themes: Organization of information & ease of use Consistency with other standards (e.g., ISO-27001) Process complexity October 2006 Copyright © 2006 ISA

17 Standards Planned (Part 3)
Designation: ANSI/ISA-d Topic: Operating an Industrial Automation and Control Systems Security Program Contributors: Working group to be formed October 2006 Copyright © 2006 ISA

18 Standards Planned (Part 4)
Designation: ANSI/ISA-d Topic: Security Requirements for Industrial Automation and Control Systems Contributors: Johan Nye, Tom Phinney: Co-chairs Dick Oyen: Editor October 2006 Copyright © 2006 ISA

19 Other Documents ANSI/ISA-d99.00.xx Security for Industrial Automation and Control Systems – Master Glossary ANSI/ISA-d99.00.xx Security for Industrial Automation and Control Systems – Guide to the ISA-99 Standards October 2006 Copyright © 2006 ISA

20 Liaison Activities Increase awareness of and coordination between ISA-SP99 activities and other automation systems security activities, including: Standards groups (e.g., NERC, IEEE, ISO/IEC) Industry specific guidance groups (e.g., CSCSP, Rail Transit) Coordination bodies (e.g., PCSF) Government (DHS) October 2006 Copyright © 2006 ISA

21 Complete the revised Technical Report #1
Immediate Priorities Complete Parts 1 and 2 Complete the revised Technical Report #1 Staff and launch new working group for the Part 4 standard Transition working group that produced Part 2 to start work on Part 3 October 2006 Copyright © 2006 ISA

22 ISA-SP99 needs your participation
Involvement!! Contribute material to the standards or technical reports Commit time to review and comment Collaborate across industries and organizations Promotion and Advocacy!! Affirm the need for standards and guidance Promote new and improved technology October 2006 Copyright © 2006 ISA

23 Do you have something to add? Send email to:
How to participate Do you have something to add? Send to: Bryan Singer, Committee Chairman Charley Robinson, ISA Representative Provide your contact information and area of expertise or interest. October 2006 Copyright © 2006 ISA

24 Questions October 2006 Copyright © 2006 ISA

25 Sources Slides 2-15 from Rockwell Automation Network and Security Services Presentation dated 21 July 2006 October 2006 Copyright © 2006 ISA

Download ppt "ISA-SP99: Security for Industrial Automation and Control Systems"

Similar presentations

International Standards for Software & Systems Documentation Ralph E. Robinson R 2 Innovations.

International Standards for Software & Systems Documentation Ralph E. Robinson R 2 Innovations.
ISA 99 Technical Requirements Situation assessment as seen by Dennis Holstein, Lead Editor 13 November 20081ISA99WG04.

ISA 99 Technical Requirements Situation assessment as seen by Dennis Holstein, Lead Editor 13 November 20081ISA99WG04.
Overview of NSF Standards Process and Joint Committee Formation Sustainable Water Contact Products Stakeholder Meeting October 30, 2012.

Overview of NSF Standards Process and Joint Committee Formation Sustainable Water Contact Products Stakeholder Meeting October 30, 2012.
Submission doc.: IEEE 802.19-14/0089r1 January 2015 Steve Shellhammer, QualcommSlide 1 3GPP LAA Liaison Approval Process Date: 2015-01-21 Authors: Notice:

Submission doc.: IEEE /0089r1 January 2015 Steve Shellhammer, QualcommSlide 1 3GPP LAA Liaison Approval Process Date: Authors: Notice:
ISO 9001:2015 Revision overview - General users

ISO 9001:2015 Revision overview - General users
Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2007 ISA ISA 99 WG4 Technical Requirements Organization and.

Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2007 ISA ISA 99 WG4 Technical Requirements Organization and.
Standards Certification Education & Training Publishing Conferences & Exhibits ISA SP-99 Working Group #3 October 27, 2005 Chicago, IL Eric Cosman, Evan.

Standards Certification Education & Training Publishing Conferences & Exhibits ISA SP-99 Working Group #3 October 27, 2005 Chicago, IL Eric Cosman, Evan.
ISA–The Instrumentation, Systems, and Automation Society ISA SP-99 Introduction: Manufacturing and Control Systems Security -- Kickoff Meeting Call to.

ISA–The Instrumentation, Systems, and Automation Society ISA SP-99 Introduction: Manufacturing and Control Systems Security -- Kickoff Meeting Call to.
Standards Certification Education & Training Publishing Conferences & Exhibits ISA SP-99 Structure & Organization October 24, 2005 Chicago, IL Bryan L.

Standards Certification Education & Training Publishing Conferences & Exhibits ISA SP-99 Structure & Organization October 24, 2005 Chicago, IL Bryan L.
Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2006 ISA ISA-SP99: Security for Industrial Automation and Control.

Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2006 ISA ISA-SP99: Security for Industrial Automation and Control.
March 2006 T. M. Kurihara, Chair, IEEE P1609Slide 1 doc.: IEEE 802.11-06/0457r1 Submission IEEE DSRC Application Services (P1609) Date: 2006-03-07 NameCompanyAddressPhoneemail.

March 2006 T. M. Kurihara, Chair, IEEE P1609Slide 1 doc.: IEEE /0457r1 Submission IEEE DSRC Application Services (P1609) Date: NameCompanyAddressPhone .
ISPE Cyber Security S99 Update December 08, 2009.

ISPE Cyber Security S99 Update December 08, 2009.
1 ISO/PC 283/N 197 ISO 45001 Current status of development November 2015.

1 ISO/PC 283/N 197 ISO Current status of development November 2015.
ISA99 - Industrial Automation and Controls Systems Security

ISA99 - Industrial Automation and Controls Systems Security
Doc.: IEEE 802.19-06/0010r0 Submission March 2006 Steve Shellhammer, QualcommSlide 1 Overview of the 802.19 TAG Notice: This document has been prepared.

Doc.: IEEE /0010r0 Submission March 2006 Steve Shellhammer, QualcommSlide 1 Overview of the TAG Notice: This document has been prepared.
Doc.: IEEE 802.15-02/263r0 Submission José A. Gutierrez July-2002 Slide 1 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs)

Doc.: IEEE /263r0 Submission José A. Gutierrez July-2002 Slide 1 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs)
Standards Certification Education & Training Publishing Conferences & Exhibits ISA Standards for Automation An Overview.

Standards Certification Education & Training Publishing Conferences & Exhibits ISA Standards for Automation An Overview.
Doc.: IEEE 802.15- 04-0551-00-001a Submission Sept 2004 Tom Siep, TMS Assoicates, LLCSlide 1 Project: IEEE P802.15 Working Group for Wireless Personal.

Doc.: IEEE a Submission Sept 2004 Tom Siep, TMS Assoicates, LLCSlide 1 Project: IEEE P Working Group for Wireless Personal.
Standards Certification Education & Training Publishing Conferences & Exhibits 1 Copyright © ISA, All Rights reserved ISA99 - Industrial Automation and.

Standards Certification Education & Training Publishing Conferences & Exhibits 1 Copyright © ISA, All Rights reserved ISA99 - Industrial Automation and.
API 19 CI Chemical Injection Devices for Downhole Applications

API 19 CI Chemical Injection Devices for Downhole Applications

Similar presentations

Ads by Google