Presentation is loading. Please wait.

Presentation is loading. Please wait.

Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2006 ISA ISA-SP99: Security for Industrial Automation and Control.

Published byLetitia Walker Modified over 9 years ago

Similar presentations

Presentation on theme: "Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2006 ISA ISA-SP99: Security for Industrial Automation and Control."— Presentation transcript:

1 Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2006 ISA ISA-SP99: Security for Industrial Automation and Control Systems Status Update October 16, 2006 Eric C. Cosman Part 1: Terminology, Concepts & Models

2 2September 2006Copyright © 2006 ISA Objectives Report on: –the results on the first vote on d99.00.01 –efforts to address all comments received –current status of the draft standard Review major additions and improvements since Draft 2 Edit 9 Collect feedback Finalize plans for a new voting cycle

3 3September 2006Copyright © 2006 ISA Topics SP-99: General Review Part 1 Concepts Voting Results Processing of Comments Changes and Additions to Part 1 Discussion

4 4September 2006Copyright © 2006 ISA Common technologies, policies and practices ISA-SP99 Positioning IT Security Policies and Practices (ISO 17799) Mfg Security Policies and Practices (SP 99) Process Safety (ISA 84, IEC 61508, IEC 61511) Business Planning & Logistics Plant Production Scheduling, Operational Management, etc Manufacturing Operations & Control Dispatching Production, Detailed Production Scheduling, Reliability Assurance,... Batch Control Discrete Control Continuous Control Level 4 Level 3 Levels 2,1,0

5 5September 2006Copyright © 2006 ISA ISA-SP99 Structure ISA-99.00.04 – Part 4: Security Requirements for Industrial Automation and Control Systems ISA-99.00.03 – Part 3: Operating an Industrial Automation and Control Systems Security Program ISA-99.00.02 – Part 2: Establishing an Industrial Automation and Control System Security Program ISA-99.00.01 – Part 1: Terminology, Concepts and Models ANSI/ISA-TR99.00.01-2004: Security Technologies for Manufacturing and Control Systems Completed In Progress Starting Planned Legend ANSI/ISA-TR99.00.02-2004: Integrating Electronic Security into the Manufacturing and Control Systems Environment

6 6September 2006Copyright © 2006 ISA Questions

7 7September 2006Copyright © 2006 ISA Topics SP-99: General Review Part 1 Concepts Voting Results Processing of Comments Changes and Additions to Part 1 Discussion

8 8September 2006Copyright © 2006 ISA Purpose Review of some of the basic concepts in dS99.00.01 (Part 1), including: –security objectives –basic terms (e.g., security maturity, risk) –context model –policies –zones & conduits –reference models –model relationships

9 9September 2006Copyright © 2006 ISA Part 1 Structure Clause 3: Definitions and Abbreviations Clause 4: Concepts –Introduces basic concepts that form the foundation for the rest of Part 1, as well as other standards in the series. Clause 5: Models –The only normative section of the standard. –Describes the basic models that form the framework for ISA-99 series

10 10September 2006Copyright © 2006 ISA Security Objectives Priority Industrial Automation & Control Systems General Purpose Information Technology Systems Availability Integrity Confidentiality Integrity Availability

11 11September 2006Copyright © 2006 ISA Basic Terminology Access control Asset Attack Conduit Countermeasure Industrial automation and control system (IACS) Manufacturing Operations Policy Risk Security Level Threat Vulnerability Zone

12 12September 2006Copyright © 2006 ISA Context Model (from ISO 15408)

13 13September 2006Copyright © 2006 ISA Policies Various Levels (e.g., corporate, operational) Areas covered (examples): –Risk Management –Access Management –Remote Access –Physical Security –Portable Devices –Wireless –Auditing –Personnel

14 14September 2006Copyright © 2006 ISA Zones and Conduits

15 15September 2006Copyright © 2006 ISA Reference Model

16 16September 2006Copyright © 2006 ISA Model Relationships

17 17September 2006Copyright © 2006 ISA Questions

18 18September 2006Copyright © 2006 ISA Topics SP-99: General Review Part 1 Concepts Voting Results Processing of Comments Changes and Additions to Part 1 Discussion

19 19September 2006Copyright © 2006 ISA ISA Standards Approval Criteria Requires both: 1.Approval by majority of voting members and; 2.Approval by two-thirds of those voting members who actually voted, excluding abstentions.

20 20September 2006Copyright © 2006 ISA ANSI/ISA d99.00.01 Status Draft 2 Edit 9 released for vote in April 2006 (Target was Q1) –Voting closed May 30, 2006 >50% of eligible voting members approved –80% of those who voted approved –4 disapprovals, 1 abstention Majority of voting members  Two thirds of votes received  All comments are being addressed to prepare for publication by end of year.

21 21September 2006Copyright © 2006 ISA Topics SP-99: General Review Part 1 Concepts Voting Results Processing of Comments Changes and Additions to Part 1 Discussion

22 22September 2006Copyright © 2006 ISA Comments Received 277 comments received from 17 reviewers –177 editorial, 73 technical, 27 general all have been addressed, with work underway or complete All responses recorded

23 23September 2006Copyright © 2006 ISA Status as of October 1

24 24September 2006Copyright © 2006 ISA Feedback themes Consistency with other standards –Reference model from ANSI/ISA-95 Description of security levels –Presented as examples only; more specificity required Zones and Conduits concept –Complexity and some inconsistencies

25 25September 2006Copyright © 2006 ISA Questions

26 26September 2006Copyright © 2006 ISA Topics SP-99: General Review Part 1 Concepts Voting Results Processing of Comments Changes and Additions to Part 1 Discussion

27 27September 2006Copyright © 2006 ISA Areas of Focus Restructure Scope and Introduction Reordering of topics in Clause 4 (Concepts) Revised context model Maturity levels Security levels Consolidation of all models into Clause 5 as normative content Annex material on SCADA models

28 28September 2006Copyright © 2006 ISA Restructure Scope and Introduction Several comments related to language in these sections Introduction now “sets the stage” All description of “what” moved to scope

29 29September 2006Copyright © 2006 ISA Reordering of topics in Clause 4 Current Environment Security Context Zones Conduits Security Levels Policy Program Maturity Reference Model Levels Current Environment Security Context Program Maturity Policy Zones Conduits Security Levels Draft 2, Edit 9Revised

30 30September 2006Copyright © 2006 ISA Revised Context Model Original model taken from ISO-15408 (Common Criteria) –Provides an overview of relationships between various elements of security An alternate view proposed by Hans Daniel (IEC) Both views presented, with explanation of how they are related Clarification of purpose: to show how elements are related

31 31September 2006Copyright © 2006 ISA An alternate view of the Context Model TRA SA Evaluation Assurance Techniques Assurance Owners Confidence Risk Assets producegives evidence of giving require in to Threats using require Vulnera- bilities Counter- measures to minimize

32 32September 2006Copyright © 2006 ISA Maturity Levels Information taken from Annex of d99.00.02 (Part 2)

33 33September 2006Copyright © 2006 ISA Security Levels New material developed in response to comments received “Sets the stage” for more detailed information to follow in parts 2 and 4. Available as a separate “discussion paper”

34 34September 2006Copyright © 2006 ISA Security Levels Security Level Qualitative Description Quantitative Range MTTC (hrs) 1Low10 a to 10 b 2Medium10 b to 10 c 3High10 c to 10 d

35 35September 2006Copyright © 2006 ISA Types of Security Levels SL(Target) –Target Security Level for a zone or conduit SL(Achieved) –Achieved Security Level of a zone or conduit SL(Capability) –Security Level Capability of security measures associated with a zone or conduit or inherent Security Level Capability of devices or systems within a zone or conduit

36 36September 2006Copyright © 2006 ISA Security Level Lifecycle

37 37September 2006Copyright © 2006 ISA Clause 5 (Models) Reference model description (including layers) moved to Clause 5 Some of the “definition” material on zones and conduits moved back into Clause 4 (concepts)

38 38September 2006Copyright © 2006 ISA SCADA Models (Annex) Added as a means of describing applicability to SCADA systems “Interpretations” of the models using typical SCADA configurations and conventions.

39 39September 2006Copyright © 2006 ISA SCADA Reference Architecture Example

40 40September 2006Copyright © 2006 ISA SCADA Zone Example

41 41September 2006Copyright © 2006 ISA SCADA Conduit Example

42 42September 2006Copyright © 2006 ISA Questions

43 43September 2006Copyright © 2006 ISA Topics SP-99: General Review Part 1 Concepts Voting Results Processing of Comments Changes and Additions to Part 1 Discussion

Download ppt "Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2006 ISA ISA-SP99: Security for Industrial Automation and Control."

Similar presentations

Module 1 Evaluation Overview © Crown Copyright (2000)

Module 1 Evaluation Overview © Crown Copyright (2000)
Progress on Risk Assessment......continued Ms. Albana Gjinopulli, MPA Mr. Stanislav Buchkov.

Progress on Risk Assessment......continued Ms. Albana Gjinopulli, MPA Mr. Stanislav Buchkov.
The New GMP Annex 11 and Chapter 4 Deadline for coming into operation: 30 June 2011.

The New GMP Annex 11 and Chapter 4 Deadline for coming into operation: 30 June 2011.
ANSI/ASQ E Overview Gary L. Johnson U.S. EPA

ANSI/ASQ E Overview Gary L. Johnson U.S. EPA
Technical update on ISO 9001:2015 Colin MacNee Duncan MacNee Limited

Technical update on ISO 9001:2015 Colin MacNee Duncan MacNee Limited
ISA 99 Technical Requirements Situation assessment as seen by Dennis Holstein, Lead Editor 13 November 20081ISA99WG04.

ISA 99 Technical Requirements Situation assessment as seen by Dennis Holstein, Lead Editor 13 November 20081ISA99WG04.
Don Wells Hess Corporation

Don Wells Hess Corporation
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
ISO Current status of development

ISO Current status of development
SECURITY SIG IN MTS 28 TH JANUARY 2015 PROGRESS REPORT Fraunhofer FOKUS.

SECURITY SIG IN MTS 28 TH JANUARY 2015 PROGRESS REPORT Fraunhofer FOKUS.
Process, Communication, and Certification Padma Venkata

Process, Communication, and Certification Padma Venkata
RC14001 ® Update GPCA Responsible Care Committee September 23, 2013.

RC14001 ® Update GPCA Responsible Care Committee September 23, 2013.
ISO 9001:2015 Revision overview - General users

ISO 9001:2015 Revision overview - General users
Welcome ISO9001:2000 Foundation Workshop.

Welcome ISO9001:2000 Foundation Workshop.
ISA–The Instrumentation, Systems, and Automation Society SP99 Work Group 2 TR#2 “Second Edition” Long Beach Meeting April 28, 2004.

ISA–The Instrumentation, Systems, and Automation Society SP99 Work Group 2 TR#2 “Second Edition” Long Beach Meeting April 28, 2004.
ISO 9001:2015 Revision overview December 2013

ISO 9001:2015 Revision overview December 2013
ISO 9001:2015 Revision overview - General users

ISO 9001:2015 Revision overview - General users
Software as a Medical Device (SaMD) Application of Quality Management System IMDRF/WG/N23 Proposed Document (PD1)R3.

Software as a Medical Device (SaMD) Application of Quality Management System IMDRF/WG/N23 Proposed Document (PD1)R3.
SQA Architecture Software Quality By: MSMZ.

SQA Architecture Software Quality By: MSMZ.
Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2007 ISA ISA 99 WG4 Technical Requirements Organization and.

Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2007 ISA ISA 99 WG4 Technical Requirements Organization and.

Similar presentations

Ads by Google