What is ISA &IEC?
Initially, the ISA99 committee considered IT standards and practices for use in the IACS. However, it was soon found that this was not sufficient to ensure the safety, integrity, reliability, and security of an IACS.
The International Society of Automation (ISA) and the International Electrotechnical Commission (IEC) have joined forces to address the need to improve the cybersecurity of IACS.
Why to Secure IACS?
IACS are physical-cyber systems, the impact of a cyberattack could be severe. The consequences of a cyberattack on an IACS include, but are not limited to:
Endangerment of public or employee safety or health
Damage to the environment
Damage to the Equipment Under Control
Loss of product integrity
Loss of public confidence or company reputation
Violation of legal or regulatory requirements
Loss of proprietary or confidential information
Financial loss
Impact on entity, local, state, or national security
How to Secure IACS?
Risk Assessment
Security Level
Maturity Level
Design Principle
Foundational Requirements (FRs) form the basis for technical requirements throughout the
ISA/IEC 62443 Series. All aspects associated with meeting a desired IACS security level (people, processes, and technology) are derived through meeting the requirements associated with the
seven following Foundational Requirements:
o FR 1 – Identification and Authentication Control (IAC)
o FR 2 – Use Control (UC)
o FR 3 – System Integrity (SI)
o FR 4 – Data Confidentiality (DC)
o FR 5 – Restricted Data Flow (RDF)
o FR 6 – Timely Response to Events (TRE)
o FR 7 – Resource Availability (RA)