New ISA99 international Standard on Developing Products that are Cybersecure by Design

ISA

April 9, 2018 

The ISA/IEC 62443 series of standards, developed by the ISA99 committee as American National Standards and adopted globally by the International Electrotechnical Commission (IEC), is designed to provide a flexible framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems (IACS).

A newly published standard in the series, ISA/IEC 62443-4-1-2018, Security for Industrial Automation and Control Systems Part 4-1: Product Security Development Life-Cycle Requirements, specifies process requirements for the secure development of products used in an IACS. It defines a secure development life-cycle for developing and maintaining secure products. This life-cycle includes security requirements definition, secure design, secure implementation (including coding guidelines), verification and validation, defect management, patch management and product end-of-life.

These requirements can be applied to new or existing processes for developing, maintaining and retiring hardware, software or firmware for new or existing products. The requirements apply to the developer and maintainer of a product, but not to the integrator or user of the product.

“Designing security into products from the beginning of the development lifecycle is critical because it can help eliminate vulnerabilities from products before they ever reach the field,” emphasizes Michael Medoff of exida, who led the ISA99 development group for the standard. “We all know how difficult and expensive it can be to constantly have to patch software in the field. The new standard gives us a real opportunity to break the cycle of frequent security patches and to produce products that are secure by design.”

The ISA99 standards committee draws on the input and knowledge of IACS security experts from across the globe to develop consensus standards that are applicable to all industry sectors and critical infrastructure. Previous documents in the ISA/IEC 62443 series cover terminology, concepts, and models; establishment of an IACS security program; patch management; and system security requirements and security levels. All may be accessed at www.isa.org/findstandards .

Related Articles

Littelfuse Acquires Western Automation Research and Development

Littelfuse Acquires Western Automation Research and Development

Littelfuse, Inc. has recently announced it has acquired Western Automation Research and Development Limited (“Western Automation”). Headquartered in Galway, Ireland, Western Automation is a designer and manufacturer of electrical shock protection devices used across a broad range of high-growth end markets, including e-Mobility off-board charging infrastructure, industrial safety and renewables.

Universal mCloud Strengthens AssetCare Business for Oil and Gas with Key Appointment and New Hire

Universal mCloud Strengthens AssetCare Business for Oil and Gas with Key Appointment and New Hire

Universal mCloud Corp., a provider of asset management solutions combining IoT, cloud computing, artificial intelligence and analytics, today announced a key appointment and a new addition to the mCloud team. The strengthened team will advance the Company’s strategy to drive organic growth through new multi-year, recurring, commercial Software-as-a-Service contracts within its Smart Process line of business, which includes customers in the oil and gas, petrochemical, and pipeline industries.

 

 

 

PB 25 Johnson logo 400

Johnson Controls to acquire Synchrony from Siemens – Acquisition will improve performance, efficiency of centrifugal chiller products

Johnson Controls announced today that it will acquire Synchrony, a global leader in the development of Active Magnetic Bearing (AMB) technology. Based in Roanoke, Virginia, Synchrony is part of Siemens Gas and Power.

 

 

 

PB 26 Allied logo 400

Moxa and Allied Electronics Partner To Enable Industrial Automation with Enhanced Connectivity Solutions for Harsh Environments

Faced with harsh operating conditions, and an increased demand for remote monitoring and automation during the global COVID-19 pandemic, industrial customers need edge connectivity, industrial computing and network infrastructure solutions that can establish and maintain secure connectivity in the face of moisture, extreme heat, freezing temperatures, vibration, and more.

 

 

 

Changing Scene

Sponsored Content
The Easy Way to the Industrial IoT

The way to the Industrial IoT does not have to be complicated. Whether access to valuable data is required or new, data-driven services are to be generated, Weidmuller enables its customers to go from data to value the easy way. Weidmuller’s comprehensive and cutting-edge IIoT portfolio applies to greenfield and brownfield applications. Weidmuller offers components and solutions from data acquisition, data pre-processing, data communication and data analysis.

Visit Weidmuller’s Industrial IoT Portfolio.

ADVANCED Motion Controls Takes Servo Drives to New Heights (and Depths) with FlexPro Extended Environment Product Line

Advanced Motion Controls is proud to announce the addition of six new CANopen servo drives with Extended Environment capabilities to their FlexPro line. These new drives join AMC’s existing EtherCAT Extended Environment FlexPro drives, making the FlexPro line the go-to solution for motion control applications in harsh environments.

Many motion control applications take place in conditions that are less than ideal, such as extreme temperatures, high and low pressures, shocks and vibrations, and contamination. Electronics, including servo drives, can malfunction or sustain permanent damage in these conditions.

Read More

Service Wire Co. Announces New Titles for Key Executives

Bruce Kesler and Mark Gatewood have been given new titles and responsibilities for Service Wire Co.

Bruce Kesler has assumed the role of Senior Director – Business Development. Bruce will be responsible for Service Wire’s largest strategic accounts and our growing Strategic Accounts Team.

Mark Gatewood has been promoted to the role of Vice President – Sales & Marketing. In this role, Gatewood will lead the efforts of Service Wire Company’s entire sales and marketing organization in all market verticals.

Read More

Tri-Mach Announces the Purchase of an Additional 45,000 sq ft. Facility

Tri-Mach Elmira Facility

Recently, Tri-Mach Inc. was thrilled to announce the addition of a new 45,000 sq ft. facility. Located at 285 Union St., Elmira, ON, this facility expands Tri-Mach’s capabilities, allowing them to better serve the growing needs of their customers.

Positioning for growth, this additional facility will allow Tri-Mach to continue taking on large-scale projects, enhance product performance testing, and provide equipment storage for their customers. The building will also be the new home to their Skilled Trades Centre of Excellence.

Read More

JMP Parent Company, CONVERGIX Acquires AGR Automation, Expanding Global Reach

Convergix Automation Solutions has completed the acquisition of AGR Automation (“AGR”), a UK-based provider of custom, high-performance automation design and systems integration primarily to the life sciences industry.

Following Convergix’s acquisitions of JMP Solutions in August 2021 and Classic Design in February 2022, AGR marks the third investment in Crestview’s strategy to build Convergix into a diversified automation solutions provider targeting the global $500+ billion market, with a particular focus on the $70 billion global systems integration and connectivity segments. Financial terms of the transaction were not disclosed.

Read More

Latest Articles

  • Implementing Functional Safety Requirements

    Implementing Functional Safety Requirements

    The Safety Functional Requirements Specification (SFRS; sometimes referred to as SRS or Safety Requirements Specification) is the plan for the safety controls on a machine and is the second step of the safety lifecycle. The SFRS document serves as a framework for the safety control system design, is informed by prior work done in the… Read More…

  • From Endress+Hauser, 24/7 Digital, Plant-Wide Health Monitoring for Rockwell Systems Optimizes Workflows and Processes

    From Endress+Hauser, 24/7 Digital, Plant-Wide Health Monitoring for Rockwell Systems Optimizes Workflows and Processes

    Endress+Hauser’s Asset Health Monitoring Solution–Rockwell Edition, now available for installation, provides operators with a centralized, digital overview of plant-wide device health to avoid unscheduled shutdowns and accelerate troubleshooting. It not only presents early visibility of problematic devices but distinguishes itself by adding likely causes and remedies to such a report so problems can be fixed… Read More…