All You Need To Know About The IEC 62443 Updates In Progress
This article introduces the upcoming changes to the ISA/IEC 62443 standards, which were developed by the ISA99 committee and adopted by the International Electrotechnical Commission (IEC).
Share This Article:
Many of us may be familiar with the IEC 62443 group of standards which provide a flexible framework to assess risk and inform the design of Industrial Automation and Control Systems (IACS). These standards are used regularly across IACS industries in verticals such as Oil & Gas, Rail, Energy, and Water, and provide excellent interoperation with other industry standards including NIST and ISO.
The International Society of Automation (ISA), which produced and continues to develop the IEC 62443, is a non-profit professional association of engineers, technicians, and management engaged in industrial automation. As the globally trusted provider of foundational standards-based technical resources for the profession, ISA strives to build a better world through automation.
The ISA99 committee responsible for the development of the standard within ISA has recently released several updates to the work they have been doing, with some interesting reviews, updates and extensions to the standards that will prove valuable once released formally.
What is changing?
Below is a quick summary of these updates from the working group as something to look out for in the coming months:
- 62443-2-1 (Security program requirements for IACS asset owners): released in 2009, this will update the relationships with other standards such as ISO 2700x.
- 62443-1-1 (Terminology, concepts, and models): released in 2007, this will receive an update with new and updated terminologies to bring it into line with current understanding.
- 62443-2-3 (Security update (patch) management): released in 2015, this will provide an updated second edition refining the procedures and recommendations for patch management.
- 62443-1-6 (Application to the Industrial Internet of Things): a very welcome update to the 62443 series, this will provide guidance to asset owners implementing the Industrial Internet of Things (IIoT).
- 62443-1-3 (Performance metrics for IACS security): defines a methodology for metrics from technical and process requirements.
- 62443-1-3 (Awareness and Training): the development and delivery of a large set of awareness and training materials related to the 62443 series in the form of micro-learning modules (MLMs) and learning maps.
- 62443 (Security Profiles for Electric Energy OT Control Systems): recently created to prioritise the development of multiple ISA/IEC 62443 Security Profiles for electric transmission and distribution applications.
Industry participation is ongoing with the Industry IoT Consortium (IIC) and there are continuous improvements to the ISA Global Cybersecurity Alliance, which aims to advance cybersecurity readiness and awareness in manufacturing and critical infrastructure facilities and processes. Application across a wide range of sectors is also being encouraged by the IEC with the recent demarcation of 62443 being a “horizontal standard”.
Encouraging the use of IEC 62443
Anchoram recommends the use of 62443 for mission-critical IACS by taking a risk-based approach. This fundamentally aligns with the core operating goals of most organisations and informs robust design to ensure the protection and resilience of core system components.
View the specific ISA99 working group updates.
For more information, feel free to reach out to us for a no-obligation chat about your Industrial Automation and Control System cyber security challenges.
This article introduces the upcoming changes to the ISA/IEC 62443 standards, which were developed by the ISA99 committee and adopted by the International Electrotechnical Commission (IEC).
Share This Article:
Categories
Subscribe
Subscribe to our newsletter and get the latest news and information from Anchoram.