ISA Security Report Submitted

Sept. 5, 2007
Security Technologies for Industrial Automation and Control Systems Technical Report Submitted to ANSI

Research Triangle Park, N.C.—ISA-TR99.00.01, Security Technologies for Industrial Automation and Control Systems, has been submitted to ANSI for approval as an ANSI Technical Report.

The need for protecting industrial automation and control system (IACS) computer environments from malicious cyber intrusions has grown significantly over the past decade. The combination of the increased use of open systems, platforms, and protocols in the IACS environment, along with an increase in joint ventures, alliance partners, and outsourcing, has led to increased threats and a higher probability of cyber attacks, according to ISA. As these threats and vulnerabilities increase, the risk of a cyber attack on an industrial communication network correspondingly increases, as well as the need for the protection of computer and networked based information sharing and analysis centers.

Additionally, the growth in intelligent equipment and embedded systems, increased connectivity to computer and networked equipment and software, and enhanced external connectivity coupled with rapidly increasing incidents of network intrusion, more intelligent hackers, and malicious yet easily accessible software, all add to the risk, according to the report.

There are numerous electronic security technologies and cyber intrusion countermeasures potentially available to the IACS environment. The Security Technologies for Industrial Automation and Control Systems Technical Report introduces several categories of cyber security technologies and countermeasure techniques and discusses specific types of applications within each category, the vulnerabilities addressed by each type, suggestions for their deployment, and their known strengths and weaknesses. Additionally, guidance is provided for using the various categories of security technologies and countermeasure techniques for mitigation of the above-mentioned increased risks.

The document does not make recommendations of one cyber security technology or mitigation method over others, but provides recommendations and guidance for using the technologies and methods, as well as information to consider when developing a site or corporate cyber security policy, program and procedures for the IACS environment.