The International Society of Automation (ISA) announced the first founding members of its Global Cybersecurity Alliance (GCA): Schneider Electric, Rockwell Automation, Honeywell, Johnson Controls, Claroty, and Nozomi Networks.
In a briefing this morning, the ISA brought attention to the fact that, with vulnerabilities constantly expanding, it is time for the industry to work together. The organization cited how in 2018, 415 vulnerabilities were detected in ICS computers with 342 of them being able to be accessed remotely without any expertise.
"Unfortunately, the landscape continues to get more and more complex," said Eric Cosman, volunteer president-elect, ISA99 co-chair. "ISA is a stands development organization. It's the bedrock of what we do. We also recognize that now that we've gotten these standards "feature complete," we have to shift our attention to a broader focus. Not just defining standards but helping people understand how they can actually use those standards." According to the ISA, this is where it has extended beyond the traditional role of standards committee and why it decided to form the GCA.
ISA created the Global Cybersecurity Alliance to advance cybersecurity readiness and awareness in manufacturing and critical infrastructure facilities and processes. GCA brings end-user companies, automation and control systems providers, IT infrastructure providers, services providers and system integrators and other cybersecurity stakeholder organizations together to proactively address growing threats.
Leveraging the ISA/IEC 62443 standards, the GCA will work to increase awareness and expertise, openly share knowledge and information, and develop best practice tools to help companies navigate the entire lifecycle of cybersecurity protection. The Alliance will work closely with government agencies, regulatory bodies, and stakeholder organizations around the world.
"Accelerating and expanding globally relevant standards, certification, and education programs will increase workforce competence, and help end users identify gaps, reduce risks, and ensure they have the tools and systems they need to protect their facilities and installations," said Mary Ramsey, ISA executive director. "Through the proliferation of standards and compliance programs, we will strengthen our global cyber culture and transform the way industry identifies and manages cybersecurity threats and vulnerabilities to their operations."
"Participating in the Alliance truly shows the commitment our founding members have to the safety and security of the industrial ecosystem, as well as the criticality of collectively moving forward together to ensure the standards, best practices and methods are applied," said Ramsey.
ISA engaged with discussions, initiated by Schneider Electric, to create an ISA-led global, open and industry-wide alliance comprised of all cybersecurity stakeholder companies. ISA quickly expanded those conversations to include Rockwell Automation, Honeywell, Johnson Controls, Claroty, and Nozomi Networks. These first Founding Members have since worked together to help us define the Alliance's objectives. We are thankful for their collaboration and commitment. Together we welcome companies and organizations from all segments of industry to join our efforts."
The alliance is seeking additional members to support its initiatives. End-user companies, asset owners, automation and control systems providers, IT infrastructure providers, services providers and system integrators and other cybersecurity stakeholder organizations are invited to join.
"A threat for one of us is a threat for all of us," said Andy King, Schneider Electric senior director, system architecture and cybersecurity during the briefing Q&A.
"Over the last few years, global industry has recognized that taking on increasingly dangerous cyber risks can't be limited to a single company, segment, or region," said Klaus Jaeckle, chief product security officer, Schneider Electric. "However, until now, there has been limited ability to respond as a unified whole to these worldwide threats. But by establishing an open, collaborative, and transparent body, with a focus on strengthening people, processes, and technology, we can drive true cultural change."