ISA 62443-3-2 For Risk Strategies
The International Society of Automation (ISA) and the ISA Global Cybersecurity Alliance (ISAGCA),with contributing author Harold Thomas, have released a white paper entitled "Leveraging ISA 62443-3-2 For IACS Risk Assessment and Risk Related Strategies."
The white paper provides the reader with an overview of ISA62443-3-2, “Security Risk Assessment for Design,” as well as a summary of some of the methodologies that can be used to assist the execution of the industrial automation control system (IACS) cybersecurity risk assessment work process requirements, detailed in the standard.
The major steps include:
· Identification of the System under Consideration (SuC)
· Perform an Initial Cyber Risk Assessment
· Partition the SuC into Zones and Conduits
· Perform a Detailed Level Cyber Risk Assessment
· Document Updated Cyber Security Requirements for Detailed Design
“ISAGCA’s mission is to enable and accelerate adoption of cybersecurity practices for all stakeholder groups based on the ISA/IEC 62443family of automation cybersecurity standards,” commented Andre Ristaino, ISAGCA Managing Director. “Our member companies are working in collaboration with one another, industry partners, and regulatory/legislative bodies to secure automation that affects our everyday lives.”
The white paper is available to download here.
In addition to the white paper, ISAGCA and Harold Thomas have previously released a May 6th webinar on the subject, as well as a blog entitled “Getting Started With Cybersecurity Risk Assessment: When It’s Not About Information Technology” published on May 11th.
The ISA Global Cybersecurity Alliance is made up of 50 member companies, representing more than $300 billion in aggregate revenue across more than 2,400 combined worldwide locations. Automation andcybersecurity provider members serve 31 different industries, underscoring the broad applicability of the ISA/IEC 62443 series of standards. Current members of ISAGCA include 1898 & Co. (Burns McDonnell), ACET Solutions, aeSolutions, Baserock IT Solutions, Bayshore, Carrier Global, Claroty, ConsoleWorks, Coontec, CyberOwl, CyPhy Defense, Deloitte, Digital Immunity, Dragos, Eaton, exida, Ford Motor Company, Fortinet, Honeywell, Idaho National Laboratory, Idaho State University, ISA Secure, Johns Manville, Johnson Controls, KPMG, LOGIIC, Mission Secure, MT4 senhasegura, Munio Security, NovaSystems, Nozomi Networks, PAS, PETRONAS, Pfizer, Radiflow, Rockwell Automation, Schneider Electric, Surge Engineering, TDI Technologies, Tenable, TI Safe, Tripwire, UL, Wallix, WINICSSEC, WisePlant, Xage Security, and Xylem. For more information about ISAGCA, visit www.isa.org/isagca.