ISA White Paper on IIoT Systems Addresses Unique Cybersecurity Needs of Cloud and Edge-Cloud Services
The International Society of Automation (ISA) – the leading professional society for automation – announced today that its ISASecure® cybersecurity certification program and the ISA Global Cybersecurity Alliance (ISAGCA) have released a new paper on industrial internet of things (IIoT) systems.
“IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards” explores how the world’s leading consensus standards for the security of industrial automation and control systems (IACS) can be applied to cloud-based functionality.
ISASecure and ISAGCA will host an informative webinar on 17 July at 11 a.m. Eastern time for interested parties to learn more about the paper. Registration is free and available here.
The main conclusions of this 73-page paper include:
- The concepts in ISA/IEC 62443 standards can be applied to IACS that use cloud-based functionality. Concepts such as risk assessment, zone and conduit partitioning and the system/component model can all be applied to an IIoT IACS.
- The scope of ISA/IEC 62443 should extend to the cloud environment when the cloud-based functionality has the capability to directly or indirectly change the physical state of the equipment under control.
- Implementation of essential functions in the cloud does not meet ISA/IEC 62443 requirements.
- A new category of cloud service called operational technology as a service (OTaaS) would provide transparency when cloud-based functionality has the capability to directly or indirectly change the physical state of the equipment under control.
- The cloud provider is a new role not currently defined in the ISA/IEC 62443 series. The cloud provider role includes aspects of product supplier, service provider and asset owner (operator) roles.
- Conformity assessment schemes could be developed for IIoT systems, components and IACS based on ISA/IEC 62443 standards, provided these standards are updated for the IIoT use case.
“The ISA/IEC 62443 series is the leading set of international standards for the operational technology (OT) cybersecurity landscape,” said Andre Ristaino, managing director, ISA conformity assessment programs. “As industrial environments move increasingly to cloud and edge-cloud systems and functions, it is important to validate that the standards support this type of implementation. We are pleased that the paper finds the standards to be applicable, and identifies several ways to continue to improve OT cybersecurity through the definition of new roles, services and conformance measures.”
“IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards” is available for download on the ISASecure and ISAGCA websites.