Supporting Cyber Security Testing Standards

As Control magazine editor-in-chief, Walt Boyes, mentioned in his Another one joins the club… blog post, Emerson has joined the companies who are sponsoring the security consortium feasibility study to be performed by Wurldtech Analytics.
I spoke with Bob Huba whom you may recall from an earlier post on cyber security and the DeltaV system.
Bob participated in the initial meeting to kick-off this consortium which was held prior to the Process Control Security Forum meeting last week in San Diego. He’s excited about the formation of this group because he believes that one of the things that will help automation system cyber security is the ability to certify when the automation system components or even when the system itself meets a minimum level of security or protection. Without some kind of certifying capability, it’s difficult for the end users who manage the system day-to-day and system suppliers to fully assess how secure their systems might be.
Automation system security currently has no organization like the TÜV and other certifying agencies where these suppliers can go to get a device certified for different security levels. Cyber-security testing needs some sort of agency to provide the framework for device and system testing and to help manage the information around best practices (or at least generally accepted practices) for creating and maintaining a well protected system.
Bob is really glad to see that this initiative is being driven by the user community and not just the suppliers or some testing organizations because it shows they understand and support the need for a certifying body. The system suppliers really appreciate being included in the discussion right from the beginning to capture the wealth of expertise and perspectives everyone brings.
The landscape around system security or the environment around system security is maturing rapidly and it is important that process manufacturers and suppliers work together and work quickly to address issues around cyber security. This group has set an ambitious time frame for kicking off this consortium and becoming fully functional.
Also, the scada security blog (to subscribe) has a nice wrap up of the Process Control Security Forum.

Posted Wednesday, June 14th, 2006 under Cyber-Security.

3 comments

  1. Cyber Security Best Practices through Segmentation and Rapid Disconnect

    My RSS search on cyber security found an interesting post the other day by IBM’s Todd Watson entitled How To Keep the Internet Sky From Falling. It’s especially interesting to me because I’ve had the chance to meet Todd who…

  2. kindly can you let me know where i can find the list of Security Testing Standards

  3. Hi Seshu, Thank you for your comment! I’d suggest beginning with the ISA99 Industrial Automation and Control Security standard page. This provides a good overview of their scope and purpose and links to other initiatives.
    Also, Wurldtech’s blog is another great source of specific testing initiatives.

Leave a Reply