During an Industrial Control Systems Joint Working Group meeting representatives from the Department of Defense (DOD), International Society of Automation (ISA), and the National Electrical Manufacturers Association (NEMA) outlined a program to address the growing risk of unprotected and under-protected building control systems in the U.S. and abroad.
Building owners, users, and manufacturers of control systems continuously work to find practical ways to create safe and more secure environments. Combining the expertise from ISA, NEMA, and DOD advisors, the working group has spent several months developing a proposed program in preparation for a roll-out to a wider audience of industry peers.
“While cyber risks are well documented, implementing solutions that address different risk levels within a single building is no simple task,” says NEMA Industrial Products and Systems Industry Director Kirk Anderson. “Coming up with a path forward required the efforts from multiple groups including manufacturers, installers, and end-users; however, we weren’t sure if this would appeal to the entire supply-chain. When the program received near-unanimous support, we knew we were on the right track.”
“The International Society of Automation has an internationally recognized certification program for automation and control systems that started in 2007. Under the ISASecure brand, the scope of the ISA/IEC 62443 Standards-based certification includes building management technology. The proposed facility certification would be a natural extension of the ISASecure program,” states ISA Managing Director Andre Ristaino.
The national program will incentivize the use of existing standards for cybersecurity in building control systems. It will create easy-to-understand tiers for end-users to apply industry-accepted standards to products, processes, and technology to allow end-users to market cyber protections and consumers to understand the level of security present. The program would also help building owners protect building automation systems, and provide a means for insurers and other stakeholders to offer incentives for buildings to incorporate more secure systems and processes. The working group plans to open the frame document to additional stakeholders’ input, with a potential launch date later this year.