Last year, the US Department of Homeland Security reported nearly 200 attacks on the nation’s critical infrastructure – a 52% increase from 2011.
At the request of the administration, representatives from the Automation Federation – an umbrella group representing 15 organisations involved in automation activities – held meetings recently with White House National Security Staff and other key stakeholders.
In his State of the Union address earlier this week, President Obama emphasised the significance of cyber-security standards to protect “our national security, our jobs, and our privacy.” He has issued an executive order that calls for the establishment of a “Cyber-security Framework” including “standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber-risks,” and will “help owners and operators of critical infrastructure identify, assess, and manage cyber-risk.”
The Automation Federation is backing the adoption of American National Standards developed by the ISA99 committee of the International Society of Automation. The ISA99 standards deal with the security of industrial automation and control systems and apply to all key industries and critical infrastructures.
The standards, developed by an international panel of cyber-security experts drawn from industry, government and academia, are also being adopted by the International Electrotechnical Commission as IEC 62443.
The ISA Security Compliance Institute (ISCI), an ISA affiliate, has also developed a compliance and testing programme to ensure that industrial automation and control devices and equipment conform to agreed cyber-security standards. The Automation Federation is promoting ISCI’s work as part of the implementation of President Obama’s executive order.
According to Michael Daniel, special assistant to the President and the White House’s cyber-security co-ordinator, standards development is one of the three pillars of the President’s executive order – the other two being information sharing and privacy.