By Gregory Hale
Founding members were named this week for the new Global Cybersecurity Alliance (GCA), an organization formed to advance cybersecurity readiness and awareness in manufacturing and critical infrastructure facilities and processes.
The founding members are Schneider Electric, Rockwell Automation, Honeywell, Johnson Controls, Claroty, and Nozomi Networks, said officials at ISA, the International Society of Automation, which is running the organization.
“We have been dealing with legacy systems and multivendor environments for decades, but some other trends and developments are intruding on our space which are making things a bit more complicated, which complicated the security of those systems,” said Eric Cosman, 2020 volunteer president at ISA and co-chair of ISA99 cybersecurity standard.
“We have seen coverage of Industrial Internet of Things and IT-OT convergence,” Cosman said. “This complexity and intrusion of these trends has contributed to the skill gap addressing cybersecurity. All of this comes together making this area more complex. It is much more than developing standards and hoping people address them. We have to shift our attention to a broader focus, not just defining standards, but helping people understand how they can use the standards.”
The goal of the GCA is to proliferate cybersecurity readiness and awareness in manufacturing and critical infrastructure facilities and processes. While the GCA’s members are all suppliers right now, the goal is to bring end-user companies, automation and control systems providers, IT infrastructure providers, services providers, and system integrators and other cybersecurity stakeholder organizations together to proactively address growing threats.
“The problems we are trying to attack are not single supplier problems, they are not single asset owner problems, these are all shared responsibilities,” Andre Ristaino, managing director of the GCA. “Our focus is marketplace enablement. We are practical and tactical.”
“We want to move this whole topic area of cybersecurity from witchcraft art to an engineering discipline, similar to safety,” Ristaino said. “Thirty to 40 years ago folks looks at safety and it looks squishy and ambiguous that is kind of how cybersecurity is looked at today. In the future if you fast forward things that looked like art will be engineering disciplines.
At the outset of the alliance, the members identified five overarching objectives: One is to accelerate and expand the adoption of the existing standard, share threat intelligence and experience across the entire industry, optimize compliance and prevention, develop a skilled cyber-aware workforce, and increase awareness and engagement.
“Leading up to this announcement, we have developed the high level objectives and as we get this kicked off, we will share more details around these objectives,” said Rick Zabel, managing director of Automation.com.
ISA is the developer of the ANSI/ISA 62443 series of automation and control systems cybersecurity standards, which have been adopted by the International Electrotechnical Commission as IEC 62443. The standards define requirements and procedures for implementing electronically secure automation and industrial control systems and security practices and assessing electronic security performance. The standards approach the cybersecurity challenge in a holistic way, bridging the gap between operations and information technology.
Leveraging the ISA/IEC 62443 standards, the Global Cybersecurity Alliance will work to increase awareness and expertise, openly share knowledge and information, and develop best practice tools to help companies navigate the entire lifecycle of cybersecurity protection.
As Cosman said, the industry needs to use the standards to address safety and security of facilities. “An insecure facility is an unsafe facility.”