As more than 150 delegates prepare to gather in Aberdeen next week for the Operational Technology (OT) Cybersecurity Summit, Steve Mustard, the Conference Committee Chairman for the International Society for Automation (ISA) looks at the importance of protecting business from the impact of cyberattack.

Steve Mustard, the Conference Committee Chairman for the International Society for Automation (ISA)

The ISA/IEC 62443 standards series is one of the most widely used in Europe for cybersecurity and provides a powerful tool to reduce the risk of financial, reputational, human, and environmental impact from cyber-attacks on Industrial Automation and Control Systems (IACS). 

An IACS Cybersecurity Program defines the company’s IACS security policies, practices, and procedures associated with the operation and design of the company’s industrial facilities. The ISA/IEC 62443 standard provides concepts, practices, and requirements that may be included in a corporate IACS cybersecurity program which will always start with a Corporate IACS Cybersecurity program.

This should be undertaken as one or more projects, with stated schedules, scopes, and budgets; and must include training and management of change to address human and organizational aspects. At present, the 62443 standard identifies over 550 separate requirements that may be necessary for a company’s facilities so a key objective of the IACS Cybersecurity Program is to establish approved requirements that may then be incorporated in project or facility standards and procedures. 

The so-called “horizontal standard” addresses a wide range of industries and companies of varying size, and a business may find that while most of the standard applies to their IACS, parts of it may not. For example, some “normative requirements” that are appropriate for a pipeline, may not be relevant to a chemical plant or manufacturing facility and what a small company needs might be different to a large-scale organisation.

It is therefore recommended that each company establishes their own IACS Cybersecurity Program to manage these cybersecurity risks and our conference in Aberdeen will provide the correct environment and stimulus by discussing its relevance to the local market.

Central to this will be presentations by our distinguished keynote speakers, Cheri Caddy, Deputy Director at the US Office of the National Cyber Director and Megan Samford, VP, Chief Product Security Officer – Energy Management, Schneider Electric. We will also use the occasion to launch our first automation podcast, Podomation, to extend the discourse to the many delegates who will join us virtually, and keep the conversation live after the event closes.

To find out more or to book a place, click here.