This is an exciting − and highly significant − time for the Automation Federation and its founding organization, ISA, in helping America take steps to combat the mounting threats of cyberattack.
The development of a national cybersecurity framework for the U.S. is well underway. Last month, a draft outline of the framework was released to the public, and an initial version of the framework is due to be unveiled this October.
The Automation Federation and ISA are taking active advisory roles in the development of the framework. At the request of the National Institute of Standards and Technology (NIST), selected representatives of the Automation Federation and ISA have participated in a series of NIST workshops charged with laying the groundwork for the government’s cybersecurity initiative. To date, three of four scheduled workshops have been held. The final one is to be conducted 11-13 September in Dallas, Tex.
Well before the president in February of this year called for a federal proposal on cybersecurity, the Automation Federation and ISA had been consulting with White House national security staff, U.S. federal agency officials, and members of Congress on the critical need to establish national cybersecurity standards, guidelines and compliance testing.
Since standards are widely viewed as essential to any effective cybersecurity initiative, the Automation Federation and ISA are strongly advocating the inclusion of the ANSI/ISA99, Industrial Automation and Control Systems Security standards − developed by a cross-section of international cybersecurity subject-matter experts from industry, government and academia. Because they apply to all key industry sectors and critical infrastructure, these standards represent a comprehensive approach to cybersecurity.
Putting widespread cybersecurity standards in place is vital since many of America’s industrial production settings and infrastructure environments are woefully under-prepared to address cyberwarfare. If industrial control systems and critical infrastructure − such as a power plant, water treatment facility or transportation grid − are attacked, the result could be significant equipment impairment, production loss, regulatory violations, environmental damage, and public endangerment.
Senior U.S. officials have expressed their concerns in recent months about the threat of a potentially destructive cyberattack. Last summer, more than 30,000 computers at the state-owned oil company Saudi Aramco were destroyed when a virus wiped data from the hard drives. The same virus also damaged computer systems at Ras Gas, an energy company in Qatar.
The development of a national cybersecurity framework is a significant first step in addressing America’s cyber risks, and helping owners and operators of critical infrastructure identify, assess, and manage cyber threats.
As ISA president, I’m proud and honored to be associated with two organizations that are working so diligently to help safeguard our nation and citizenry. Please join me in recognizing the contributions of the many Automation Federation and ISA members and staff involved in this effort as we look forward to the completed draft of the cybersecurity framework this fall.