ISA/IEC 62443 Standards
The International Society of Automation (ISA) has worked on defining security standards for several years and the result will be ISA99: Security for Industrial Automation and Control Systems, the first parts of which have been approved by the American National Standards Institute (ANSI).
The committee published its first standard, ANSI/ISA-99.00.01-2007 (now ANSI/ISA-99.01.01), Security for Industrial Automation and Control Systems: Concepts, Terminology and Models, in late 2007. This standard serves as the foundation for all subsequent standards in the ISA99 series.
Also in late 2007, ISA99 published an updated version of its technical report, ANSI/ISA-TR99.00.01-2007, Security Technologies for Manufacturing and Control Systems (now ANSI/ISA-TR99.03.01). This technical report provides an assessment of cyber security tools, mitigation countermeasures, and technologies that may be applied to industrial automation and control systems regulating and monitoring numerous industries and critical infrastructures.
In early 2009 the committee published ANSI/ISA-99.02.01-2009, Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program. This standard was approved by ANSI on 13 January 2009.
In 2010, the standards were renumbered to be the ANSI/ISA-62443 series. This change was intended to align the ISA and ANSI document numbering with the corresponding International Electrotechnical Commission (IEC) standards. (Wikipedia)
The committee has a number of active working groups, each addressing a specific aspect of IACS security. Areas being addressed include patch management, wireless systems security, the convergence of safety and security and technical requirements at the system and component levels. Several additional standards and technical reports are under development or planned.
Also underway is work to develop a Part 4 standard, Technical Requirements for Industrial Automation and Control Systems.
How Tofino helps you comply with ISA/IEC 62443
Tofino Security Appliances (SAs) act as Conduits to separate your control system into Zones. They have a zero configuration field deployment model and they are completely transparent to the control network on set-up. Once in place, Tofino SAs are easily configured to control communication and traffic between Zones.
For example, Tofino SAs can restrict Modbus communications to a list of ‘allowed’ commands defined by your control engineers. Any command that is not on the ‘allowed’ list, or any attempt to access a register or coil that is outside the allowed range, will be blocked and reported.
For more information on ISA/IEC 62443 compliance and the Tofino™ Industrial Security Solution:
- Download the White Paper:
- Learn about the Tofino solution:
- Tofino Industrial Security Solution Overview
- Tofino Security Appliance
- Tofino Loadable Security Modules
- Tofino Central Management Platform
Learn more about ISA/IEC 62443
- "Revealing network threats, fears" - Article
- How to use ANSI/ISA-99 standards to improve control system security
- Eric Byres; "Revealing network threats, fears", InTech Magazine, pg. 26, January/February 2011
- ISA99 - Industrial Automation and Control System Security
- ISA99 Committee Home page