Safety in the Plant
The advent of Stuxnet has prompted standards bodies around the world to develop much tougher certification programmes.
Mit Stuxnet wurden Standardisierungsinstitute weltweit auf den Plan gerufen, erheblich striktere Zertifizierungsprogramme zu entwickeln.
L’arrivée de Stuxnet a engagé les organismes de normalisation dans le monde entier à développer des programmes de certification beaucoup plus stricts.
New automation standards tackle cybersecurity threats
T
Fig. 1. Stuxnet targeted Siemens technology: the next challenge could be much broader.
he emergence of the Stuxnet worm last summer has forced process companies to redouble their cybersecurity efforts. It has also provoked a lot of activity from various standards authorities.
On 3 March, for example, the International
Society of Automation (ISA) announced that the ISA99 standards committee on Industrial Automation and Control Systems Security has formed a task group tasked to ‘conduct a gap analysis of the current ANSI/ISA99 standards with respect to the rapidly evolving threat landscape’. This primarily means Stuxnet, which was
targeted mainly at Siemens programmable logic controllers (Fig. 1). The purpose of the analysis to determine if companies following the ISA99 standards would have been protected from such sophisticated attacks and to identify changes needed, if any, to the standards being developed by the ISA99 committee. The new task group intends to produce a technical report summarising the results of its analysis by mid-2011.
According to the ISA, Stuxnet is the first known
malware to have been specifically written with the intent to compromise a control system and sabotage an industrial process. “Stuxnet’s capabilities are being well documented in the press, and some of these capabilities may migrate into new threats. Going forward, automation systems must be able to detect and either block or be able to recover from advanced Stuxnet-like threats,” says the organisation. The ANSI/ISA99 standards address the vital
issue of cybersecurity for industrial automation and control systems. The standards describe the basic concepts and models related to cybersecurity, as well as the elements contained in a cybersecurity management system for use in the industrial automation and control systems environment. They also provide guidance on how to meet the requirements described for each element. The standards form the base documents for
the IEC 62443 series of industrial automation (sometimes generically labelled supervisory control
www.engineerlive.com 31
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52