Automation & Control
cybersecurity. It also offers a methodology to protect privacy and civil liberties to help organisations incorporate those protections into a comprehensive cybersecurity programme. While today’s framework is the culmination of a
year-long effort that brought together thousands of individuals and organisations from industry, academia and government, it is expected to be a first step in a continuous process to improve overall cybersecurity. The three main elements described in the document
are the framework core, tiers and profiles. The core presents five functions – identify, protect, detect, respond and recover – that taken together allow any organisation to understand and shape its cybersecurity programme. The tiers describe the degree to which an organisation’s cybersecurity risk management meets goals set out in the framework and “range from informal, reactive responses to agile and risk-informed”. The profiles help organisations progress from a current level of cybersecurity sophistication to a target improved state that meets business needs. “The development of this framework has jumpstarted a vital conversation between critical infrastructure sectors and their stakeholders,” said Gallagher. “They can now work to understand the cybersecurity issues they have in common and how those issues can be addressed in a cost-effective way without reinventing the wheel.” One of the first organisations to endorse the new
framework is Rockwell Automation. Over the past year, the company participated in its development process and associated workshops. The company collaborated with other private-sector participants and industry groups, NIST, and government to enhance the Framework’s attention to industrial control system security. Company
executives also presented at NIST’s workshops and panels. “Rockwell Automation is honoured to have actively
contributed to the development of the Cybersecurity Framework that will help address cyber risks to critical infrastructure and manufacturing processes alike,” said Keith Nosbusch, chairman and ceo of Rockwell Automation. “This guideline provides a flexible structure that can help organisations improve information security protection programs to manage risks to industrial control and information systems.” The importance of having such a framework is
illustrated by Schneider which issued four security updates concerning different vulnerabilities in January alone. The company describes its integrated cybersecurity solutions for critical infrastructures as best-in-class, allowing users to centralise security, provide robust change management and automate reporting that supports regulatory compliance (Fig. 1). In another development, the US Food and Drug
Agency (FDA) has incorporated ISA’s ISA/IEC 62443 series of industrial automation and control systems (IACS) security standards onto its recognised consensus standards list. Owners of manufacturing plants and operators of
critical infrastructure know that the IACS components and systems they purchase with the ISASecure designation are resilient against network attacks and are free from known security vulnerabilities. Developed through the work of the ISA Committee
on Security for Industrial Automation & Control Systems (ISA99), the ISA/IEC 62443 standards are designed to prevent and mitigate potentially devastating cyber damage to the industrial plant systems and networks commonly used in transportation grids, power plants, water treatment facilities, and other vital industrial settings. n
Boot camps for process measurement and control
R
eflecting growing demand for more general, fundamental instruction in process automation, the International
Society of Automation (ISA) has developed a new course for non-maintenance personnel with little or no background in the field of process measurement and control. ISA Process Automation Boot Camp for Non- Maintenance Personnel (PABC) is specifically designed for: operations personnel with no instrument maintenance responsibilities, but who require a general knowledge of process automation equipment; automation engineers who need a basic understanding of process automation equipment, signal transmissions
and process measurements; process control engineers who need to understand the operation of all equipment associated with the process control loop; process control equipment sales staff needing to learn process measurement and control and the various applications of process instrumentation; and managers responsible for overseeing operations or maintenance personnel who need a general overview of the technology maintained by their staff.
While more general in focus, ISA says this new course delivers highly intensive instruction – combining select laboratory demonstrations (approximately 25 per cent of course time) with expert-led, in-depth lecture and classroom
discussion – over a full week. Considerable emphasis is placed on the physical measurement technologies, the communication signals, and the various applications of instrument equipment to achieve common process measurements and control.
Primary course objectives include providing an overview of industrial measurement, automation equipment, and equipment installation to non-maintenance personnel so that they gain a basic knowledge of instrumentation, including terminology and operation; and outlining recommended installation practices for the most common process measurement and control equipment. n
www.engineerlive.com 47
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52