As security threats evolve and adapt, so too must organizations’ responses to them. The development and application of cybersecurity standards in support of current and new generation industrial automation and control systems (IACS) are of fundamental importance. This presentation will provide practical and useful information on how cybersecurity standards are progressing and how they are applied. The initial focus will be on current activities in the development of the IEC 62443 IACS cybersecurity standards, and implications to the various stakeholders. An illustration will describe how to use the standards to frame the development of secure-by-design products and services, both current and future. Thereafter, the focus will shift to how IEC 62443 standards are used by other industry standards and securing IIoT and associated cloud systems. This is of particular importance in the context of the Open Process Automation Standard (O-PAS).
Introduction to Industrial Cybersecurity for Water and Waste Water OperatorsSean R. Bouchard, P.Eng
Introduction to Industrial Cybersecurity concepts based around ISA/IEC 62443 and a look at what the Defense in Depth strategy looks like in Critical Infrastructure for Water and Waste Water Operators. Originally presented at EOCP 2020 Virtual Conference in BC, Canada.
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
• Why An Industrial Cybersecurity Standard
• What Is IEC 62443 About
• How It Impacts On You - The Security Lifecycle
• IEC 62443 Certificates
• Reference: Some Ongoing Projects
• Summary
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3Jim Gilsinn
With the recent publication of ANSI/ISA-62443-3-3-2013, it is possible for end-users, system integrators, and vendors to qualify the capabilities of their systems from an ICS cyber security perspective. This process is not as simple as it may seem, though. In many cases, the capabilities of individual components of a system can be determined from specifications and manuals. The capabilities of the system also needs to be evaluated as a whole to determine how those individual components work together. Component-level and System-level certifications are common practice in the safety environment, and will eventually become common in the ICS cyber security environment as well. Certification bodies, like the ISA Security Compliance Institute (ISCI), have begun the process to develop certification efforts around ISA-62443-3-3. Until many more groups of components and systems have been officially certified, third-party assessments and evaluations will be common. This presentation will discuss an example of how Kenexis Consulting has evaluated a particular vendor’s components and systems to determine compliance with ISA-62443-3-3. The presentation will go through the evaluation methodology used and describe how Kenexis used the evaluation to develop a series of real-world use-cases of the components and system in the ICS environment.
Presented: September 21, 2017
At: CS2AI, Washington, DC
A decade ago, ISA99 published the first standard in what is now the ISA/IEC 62443 series. Since then, the series has coalesced into the current form consisting of 13 individual documents in various stages of completion, publication, and/or revision. Printing out all of the existing standards and drafts can easily use up more than a ream of paper. It can be a daunting task to try to apply it to an organization. So, what are you supposed to do? How are you supposed to proceed? In this talk, I’ll go over some of the lessons I’ve learned from helping customers develop and evaluate security programs within their organization.
Secure Systems Security and ISA99- IEC62443Yokogawa1
With the new Industrial Network standards like ISA-IEC62443 companies are evolving their IT and OT networks to face evolving threats. This presentation will cover industrial networking best practices, secure architectures and segregation techniques that can be used by all businesses to prevent a minor business network breach from becoming an industrial catastrophe.
Topics Covered in this Seminar Include:
Overview Of Cyber Threat
Introduction - ISA IEC Industrial Control Security Standards
An Example - Advanced Persistent Threat (APT)
ISA/IEC 62443-3-2 Network Separation - An APT countermeasure
The next step in APT defenses System Certification to ISA/IEC 62443 Cybersecurity Standards
ISA/IEC 62443 Cybersecurity Standards Current Efforts
The Future of ISA/IEC 62443 Cybersecurity Standards
Integrating the Alphabet Soup of StandardsJim Gilsinn
Presented @ 2014 ICS Cyber Security Conference
October 21, 2014
It’s been over a year since the NIST Cybersecurity Framework and ISA-62443-3-3 were published, ISA-62443-2-1 has been out for almost 5 years, and ISO/IEC 27001 & 27002 have been out for nearly a decade. NIST has already started their process for revisions, ISA is actively working to overhaul 62443-2-1, and ISO/IEC just published a major revision to their standard. In addition to these cross-domain standards, there are a multitude of local and sector-specific standards as well. As a consultant, we are often asked to use one of these as a baseline to help our customers generate an ICS cyber security program. This presentation will discuss some of the strengths and weaknesses of these different standards and the effort to integrate them into a realistic set of ICS cyber security program requirements.
Presented at ISACA's EuroCACS 2015 (Copenhaguen).
Understand the impact of Industrial Control Systems (ICS) on the security ecosystem.
Expand the knowledge on SCADA systems and how cyberattacks can have physical consequences, bridging the cyber and physical worlds.
Introduction to Industrial Cybersecurity for Water and Waste Water OperatorsSean R. Bouchard, P.Eng
Introduction to Industrial Cybersecurity concepts based around ISA/IEC 62443 and a look at what the Defense in Depth strategy looks like in Critical Infrastructure for Water and Waste Water Operators. Originally presented at EOCP 2020 Virtual Conference in BC, Canada.
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
• Why An Industrial Cybersecurity Standard
• What Is IEC 62443 About
• How It Impacts On You - The Security Lifecycle
• IEC 62443 Certificates
• Reference: Some Ongoing Projects
• Summary
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3Jim Gilsinn
With the recent publication of ANSI/ISA-62443-3-3-2013, it is possible for end-users, system integrators, and vendors to qualify the capabilities of their systems from an ICS cyber security perspective. This process is not as simple as it may seem, though. In many cases, the capabilities of individual components of a system can be determined from specifications and manuals. The capabilities of the system also needs to be evaluated as a whole to determine how those individual components work together. Component-level and System-level certifications are common practice in the safety environment, and will eventually become common in the ICS cyber security environment as well. Certification bodies, like the ISA Security Compliance Institute (ISCI), have begun the process to develop certification efforts around ISA-62443-3-3. Until many more groups of components and systems have been officially certified, third-party assessments and evaluations will be common. This presentation will discuss an example of how Kenexis Consulting has evaluated a particular vendor’s components and systems to determine compliance with ISA-62443-3-3. The presentation will go through the evaluation methodology used and describe how Kenexis used the evaluation to develop a series of real-world use-cases of the components and system in the ICS environment.
Presented: September 21, 2017
At: CS2AI, Washington, DC
A decade ago, ISA99 published the first standard in what is now the ISA/IEC 62443 series. Since then, the series has coalesced into the current form consisting of 13 individual documents in various stages of completion, publication, and/or revision. Printing out all of the existing standards and drafts can easily use up more than a ream of paper. It can be a daunting task to try to apply it to an organization. So, what are you supposed to do? How are you supposed to proceed? In this talk, I’ll go over some of the lessons I’ve learned from helping customers develop and evaluate security programs within their organization.
Secure Systems Security and ISA99- IEC62443Yokogawa1
With the new Industrial Network standards like ISA-IEC62443 companies are evolving their IT and OT networks to face evolving threats. This presentation will cover industrial networking best practices, secure architectures and segregation techniques that can be used by all businesses to prevent a minor business network breach from becoming an industrial catastrophe.
Topics Covered in this Seminar Include:
Overview Of Cyber Threat
Introduction - ISA IEC Industrial Control Security Standards
An Example - Advanced Persistent Threat (APT)
ISA/IEC 62443-3-2 Network Separation - An APT countermeasure
The next step in APT defenses System Certification to ISA/IEC 62443 Cybersecurity Standards
ISA/IEC 62443 Cybersecurity Standards Current Efforts
The Future of ISA/IEC 62443 Cybersecurity Standards
Integrating the Alphabet Soup of StandardsJim Gilsinn
Presented @ 2014 ICS Cyber Security Conference
October 21, 2014
It’s been over a year since the NIST Cybersecurity Framework and ISA-62443-3-3 were published, ISA-62443-2-1 has been out for almost 5 years, and ISO/IEC 27001 & 27002 have been out for nearly a decade. NIST has already started their process for revisions, ISA is actively working to overhaul 62443-2-1, and ISO/IEC just published a major revision to their standard. In addition to these cross-domain standards, there are a multitude of local and sector-specific standards as well. As a consultant, we are often asked to use one of these as a baseline to help our customers generate an ICS cyber security program. This presentation will discuss some of the strengths and weaknesses of these different standards and the effort to integrate them into a realistic set of ICS cyber security program requirements.
Presented at ISACA's EuroCACS 2015 (Copenhaguen).
Understand the impact of Industrial Control Systems (ICS) on the security ecosystem.
Expand the knowledge on SCADA systems and how cyberattacks can have physical consequences, bridging the cyber and physical worlds.
International Standards together with testing and certification (conformity assessment) in a systems approach are important tools for a successful cyber security strategy. However, they need to be incorporated into an overarching strategy that includes a comprehensive set of measures at the organization, process and technical levels, including ongoing training and overall risk management.
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
This talk is about how to get into ICS security, whether you’re a control system engineer or an IT security analyst. It will cover the basic paths you can take to get involved, including some helpful resources and standards to help get you started. The ICS Security industry needs more people to help protect Critical Infrastructure!
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
Presented @ Emerson Exchange
October 7, 2014
Industrial control systems (ICS) are large information technology (IT) systems. Office IT systems, failure of ICS can cause plant outages and even physical damage. Management of ICS needs to be different and smarter. IT vendors frequently recommend patches and configuration changes. Most have no impact to the ICS, which cannot implement changes in real time. ICS typically get one chance every few years to make changes - the turnaround. This paper describes optimization of ISC turnaround work, using cyber-vulnerability assessment to focus turnaround work to only what is necessary.
Practical Approaches to Securely Integrating Business and ProductionJim Gilsinn
Presented @ 2016 ISA Process Control & Safety Symposium, November 10, 2016
The exchange of key information between business operations, suppliers, customers, production, and ultimately the production equipment itself can provide significant financial and productivity advantages. This presentation will discuss some practical approaches to utilizing the cyber security principles from ISA/IEC 62443 in order to integrate the business and production environments. It will also present some of the different solutions for meeting a variety of scenarios, such as data historians, patching/updating, and remote maintenance.
This presentation explains the ANSI/ISA-99 and IEC 62443 standards for industrial control systems (ICS). It describes the Zone and Conduit security model and how it is used in an plant or factory. As well, the issues of security configuration errors are discussed. A case history of zone security deployment for a Safety Integrated System in a refinery is provided. For additional information see www.tofinosecurity.com.
Kevin Wheeler, Founder and Managing Director, InfoDefense
Securing Industrial Control Systems
Our nation’s critical infrastructure is controlled by SCADA and other industrial control technologies. Water utilities, petroleum refineries, oil pipelines, food processors, manufacturers and power companies all use SCADA systems to control and monitor operations. The vast majority of these industrial control systems have been in place for decades with few, if any, enhancements to effectively protect against today’s advanced threats. As a result, industrial control system vulnerabilities are currently a major concern.
Legacy SCADA systems can be secured using many of the same best practices that are used to protect the enterprise. This presentation provides an overview of SCADA threats as well as practical solutions for protecting industrial control systems.
Open Platform for ICS Cybersecurity Research and EducationEnergySec
The CybatiWorks open platform serves as an educational environment for cyber-physical systems. The living laboratory platform uses low cost I/O, embedded devices, virtual machines and authentic automation protocols for participant cybersecurity education. The platform incorporates the Raspberry PI, PiFace I/O, Elenco Snap-Circuits, Fischertechnik components and an ICS-ified Kali Linux called CybatiWorks-1 to allow participants to build, break and cybersecure small control environments. CYBATI has performed years of research to develop this platform and is making it available for early access, school sponsorship and integrated education via the Kickstarter project announced during the session.
What to Do When You Don’t Know What to Do: Control System Patching Problems a...EnergySec
FoxGuard Solutions has encountered and resolved a wide variety of problems in our monthly work of patching control systems for our OEM clients and hundreds of power utility sites. In this presentation, we will cover a list of problems you might encounter and some real-world strategies that we have helped our clients implement to deal with them.
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB
The webinar covers:
• Development and implementation of ICS Security Management System
• Using ISO 27001 as the ISMS fundamental platform
• NIST SP 800-82 usage as the audit platform against ICS object
Presenter: Pedro Putu Wirya, an IT and ICS Security Consultant with an extensive experience in ISMS.
Link of the recorded session published on YouTube: https://youtu.be/iuI2QYsUYZQ
Presentation on findings of the annual survey of ICS Security professionals. Includes participant demographics, greatest ICS security threats, and security initiatives.
The Industrial Internet is an internet of - things, machines, computers and people, enabling intelligent industrial operations using advanced data analytics for transformational business outcomes.
Industrial domain is expected to be largest consumer of IoT devices and systems in terms of value
In today’s connected world, cyber security is a topic that nobody can afford to ignore. In recent years the number and frequency of attacks on industrial devices and other critical infrastructure has risen dramatically. Recent news stories about hackers shutting down critical infrastructure have left many companies wondering if they are vulnerable to similar attacks. In this webinar we will discuss the most common security threats and unique challenges in securing industrial networks. We will introduce the current standards and share some useful resources and best practices for addressing industrial cyber security.
Key Takeaways:
1. Gain perspective regarding common security threats facing industrial networks.
2. Learn about the relevant standards governing industrial cyber security.
3. Increase understanding of some best practices for securing industrial networks.
This slideshow was presented February 2, 2016 and developed for the Iowa Infragard team and discusses the Importance of Security Cyber-Physical Control systems, Elements of a control system, the manufacturing supply chain and consequences of cyber attacks in industrial environments. Please feel free to reach out with questions or comments.
Connecting people wirelessly is vital for doing business and securing who sees which data is 1 of today's biggest challenges. Now, Aerohive Networks and Barracuda have joint forces to come up with a solution which combines both vendor's products and facilitates this challenge. Learn more about this topic in our technical solution brief whitepaper. Contact us for more info at sales@kappadata.be
Innovation! Share your wireless network between colleagues and visitors in a safe way.
Aerohive Networks and Barracuda technologies have joined forces and are now compatible to be used together.
Combining both technologies today, allows you to provide secure and fast wireless access to both internal and external visitors at your company and allows you to use a straightforward reporting platform with the Barracuda NG Firewalls to manage all users on your network.
International Standards together with testing and certification (conformity assessment) in a systems approach are important tools for a successful cyber security strategy. However, they need to be incorporated into an overarching strategy that includes a comprehensive set of measures at the organization, process and technical levels, including ongoing training and overall risk management.
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
This talk is about how to get into ICS security, whether you’re a control system engineer or an IT security analyst. It will cover the basic paths you can take to get involved, including some helpful resources and standards to help get you started. The ICS Security industry needs more people to help protect Critical Infrastructure!
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
Presented @ Emerson Exchange
October 7, 2014
Industrial control systems (ICS) are large information technology (IT) systems. Office IT systems, failure of ICS can cause plant outages and even physical damage. Management of ICS needs to be different and smarter. IT vendors frequently recommend patches and configuration changes. Most have no impact to the ICS, which cannot implement changes in real time. ICS typically get one chance every few years to make changes - the turnaround. This paper describes optimization of ISC turnaround work, using cyber-vulnerability assessment to focus turnaround work to only what is necessary.
Practical Approaches to Securely Integrating Business and ProductionJim Gilsinn
Presented @ 2016 ISA Process Control & Safety Symposium, November 10, 2016
The exchange of key information between business operations, suppliers, customers, production, and ultimately the production equipment itself can provide significant financial and productivity advantages. This presentation will discuss some practical approaches to utilizing the cyber security principles from ISA/IEC 62443 in order to integrate the business and production environments. It will also present some of the different solutions for meeting a variety of scenarios, such as data historians, patching/updating, and remote maintenance.
This presentation explains the ANSI/ISA-99 and IEC 62443 standards for industrial control systems (ICS). It describes the Zone and Conduit security model and how it is used in an plant or factory. As well, the issues of security configuration errors are discussed. A case history of zone security deployment for a Safety Integrated System in a refinery is provided. For additional information see www.tofinosecurity.com.
Kevin Wheeler, Founder and Managing Director, InfoDefense
Securing Industrial Control Systems
Our nation’s critical infrastructure is controlled by SCADA and other industrial control technologies. Water utilities, petroleum refineries, oil pipelines, food processors, manufacturers and power companies all use SCADA systems to control and monitor operations. The vast majority of these industrial control systems have been in place for decades with few, if any, enhancements to effectively protect against today’s advanced threats. As a result, industrial control system vulnerabilities are currently a major concern.
Legacy SCADA systems can be secured using many of the same best practices that are used to protect the enterprise. This presentation provides an overview of SCADA threats as well as practical solutions for protecting industrial control systems.
Open Platform for ICS Cybersecurity Research and EducationEnergySec
The CybatiWorks open platform serves as an educational environment for cyber-physical systems. The living laboratory platform uses low cost I/O, embedded devices, virtual machines and authentic automation protocols for participant cybersecurity education. The platform incorporates the Raspberry PI, PiFace I/O, Elenco Snap-Circuits, Fischertechnik components and an ICS-ified Kali Linux called CybatiWorks-1 to allow participants to build, break and cybersecure small control environments. CYBATI has performed years of research to develop this platform and is making it available for early access, school sponsorship and integrated education via the Kickstarter project announced during the session.
What to Do When You Don’t Know What to Do: Control System Patching Problems a...EnergySec
FoxGuard Solutions has encountered and resolved a wide variety of problems in our monthly work of patching control systems for our OEM clients and hundreds of power utility sites. In this presentation, we will cover a list of problems you might encounter and some real-world strategies that we have helped our clients implement to deal with them.
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB
The webinar covers:
• Development and implementation of ICS Security Management System
• Using ISO 27001 as the ISMS fundamental platform
• NIST SP 800-82 usage as the audit platform against ICS object
Presenter: Pedro Putu Wirya, an IT and ICS Security Consultant with an extensive experience in ISMS.
Link of the recorded session published on YouTube: https://youtu.be/iuI2QYsUYZQ
Presentation on findings of the annual survey of ICS Security professionals. Includes participant demographics, greatest ICS security threats, and security initiatives.
The Industrial Internet is an internet of - things, machines, computers and people, enabling intelligent industrial operations using advanced data analytics for transformational business outcomes.
Industrial domain is expected to be largest consumer of IoT devices and systems in terms of value
In today’s connected world, cyber security is a topic that nobody can afford to ignore. In recent years the number and frequency of attacks on industrial devices and other critical infrastructure has risen dramatically. Recent news stories about hackers shutting down critical infrastructure have left many companies wondering if they are vulnerable to similar attacks. In this webinar we will discuss the most common security threats and unique challenges in securing industrial networks. We will introduce the current standards and share some useful resources and best practices for addressing industrial cyber security.
Key Takeaways:
1. Gain perspective regarding common security threats facing industrial networks.
2. Learn about the relevant standards governing industrial cyber security.
3. Increase understanding of some best practices for securing industrial networks.
This slideshow was presented February 2, 2016 and developed for the Iowa Infragard team and discusses the Importance of Security Cyber-Physical Control systems, Elements of a control system, the manufacturing supply chain and consequences of cyber attacks in industrial environments. Please feel free to reach out with questions or comments.
Connecting people wirelessly is vital for doing business and securing who sees which data is 1 of today's biggest challenges. Now, Aerohive Networks and Barracuda have joint forces to come up with a solution which combines both vendor's products and facilitates this challenge. Learn more about this topic in our technical solution brief whitepaper. Contact us for more info at sales@kappadata.be
Innovation! Share your wireless network between colleagues and visitors in a safe way.
Aerohive Networks and Barracuda technologies have joined forces and are now compatible to be used together.
Combining both technologies today, allows you to provide secure and fast wireless access to both internal and external visitors at your company and allows you to use a straightforward reporting platform with the Barracuda NG Firewalls to manage all users on your network.
Cross standard and scheme composition - A needed cornerstone for the European...Javier Tallón
The proliferation of new cybersecurity standards/schemes shows the interest of all the stakeholders to require cybersecurity for ICT products. On the other hand, a need for harmonization/recognition between standards/schemes is needed. Otherwise, there could be too many standards that become non-cost-effective for developers certifying their products.
For instance, almost every IoT vertical has its own set of cybersecurity standards. But IoT devices and it’s supply chain is not limited within a single vertical. In fact the contrary holds, that building blocks of an IoT device find appliance in a couple of other verticals. Assuming that these building blocks demonstrated cybersecurity compliance of some form, say for a particular vertical, it will be key for the economy to not repeat those proofs of compliance but instead accept across standards and schemes where applicable.
This talk will highlight the importance of the acceptance of certification and standard compliance results across different schemes or security standards. We will show examples (e.g., smart metering in France with de-facto acceptance of underlying CC results, SESIP to IEC62443-4-2) where this has been applied successfully, but will also look at existing standards or schemes where this would be possible (e.g. EUCC, FITCEM, etc‚) or proposals on how to apply this for Industrial IoT (IACS ERNCIP recommendations to the EU commission).
The talk will be given from the developer perspective (Georg Stütz from NXP) and lab perspective (Jose Ruiz from jtsec)
For what reason would it be advisable for you to pick TONEX for your SCADA Security Training?
SCADA Security Training course gives progressed SCADA specialized outline of the developing patterns, propelled applications, activities, administration and security. We have Providing SCADA and Automation and Security Training and counseling for more than 15 years with 20+ man-long periods of improvement encounter.
SCADA Security Training course covers all parts of Industrial Control System (ICS) security for a few kinds of control frameworks including: Supervisory Control and Data Acquisition (SCADA) frameworks, Distributed Control Systems (DCS) and Other control framework arrangements, for example, slide mounted Programmable Logic Controllers (PLC).
#Some of the highlights of the SCADA Security Training:
Understand concepts behind Industrial Control Systems (ICS) and SCADA Security
Learn about DCS, SCADA and Industrial Control Systems technology, Infrastructure, instrumentation, HMI and Data Historians
SCADA and ICS Characteristics, Threats and Vulnerabilities
SCADA and ICS Security Program Development and Deployment
SCADA Network Architecture
SCADA Security Controls
Learn Passive and Active Techniques
Explore the impact of Wireless communications on SCADA System Security Testing
Explore SCADA System Security Testing with Active Techniques
Understand SCADA vulnerabilities and different techniques behind exploiting SCADA Systems
Understand how SCADA defense techniques and procedures work
Identify the weak links and challenges in SCADA cybersecurity
Review the available solutions and standards for secure SCADA architectures
Examine the state of policies on data privacy and Internet security and their impact on SCADA
Define a “To Do” list of action items to secure the SCADA systems
ICS/SCADA Security Essentials Essentials for NERC Critical Infrastructure Protection
ICS Active Defense and Incident Response
Assessing and Exploiting SCADA and Control Systems
Critical Infrastructure and Control System Cybersecurity
SCADA Security Management
#Learn more about the following aspects of SCADA, ICS and DCS Security:
Understanding Control System Vulnerabilities
Understanding and Identifying SCADA and ICS Vulnerabilities
SCADA, Industrial Control System (ICS) and Distributed Control Systems (DCS) Exploitation
Securing and Protecting Industrial Control Systems (ICS)
ICS, DCS and PLC Penetration Testing, Exploiting and Vulnerability Assessments
Hacking SCADA using Nmap, Nessus and Metasploit
Hacking Remote Web Servers
SCADA SQL Injection Attack
Learn more about SCADA security training
SCADA Security Training
https://www.tonex.com/training-courses/scada-security-training/
John kingsley OT ICS SCADA Cyber security consultantJohn Kingsley
John kingsley OT ICS SCADA Cyber security consultant
SCADA ICS Security Courses
Lack of SCADA ICS security professionals that lead to big gaps between compliance against the respected guidelines with the real situation at site. Critical needs for proper security professional in SCADA ICS
SCADA ICS Security Assurance
Ensuring the SCADA ICS environment to comply with the security requirements in order to maintain the production operations and sustain the business performance
SCADA ICS (OT) Security Services
SCADA ICS Security Services Summary
SCADA ICS Security Asset Management
SCADA ICS Security Risk Management
SCADA ICS Security Assessment
SCADA ICS Standard, Policy & Procedure Management
SCADA ICS Security Implementation
Cyber Security Services
Vulnerability Assessment
Penetration Testing
ISO 27001 Certified Management System Audit
Intelligent Buildings can use the skills of the control experts in the process field like the ISA Chapter members. Recent IEC Standard on cybersecurity is applicable to the building automation field.
This Operational Telecom Network for the Connected Pipeline System Design Guide documents best
practice design of safe, highly available, and secure infrastructure and applications for Oil and Gas
pipelines. This Design Guide identifies customer use cases, maps those use cases to relevant
architectures, and leverages Cisco and partner technology to deliver unprecedented value for our
customers.
Industrial Networking Systems Secure Integration | Cisco & Polestar Case StudyPolestar IIoT
This case study describes the integration of hardware and software with existing factory lines and process systems to avoid downtime. Additionally, a new network was needed to comply with government standards for healthcare pharmaceutical production It was a priority to ensure that the new network is secure and connect to #SD-WAN, allowing multiple services to run in tandem and being segregated for security. Learn more at www.polestarinteractive.com
Over the project, we provided an industrial network that is secure by design and redundant for serialisation compliance, meeting the latest security requirements, complying with industry standards, and granting continuous access to production at all levels.
Google GCP-PCSE Certificate Is Your Best ChoiceAmaaira Johns
Start Here---> https://bit.ly/2ZCndyL <---Get complete detail on GCP-PCSE exam guide to crack Professional Cloud Security Engineer. You can collect all information on GCP-PCSE tutorial, practice test, books, study material, exam questions, and syllabus. Firm your knowledge on Professional Cloud Security Engineer and get ready to crack GCP-PCSE certification. Explore all information on GCP-PCSE exam with the number of questions, passing percentage, and time duration to complete the test.
Creating a Reliable and Secure Advanced Distribution Management SystemSchneider Electric
As public utilities strive to build an efficient distribution network, they are looking to automated solutions. One such solution is the advanced Distribution Management System (ADMS) that integrates SCADA, DMS and OMS technology, for optimum performance efficiency. Instead of operating with proprietary protocols on isolated networks, this approach applies open-system design – and makes security of the SCADA system paramount.
In the U.S., the National Institute of Standards and Technology (NIST) is leading the efforts toward establishment of security standards for SCADA networks that process unclassified information. The North American Electric Reliability Council (NERC), with oversight by the U.S. Federal Energy Regulatory Commission (FERC) and governmental authorities in Canada, enforces mandatory cyber security standards for the bulk power system in North America. Beyond North America, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) maintain the ISO/IEC 27001 Information Security Management System standard.
It is these standards that make possible the performance efficiency of an interoperable ADMS open system while actually improving the security of older, proprietary SCADA/DMS/OMS systems.
The NERC Critical Infrastructure Protection (CIP) guidelines establish best practices for the minimal level of security required for safe and secure operations of a modern ADMS solution. They fully describe the system’s security objectives but leave to the user the choice of technology that best achieves these objectives for the user’s network. These guidelines describe access control and event logging, personnel training, maintenance of the electronic security perimeter, incident reporting and response planning, and security auditing. The utility that implements an ADMS solution that complies with these guidelines is positioned not only for operational effectiveness and enterprise-wide efficiency but also security of operations. It is recommended that the ADMS solution vendor be actively involved in industry working groups, to support compliance with the latest developments.
An open-architecture, fully configurable ADMS system meeting NERC CIP guidelines will offer security at all operational levels, even as the network grows and software upgrades are applied.
#SAFIRE-Project is presented at #ConnectedFactories Event in the „Horizontal (automation) and vertical (Cloud) Cyber-security in I4.0” Session #FOF_EU #DigitiseEU
Similar to Contributing to the Development and Application of Cybersecurity Standards (20)
Data, Data, Everywhere...GA10 Brings It All TogetherYokogawa1
Today, data is everywhere. Collected by a multitude of sensors and devices, most organizations have plenty of data. The question becomes, “What should you do with it all?” In steps Yokogawa’s GA10 Data Logging Software. GA10 acquires data from various instruments via communications, such as EtherNet, Modbus, and OPC-UA, and enables centralized monitoring and recording of data from a PC or remote location. With all your data in the same place, users can make real time decisions while monitoring standard or custom dashboards, receive automatic reports, send email or alarm notifications to maintenance personnel, and much more. Let’s put your data to work, when you bring it all together, with GA10!
In this webinar, we will:
• Share best practices for monitoring, recording, and transferring data
• Challenges in data acquisition and how Yokogawa can help
• Demonstrate GA10 Data Logging Software capabilities:
Seamlessly connect Yokogawa and 3rd party devices
Easily create projects and standard or custom dashboards
Generate automatic reports, notifications, alarms, and emails
Chromatography is introduced to us from a very young age; from marker and coffee filter art projects to the simple black ink separation. All of which the pigments wick from the papers are different speeds when dipped into water, showing the various types of pigments. Chromatography is based on this originally when it was first used for the synthetic dye industry in the early 1990s as Chromatography means color measurement.
This one-hour session covers chromatography basics and explains what makes up a process gas chromatograph that is used today.
We will dive into:
Different types of sample injection methods.
What and how a separation column works.
Basic rules of thumbs for best practice.
An Economic X-ray of Digital TransformationYokogawa1
Recent dynamic market changes and uncertain business environments have placed a sharp focus on digital transformation (DX). DX initiatives must clearly align with business strategies and have a clear vision of where, and how, they add value in terms of enhanced profitability, capital efficiency and license to operate. Focusing on enhanced profitability, we start with a simple refresh of the “Profit & Loss” or income statement and demonstrate how it is impacted by DX initiatives, thereby demonstrating how money is made and lost. These general concepts are reinforced with several real-life examples across the upstream, refining and bulk chemical sectors. Through this exercise, conclusions are drawn on where DX has the greatest immediate impact.
Using A Unique, Next Generation APC Solution To Address Common Problems In Th...Yokogawa1
Shell Chemical's Geismar plant is the largest alpha olefins producer in the world. Being ready, situationally aware and making the right decisions only guarantees success with efficient and effective operational execution. This presentation will profile a series of unique ways to solve common multi-variable process control challenges often encountered in chemical processing units. Several examples will be given that were used at Shell’s Geismar facility to drive superior efficiency and productivity savings.
Open Process Automation: Status of the O-PAS™ Standard, Conformance Certifica...Yokogawa1
Today, end users in the energy and chemical industries must work with and integrate multiple proprietary systems in almost every process plant or facility. These systems include manufacturing execution systems (MES), distributed control systems (DCS), human-machine interfaces (HMI), programmable logic controllers (PLC) and inputs/outputs (I/O). These multiple proprietary systems, and the integration thereof, result in elevated capital costs on new projects and high total cost of ownership through the asset lifecycle, especially in the operation and maintenance of such systems. The Open Process Automation™ Forum (OPAF) is an international forum of end users, system integrators, suppliers, academia, and standards organizations who are working together to develop the specifications for open process control systems. OPAF’s goal is to enable more open and modular systems that supports integration of best-in-class components. This architecture will provide both configuration and application portability across components from different suppliers, thereby reducing system capital cost and total cost of ownership. The vision is a standards-based, open, secure and interoperable process control architecture that reduces the cost of control system upgrades and replacements, as well as removes barriers to technology insertion, with adaptable cybersecurity designed in. This keynote presentation will outline the Open Process Automation initiative, standard and status of industry prototyping, as well as share evidence of commercialization.
The Value-driven Approach to Digitalizing Assets and their Supply ChainsYokogawa1
Facilities must pursue the agile optimization of feedstocks and other inputs with products and operations to reflect market demand and prices. This is how the demand-pull business model is achieved and a measurable change in profitability delivered. This presentation will showcase why a mindset shift to value chain optimization is needed, as well as the deliberate approach needed to digitally transform value chain optimization activities. The value chain digital twin combining traditional solutions and AI will be profiled, along with the first steps that need to be taken, now.
The Role And Evolution Of Advanced Analytics In The Process IndustriesYokogawa1
To improve a plant’s operation, it is important to understand it’s potential for improvement so that the right actions can be taken. Plant data and advanced analytics are the keys to maximizing plant performance. This keynote presentation will highlight the role of advanced analytics and its evolution in the years to come.”
The Digital Twin For Production OptimizationYokogawa1
Digitalization is fundamental to the development of Repsol’s strategy for the future. To meet emerging challenges, the business units have developed an ambitious program comprising multiple projects. Within Repsol’s Industrial Business, development of a refinery digital twin leads the digitalization program. The digital twin allows the business to maximize production while optimizing energy consumption. This session will explore the digital twin project objectives to improve the accuracy and scope of the Refinery LP model that the Programming and Planning departments use to make decisions regarding crude feedstock purchasing and refinery unit operations. It will also report on the context of the business goals achieved, the technology and architecture developed, and the connectivity deployed to communicate results. It will conclude with a description of how enhancements to existing technology work with new technologies to improve value.
Multi-Site Optimization To Drive Value Creation In ChevronYokogawa1
The vision should be one of an asset, or portfolio of assets, that exists in the context of, and is synchronized with, its supply chains and surrounding business environment. The asset(s) together with its supply chain should continuously respond in unison to market signals, disturbances, and optimize holistically. Since the early 1980s Chevron has developed and continued to enhance its proprietary linear programming (LP) technology, Petro, to select the most profitable raw materials, evaluate product options, optimize refinery processes, and promote efficient capital investments across its global refining network. Key to this has been the use of Petro, with its highly efficient multi-location modeling methodology, to optimize raw materials and product supplies between refinery sites. This presentation will showcase how Chevron drives transformational value through multi-site optimization, and how development of associated people and business processes have accompanied evolution of the technology.
Keeping PACE with Advanced Process ControlYokogawa1
The pace was set to start APC sustainability, the software was chosen and the initial implementation was validated. This presentation will focus on how the company is approaching the upgrades, the training of new engineers, the benefits and results from it and the next steps to improve controls and stakeholders reliability.
Yokogawa’s DX and Smart Manufacturing Vision for Building our FutureYokogawa1
DX is the novel use of digital technology to accelerate companies' business strategies and business goals, not technology for technology’s sake. Digitalization and digital transformation involve business and workflow changes, adjustment of enterprise operations and business transformation. But to decide what digital applications and capabilities are required, business value drivers and the various digital challenges that contribute to operational excellence must be mapped out. Once these are known and understood, a holistic approach can be undertaken to drive triple bottom line performance in terms of people, planet and profit. Partners who have domain knowledge and best practices in the industry, are one of our key success factors. This keynote presentation will outline Yokogawa's vision for digital transformation of the energy and chemical industry to achieve their smart manufacturing goals. In doing so demonstrating Yokogawa's commitment to achieving net-zero emissions, making a transition to a circular economy, and ensuring the well-being of all.
Business Model Disruption - The Step-wise Transition to Remote OperationsYokogawa1
Many assets have reached the “point of diminishing returns” in their pursuit of optimization benefits using conventional business models. To reach the next horizon of value, these assets must undergo digital process re-engineering, digital re-organization and digital business transformation. In many cases, the entire operations management system needs to be re-written and re-implemented. The first step in transitioning to a new operating model involves defining the end-state and achieving a step-wise approach toward it. That end state might be a centralized optimization center, remote integrated operations center, minimal manning facility, or a fully automated facility. The internal rate of return (IRR) associated with the transition to remote operations depends on the extent to which operating cost savings can be traded for capital investment. Through various case studies, this session will explore the key considerations in making a successful transition and the important factors driving IRR variability and operational risk.
A New Digital Maintenance Platform in a Large Petrochemical Facility to Ident...Yokogawa1
Every day, asset management teams must reliably deliver the highest predictable availability at the lowest cost. The focus should be on providing information and understanding directly to decision makers–human or machine–in a way that drives the business as a whole to make improvements. Braskem operates a very large petrochemical complex in Camacari, Bahia, Brazil that produces ethylene, polyethylene and PVC, and other chemicals. The site has recently embarked on a project to implement a digital maintenance platform to deliver enhanced situational awareness and decision support. The presentation will showcase the goals of the project and how the platform will gather data from a variety of sources in a secure manner. It will describe the automation tools, databases, manual inputs, event sorting, data modeling, and data science to deliver the intended outcomes.
Shift team effectiveness: Don't bother if you can't change "shop floor" shift...Yokogawa1
Overall shift team effectiveness is critical, but especially shift handover activities. Shift teams are at the point of manufacture and hold the keys to plant and equipment safety, reliability, production and product quality, as well as operational discipline. Shift handovers take just 5% of operational time, but account for around 40% of plant incidents. So if you want your digital transformation (DX) initiatives to succeed, you need to think like an operator–to empathize and gain credibility with those on the shop floor–and to translate the DX agenda into their language. Only through this can a true changing of ways occur. This session will showcase a proven shift team effectiveness model comprising four key areas and sub-components–organizational capability, work environment, information and technology, and operating practices–and how they all need to work in tandem with each other. A case study will demonstrate how these areas should be leveraged to ensure safety, reliability and production information effortlessly flow in, and out, of the shift team to the various support departments.
Adversity Drives Innovation and Enterprise Resilience to Best Leverage a Hist...Yokogawa1
In most plants, process data is generated by various OT systems such as the DCS or SCADA, blending systems, dosing systems, fault detection systems, smart instruments, etc. Enterprise process historians should be the system of record for all operating data and should support achieving a ‘single source of truth’ for the plant. The desire to have a single source of truth for all data types that can be consumed in decision making and execution is driving IT/OT convergence. How enterprise process historians are leveraged, both on-site and remotely, is crucial for business continuity and advancement toward increasingly autonomous operations. This presentation will showcase how new processes and techniques around remote monitoring, data extraction and advanced analytics enabled Kuraray to maintain situational awareness and visibility into key plant operations whilst social distancing during COVID-19.
Improved Upstream Production Efficiency with Remote Optimization Centers, Fie...Yokogawa1
To climb down the cost curve, upstream companies need to fundamentally change how they operate – technology, people and processes. The industry has reached close to the maximum threshold on the number of individual point solution applications (and associated processes and siloed departments) that are in use today. To remain relevant and thrive, upstream companies must firstly buy time, then digitalize and lastly, position more effectively for the energy transition. This means taking a “systems thinking” approach that focuses on the way that a production system’s constituent parts interrelate, how they work over time and within the context of larger systems. This presentation will outline the role of field-wide models, which when operationalized with real-time data, result in a digital twin that is highly effective in achieving production system optimization. These models when run in the Cloud, then enable the remote optimization center and generate synthetic data able to train AI algorithms for machine learning with limitless potential.
Transforming Decision Making in Scheduling of Terminal OperationsYokogawa1
Terminals are mission critical assets for effecting mass transfers, exploiting arbitrage opportunities, blending, mopping up errors and inaccuracies in supply chain planning, amongst others, across the hydrocarbon processing value chain. Effective scheduling of terminal operations is required to handle timing, sizing, allocation and sequencing decisions involved in connecting the "ideal" (production plan) to the "real-world" (the operation), with its various subtleties, nuances and non-linearities. Complex decision-making is required to make money. It involves the development of a detailed (executable) plan that is able to implement the operations strategy from the planning process, running the asset(s) up against physical and logistical constraints. As a result, schedulers must deal with a large number of inter-related alternatives with high implications in business performance. Wrong moves in the decision chain can set the execution path towards costly disruptions. Only through combinatorial optimization algorithms can this complexity be simplified. This presentation will show how these algorithms can be incorporated into practical business applications and made available to extend the capabilities of scheduling personnel way beyond what can be achieved with current methods. The value captured and how it is achieved will be demonstrated using actual applications in LNG Regasification, Crude Oil Supply and Primary Distribution operations.
Asia NOC Bridges Business-wide Performance Objectives and KPIs through an Adv...Yokogawa1
Misalignment and conflicting performance objectives between management and front line operators is the root cause of a lot of profit erosion. Businesses need systematic ways to align senior management objectives and operating KPIs. This presentation will demonstrate how a National Oil Company in Asia utilized data analytics and KPI trees with drill-down capabilities to systematically align performance objectives and KPIs in its gas processing division to achieve profit driven operations. The presentation will also highlight how first principles digital twins can be incorporated to serve as a soft sensor to deliver further accuracy and rigour.
After fully exploiting digital computing technology to enable safe and efficient operation since the 1970s, the tank farm and terminal industry is in the midst of a major step change as organizations apply advanced analytics, artificial intelligence and machine learning to the massive operational data they have collected. Applications of digital transformation technologies are ultimately leading to the autonomous terminal. An autonomous terminal possesses comprehensive knowledge of its capabilities and limitations; it works with operators to provide maximum operational safety and efficiency. To realize the autonomous terminal, digital transformation is inevitable and includes fully digitalized execution, digitalized information exchange with all internal and external stakeholders, digitalized asset optimization and fully automated operations. Participants in this session will learn how to realize broad-based benefits and how operations should continuously improve in a sustainable manner.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Contributing to the Development and Application of Cybersecurity Standards
1. Camilo Gomez
Global Cybersecurity Strategist
Yokogawa USTC
November 10, 2020
Contributing to the
Development and Application
of Cybersecurity Standards
2. Agenda
1. Overview of ICS Cybersecurity
Standards Development Activities
2. Using the Standards
3. Applying and Adopting the
Standards to the New and
Emerging
8. ■ Methodology for developing quantitative metrics
and KPIs from requirements in the standards
■ Understanding the objective and context
of requirements
■ Deriving performance metrics from process
and technical requirements
■ Differentiating Performance metrics
from Conformance metrics
■ Building Key Performance Indicators
WG12: 62443-1-3 Performance Metrics
How to measure performance and effectiveness
of security controls in operation?
9. ■ Methodology for combining the evaluation of
organizational and technical security measures
■ Results expressed in numerical values (SPRs)
■ SPR values are derived from rating the security level
provided by capabilities of security measures used
and the maturity levels of the organization operating
the IACS
■ Based on maturity levels defined in 62443-2-1,
62443-2-4 and 62443-4-1 and security levels
defined in 62433-3-3
WG3TG3: 62443-2-2 Security Program Ratings
Evaluating the actual level of protection of an
IACS cybersecurity program in operation
11. ■ Examine whether the standards are appropriate and sufficient
for IIoT in the context of “secure-by-design” objects as a prelude
to possible certification
■ Focus on data classification, edge data collection and processing,
and data transmission to the cloud via gateways
■ Relevance of zone and conduits concept
Applying ISA/IEC 62443 to Industrial IoT
ISA99 WG9-TR
■ Project towards an IIoT certification in progress
■ Applicability of CSA Certification
■ Differentiating IIoT device vs IIoT solution
■ Study of potential gaps in certification requirements
and 62443
ISASecure roadmap
12. ■ Responding to market need for intrinsically secure
automation components and systems
■ Adopted 62443 as the guiding standard for
secure-by-design of O-PAS™ products
■ Both software applications and physical platform
■ Mapped for the first-time other OT and IT functional
standards such as OPC UA and Redfish to 62443
■ Established collaborative agreement with ISASecure
for security testing of O-PAS™ products based on
ISA/IEC 62443 and relevant O-PAS™ specifications
Adopting ISA/IEC 62443—OPAF Example
O-PAS™ a standards based, open, secure, and
interoperable process control architecture
O-PAS™ Standard is a registered trademark of The Open Group.
14. Standards based secure development lifecycle
and support of products and services – secure by
design
■ Policy
◆ Group Quality Management Policy
■ Knowhow
◆ Engineering standards
◆ Guidelines & tools
■ Assurance Framework
■ Training
■ Product Certification
Yokogawa’s case
Adopting Standards Servicing our Customers
Standards based lifecycle management services
for plant cybersecurity
15. The names of corporations, organizations, products and logos herein are either registered trademarks or
trademarks of Yokogawa Electric Corporation and their respective holders.
Thank You!
There is more than just
having standards when
they are set to work.