The ISA/IEC 62443 series of standards define requirements and processes for implementing and maintaining electronically secure industrial automation and control systems (IACS). These standards set best practices for security and provide a way to assess the level of security performance.
Their approach to the cybersecurity challenge is a holistic one, bridging the gap between operations and information technology as well as between process safety and cybersecurity.
The ISA/IEC standards set cybersecurity benchmarks in all industry sectors that use IACS, including building automation, electric power generation and distribution, medical devices, transportation, and process industries such as chemicals and oil and gas.
A founding principle of the ISA/IEC 62443 standards is the concept of shared responsibility as an essential building block of automation cybersecurity. Key stakeholder groups must align to ensure the safety, integrity, reliability, and security of control systems.
The standards define requirements for key stakeholder groups who are involved in control system cybersecurity.
Stakeholder groups include asset owners (end users), automation product suppliers, integrators who build and maintain control system solutions and their components, and service suppliers who support the operation of control systems.
People, processes, and technology all play critical roles in securing automation and control systems.
The ISA/IEC 62443 series addresses the security of #industrialautomation and control systems (IACS) throughout their lifecycle (which applies to all automation and control systems, not only industrial).
Because IACS are physical-cyber systems, the impact of a cyberattack could be severe. The consequences of a cyberattack on an IACS include, but are not limited to:
- Endangerment of public or employee safety or health,
- Damage to the environment,
- Damage to the Equipment Under Control,
- Loss of product integrity
- Loss of public confidence or company reputation,
- Violation of legal or regulatory requirements
- Loss of proprietary or confidential information,
- Financial loss,
- Impact on entity, local, state, or national security.
