ISPE Cyber SecurityS99 Update.ppt

* * July 2009 Copyright ? 2009 - ISA * The following two slides list all of the committee work products and provide a bit more detail on each one, such as current status and corresponding IEC document designation. * July 2009 Copyright ? 2009 - ISA * * June 2009 Copyright (c) 2009 ISA Outreach and acceptance IACS are no longer stand alone entities They are networks, data paths, integrations… ISA S99 leadership is active in harmonizing activities, building upon completed work ISPE Cyber SecurityS99 Update December 08, 2009 Topics to be covered Does it matter? Activity ISA S99 S99 Work completed S99 Work in progress SCADA Specific information Freely available Documented case DCS Controls Systems Security Program (CSSP) administered by DHS 15 ICS assements 245 vulnerabilities All systems at risk Not inclusive, only most critical vulnerabilities identified Activity Standards NERC CIP Chemical Sector Guidance Documents NIST 800-53 NIST 800-82 ANSI/ISA-TR99.00.01-2007 ANSI/ISA-99.00.01-2007 ISA-99.00.02 (Draft) DHS Certifications CISP CISM? CGIET ? CISA ? ISP Why a industrial security standard? IT IT Security Control Systems ? Control System Cyber Security Copyright ? 2009 ISA Multiple Perspectives * The right Balance of Understanding in: Industry Sector drivers Control Vendor Limitations User Implementation Challenges Economic/Financial Burdens Community acceptance Community Support Requirements Committee Scope The ISA99 Committee addresses industrial automation and control systems whose compromise could result in any or all of the following situations: endangerment of public or employee safety loss of public confidence violation of regulatory requirements loss of proprietary or confidential information economic loss impact on entity, local, state, or national security * Participation Over 250 members from more than 200 companies Sectors include: Chemical Processing Petroleum Refining Food and Beverage Power Pharmaceuticals Process Automation Suppliers