At the request of the National Institute of Standards and Technology (NIST), representatives from the Automation Federation recently participated in the first NIST meeting for developing a national cybersecurity program called for by President Obama.
The meeting was held April 3 at the U.S. Department of Commerce offices in Washington, D.C.
The Automation Federation said, in an official announcement, that the meeting was an important step in establishing the Cybersecurity Framework to confront the growing threat of cyber attacks on the nation’s critical infrastructure. The Cybersecurity Framework will include “standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks,” and “help owners and operators of critical infrastructure identify, assess, and manage cyber risk.”
Pat Gallagher, Director of NIST, has been instructed to lead the effort to develop the Cybersecurity Framework. Responding to NIST’s invitation to participate in the initial meeting were Automation Federation’s Leo Staples, 2013 Automation Federation Energy Committee Chair; Eric Cosman, Chair of ISA99 Security Committee; Steve Mustard, member of the Automation Federation Government Relations Committee; and Mike Marlowe, Automation Federation Managing Director and Government Relations Director. Cosman, in addressing the NIST Cybersecurity Framework meeting, said that “securing automation control systems from cyberattacks is at the heart of protecting our nation’s critical infrastructure.”
The NIST Cyber Security Framework for Reducing Cyber Risks to Critical Infrastructure is a mechanism to designed to help secure a wide range of systems by working with industry and standards organizations to leverage existing industry standards.
The Automation Federation and its founding organization, the International Society of Automation (ISA), said they are committed to working with NIST to meet targeted deadlines in completing the Cybersecurity Framework as outlined in President Obama’s Executive Order. Members of the Automation Federation will participate at the next NIST Cybersecurity Framework meeting, which is scheduled for May 29-31, 2013 at Carnegie Mellon University in Pittsburgh, Pa.
The Automation Federation has voiced the importance of including the American National Standards developed by ISA99, Industrial Automation and Control Systems Security, a multi-industry initiative of ISA, as part of the Cybersecurity Framework. These standards apply to all key industry sectors and critical infrastructure. The Automation Federation says, given the interconnectivity of today’s advanced computer and control networks—where vulnerabilities exploited in one sector can impact and damage multiple sectors—it’s essential that cybersecurity standards be broadly applicable across industries.
ISA Security Compliance Institute (ISCI), an affiliate of ISA, has also developed a widely recognized compliance and testing program that ensures that industrial automation and control devices and equipment conform to consensus cybersecurity standards. The Automation Federation is promoting the work of ISCI as part of the Cybersecurity Framework.