The International Society of Automation (ISA) has responded to a widely circulated report from the Pell Center for International Relations and Public Policy that calls for a unified U.S. national strategy to address the serious workforce development needs presented by the multi-dimensional threats of cyber attacks.
The Pell Center’s report Professionalizing Cybersecurity: A Path for Universal Standards and Status, released in July 2014, calls for the creation of a professional association to address shortcomings in the cybersecurity industry and charts a path to professionalizing the field.
While commending the Pell Center for bringing greater attention to this challenge, 2014 ISA President Peggie Koon, Ph.D., emphasizes in a letter to the center that a comprehensive workforce development strategy is being implemented to train and prepare those responsible for protecting the critical and industrial infrastructure that forms the foundation of modern economies, and serves as the greatest potential target of cyber terrorists and the greatest risk of potential damage from cyber attack.
The Framework for Improving Critical Infrastructure Cybersecurity, published in early 2014 by the U.S. National Institute of Standards and Technology, sets forth guidelines to help owners and operators involved in the critical and industrial infrastructure identify, assess and manage cyber risk. The Framework is based on the input of leading cybersecurity experts from government and multiple industry sectors.
Cited throughout the Framework, Dr. Koon notes, is a series of standards on industrial automation and control systems security that are being developed by ISA in an international effort involving experts from more than 200 companies and organizations representing energy, water and wastewater, food and beverage processing, chemicals, petroleum refining and other vital industry sectors. The standards, designated the ISA 62443 series, are being adopted as they are completed by the Geneva-based International Electrotechnical Commission (IEC) as the IEC 62443 series, assuring recognition by industries and governments across the globe.
The Pell Center report makes the point that the technology for combating cyber attacks is only as good as the people who develop, implement and maintain it. However, for those responsible for protecting the critical infrastructure and industrial base, the required expertise extends well beyond the tools and technology of cybersecurity, Dr. Koon points out. "They require an understanding of the engineering interactions of complex automation and control systems—in which cyber vulnerabilities exploited in sectors such as energy production and distribution, water treatment, refining and chemicals can disrupt and damage multiple sectors, with potentially severe consequences for public health and welfare, and on a vast and interconnected economy," Koon says.
"As the leading professional association for automation and control systems engineers and practitioners, ISA represents the very people who must meet the great and challenging demands for knowledge and expertise in protecting the industrial and critical infrastructure," Patrick Gouhin, ISA Executive Director and CEO, said in a prepared statement.
"ISA’s leadership in industrial cybersecurity extends well beyond the standards by leveraging the vast expertise and knowledge from the ISA/IEC 62443 program," Gouhin adds. "This has led to programs for the training, certification, and continuing education of those who must understand the complexities and interactions of advanced automation and control systems while protecting critical infrastructure and the industrial base."
These programs include:
Professional certification and certificate programs
• Certified Automation Professional®(CAP®) Certification, which demonstrates proficiency in all aspects of industrial automation and control systems including network and control systems security
• Industrial Cybersecurity Certificate Program, which demonstrates proficiency in understanding and applying the ISA/IEC 62443 international standards
• Certified Mission-Critical Professional (CMCP) Certification, in development under a U.S. Department of Labor grant to Cleveland Community College, focusing on the skills and knowledge to combat cyber and other threats in industrial operations
• Study courses and preparation materials in support of the Control Systems Engineering (CSE) program, a specialized Professional Engineering (PE) license recognized in the U.S. and administered by the National Council of Examiners for Engineering and Surveying, which includes coverage of network and control systems security
Competency-based workforce development
• The Automation Competency Model (ACM), developed by the Automation Federation, the umbrella organization of ISA, in conjunction with the U.S. Department of Labor, establishes what individuals need to know to successfully perform the tasks required in automation occupations, including network and control systems security.
Training classes, publications and conferences on:
• Basic and advanced cybersecurity for industrial automation and control systems
• Understanding and implementing the ISA/IEC 62443 standards
For more information, visit the ISA cybersecurity resources Web page.