The ISA-99 standard for plant network security, from the Instrumentation, Systems and Automation Society, has gained support from a wide range of industry players. Major vendors such as ABB, Honeywell, Invensys and Rockwell Automation are on board. So are industry software players such as Microsoft and SAP. Governmental agencies are also supporting the standard. They range from the U.S. Department of Homeland Security to the U.S. National Institute of Standards and Technology.
The standard constitutes a collection of recommended practices to secure the plant floor. “The ISA-99 standard offers best practices. You can use the standard to determine exactly where a plant’s vulnerability is,” says Marilyn Guhr, senior marketing manager at Honeywell Process Solutions, in Phoenix.
The ISA-99 standard addresses the differences between the information technology department’s view of security versus engineering’s view. “The ISA-99 standard has a section where they talk about how confidentiality in the control system is different than in an HR system,” says Eric Cosman, engineering solutions architect at Dow Chemical, in Midland, Mich. “Manufacturing is concerned about availability. They don’t think in terms of security but rather in terms of protecting the run of the machine.”
Because ISA-99 reconciles the real-world concerns of control engineers with needs for security, those involved in developing the standard are pushing hard for widespread adoption. “Our goal is that ISA-99 becomes the standard for policies and procedures for the control industry,” says Kevin Staggs, senior principal engineer at Honeywell. He warns, however, that security measures have to be intrinsic in how the control system is designed. It can’t be an add-on. “You can’t just bolt security onto the control system. It has to be in the DNA of the system.”
Many in the control industry believe the ISA-99 standard will pay off in securing control systems. “There’s a lot of effort going into it, and there will be a success story down the line,” says Ernie Rakaczky, program manager for control systems security at Invensys. He also points to Microsoft as a leader in system security. “I take my hat off to Microsoft on what they’ve done in security over the last two years.” He notes that Microsoft’s involvement in control systems security is important because Windows is now ubiquitous in manufacturing.
See the story that goes with this sidebar: Securing the Plant Network
![Mps035 Sm 1200x628 D[2]](https://img.automationworld.com/files/base/pmmi/all/image/2021/03/MPS035_SM_1200x628_D_2_.604a4a336bc60.png?auto=format%2Ccompress&bg=fff&fill-color=fff&fit=fill&h=146&pad=5&q=70&w=340)
