ISA/IEC 62443 Cybersecurity Series Designated as IEC Horizontal Standards

• Standards

Summary

The ISA/IEC 62443 standards, Industrial Automation and Control Systems Security, have been officially designated as a horizontal series by the Geneva-based International Electrotechnical Commission (IEC), establishing primacy across the wide range of IEC standards projects on matters related to cybersecurity in industrial and related applications.

The IEC defines horizontal standards as those that are widely applicable and are to be used by all relevant committees to ensure consistency and coherence in IEC standards. The status is granted following an enhanced IEC review process and approval by the Standardization Management Board, which is responsible for the management and supervision of IEC standards work.

The ISA/IEC 62443 standards are developed primarily by the ISA99 committee with simultaneous review and adoption by the IEC. ISA99 draws on the input of cybersecurity experts across the globe in developing consensus standards that are applicable to all industry sectors and critical infrastructure, providing a flexible and comprehensive framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems.

IEC horizontal status is the latest of several notable recognitions in the ongoing development and growing global application of the ISA/IEC 62443 series. These include:

• A decision by the United Nations Economic Commission for Europe to integrate the standards into its Common Regulatory Framework on Cybersecurity, which serves as an official UN policy position statement for Europe.
• An agreement at the request of the NATO Energy Security Center for Excellence to establish official collaboration and exchange of information.

The IEC horizontal recognition also follows completion of several key standards in the ISA/IEC 62443 series:

• ISA/IEC 62443-3-2: Security Risk Assessment for System Design, defines a comprehensive set of engineering measures to guide organizations through the essential process of assessing the risk of a particular industrial automation and control system (IACS) and identifying and applying security countermeasures to reduce that risk to tolerable levels. The standard can be effectively applied across all industry segments and critical infrastructure sectors that depend on secure IACS operations, providing guidance to all key stakeholder categories, including asset owners, system integrators, product suppliers, service providers, and compliance authorities. 
• ISA/IEC 62443-4-1, Product Security Development Life-Cycle Requirements, which specifies process requirements for the secure development of products used in an IACS and defines a secure development lifecycle for developing and maintaining secure products. 
• ISA/IEC 62443-4-2, Technical Security Requirements for IACS Components, which provides the cybersecurity technical requirements for components that make up an IACS, specifically the embedded devices, network components, host components, and software applications.

Other standards in the ISA/IEC 62443 series cover terminology, concepts, and models; establishing an IACS security program; patch management; and system security requirements and security levels.

In addition, ISA offers extensive training resources on cybersecurity, as well as safety, fundamentals, and other topics in industrial automation and control systems. Visit the training site for information.

For more information on ISA99 and the ISA/IEC 62443 series of standards, contact Eliana Brazda, ISA Standards.

• Facebook
• Twitter
• Linked In