FAQs for the ISA/IEC 62443 series of standards
The ISA/IEC 62443 series of standards is designed to help integrate people, processes and technology for a cohesive and effective security strategy.
Here are some frequently asked questions, which offer insight into how to achieve the balance of these three pillars in today’s changing digital environments.
What is the ISA/IEC 62443 series of standards, and how can it help achieve a cohesive balance between people processes and technology?
ISA/IEC 62443 is a culmination of international standards that serve as guidance for securing industrial control systems (ICS) and operational technology (OT) networks. They were developed by the ISA99 committee and adopted by the International Electrotechnical Commission (IEC).
It serves as a framework to manage people, process and technology. It also addresses three different stakeholder groups, including the manufacturers of controlling devices, service providers such as system integrators and maintenance service providers, and operators. A focus on three stakeholder groups allows for observation of their different tasks and helps to balance people, process and technology across three stakeholder groups. This helps boost resiliency across systems and operations.
With a rise in digital transformations, are the ISA/IEC 62443 series of Standards becoming the de facto standards for securing operational technology (OT)?
ISA/IEC 62443 standards are foundational for securing OT. Automation product suppliers adopted the standards quickly, but progress was a bit slower for asset owner operators. Some automation suppliers, however, are also asset owners with product development, production facilities and a business organization. They are using ISA/IEC 62443 as their standards for securing products that go to market.
How can obsolete legacy systems, which may have insecure equipment, be best positioned to be updated and achieve better security?
If you view insecure equipment as a pollution stream, you really want to create a safer and more secure environment and stop that pollution stream from coming in. All new systems should incorporate standards and require suppliers to meet necessary target levels of security. Rather than replacing technology, look for ways to change how you configure or manage legacy systems without a wholesale replacement. This will develop a more secure environment to operate in.
What are some best practices for balancing people, processes and technology by using ISA/IEC 62443?
It begins from the top down. This means incorporating strategic planning and then working it down the ladder to the execution. People must be trained and educated so they all speak the same language, working across all levels of the organization to help establish a security culture. Where possible, this culture includes a competency program with certification goals to provide evidence of staff capability in security. Safety and cybersecurity are engineering disciplines that are essential to supporting new technologies and connectivity in the ever-changing automation environment. The standards established provide a good foundation for creating a security culture as the industry continues to evolve.
How can UL Solutions help?
Our holistic approach to safety and security, including training, advisory, reviews, audits and certification to ISA/IEC 62443, can be a pivotal resource for manufacturers, system integrators and asset owners across various industries, including industrial automation, renewable energy and automotive sectors. Our services can help these industry stakeholders meet global regulations, strengthen industrial systems against vulnerabilities, mitigate the risk of injury and potential production downtime, and protect their brand reputation.
Get connected with our sales team
Thanks for your interest in our products and services. Let's collect some information so we can connect you with the right person.