ISA99 Working Group 5 ISA99 Working Group 5



Similar documents
ISA-99 Industrial Automation & Control Systems Security

FOR REVIEW PURPOSES ONLY!

ISA Security. Compliance Institute. Role of Product Certification in an Overall Cyber Security Strategy

ISA Security Compliance Institute ISASecure IACS Certification Programs

Process Control Systems Forum (PCSF)

Rethinking Cyber Security for Industrial Control Systems (ICS)

FOR REVIEW PURPOSES ONLY!

IAEA 2015 INTERNATIONAL CONFERENCE ON COMPUTER SECURITY IN A NUCLEAR WORLD

FOR REVIEW PURPOSES ONLY!

Process Control System Cyber Security Standards an Overview

Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems

Does Aligning Cyber Security and Process Safety Reduce Risk?

Dr. Markus Braendle, Head of Cyber Security, ABB Group 10 Steps on the Road to a Successful Cyber Security Program Asia Pacific ICS Security SUMMIT

ISA Security Compliance Institute

1 ISA Security Compliance Institute

Rebecca Massello Energetics Incorporated

Federal Highway Administration Director, Office of Transportation Management

ADPH Accreditation Project Meeting Minutes

A New Standards Project on Avoiding Programming Language Vulnerabilities

Industrial Cyber Security 101. Mike Spear

Roadmaps to Securing Industrial Control Systems

Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, CASE: Implementation of Cyber Security for Yara Glomfjord

Cyber Security focus in ABB: a Key issue. 03 Luglio 2014, Roma 1 Conferenza Nazionale Cyber Security Marco Biancardi, ABB SpA, Power System Division

Recommendations to align safety and security for industrial automation control systems ISA99 WG7 TG1. 30 January 2015

Cybersecurity Guidance for Industrial Automation in Oil and Gas Applications

CSMS. Cyber Security Management System. Conformity Assessment Scheme

Cybersecurity & the Water Sector

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?

PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM

Which cybersecurity standard is most relevant for a water utility?

Voluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, 2014 Utilities Telecom Council

This is a preview - click here to buy the full publication

1. CALL TO ORDER/ROLL CALL John Zoglin, Chair 4:00 4:01. John Zoglin, Chair 4:01 4:02 2. POTENTIAL CONFLICT OF INTEREST DISCLOSURES

Australia/New Zealand General Insurance Program Activity and Implementation Report

IEC 62443: INDUSTRIAL NETWORK AND SYSTEM SECURITY

ANNUAL MEETING OF THE INTERNATIONAL NUCLEAR SECURITY EDUCATION NETWORK (INSEN) IAEA Headquarters, Vienna, Austria August 2015.

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity

An International Perspective on Security and Compliance

Board of Directors Meeting ASCD Headquarters Alexandria, Virginia July 21-23, 2014 MINUTES

PES Stationary Battery Committee (Technical Committee)

M I N U T E S PLANNING COMMITTEE WEB MEETING

Role Based Access Control for Industrial Automation and Control Systems

Update on ISO TC 265 Transportation and

INDUSTRIAL ADVISORY COMMITTEE (IAC) ELECTRICAL ENGINEERING TECHNOLOGY PROGRAM DEPARTMENT OF TECHNOLOGY, COLLEGE OF ENGINEERING, SIUC

SCADA Security Training

7:00 p.m. Regular Meeting April 9 12

How To Understand And Understand Cyber Security

Cybersecurity..Is your PE Firm Ready? October 30, 2014

INCOSE Healthcare Working Group Charter

Australia/New Zealand General Insurance Program Activity and Implementation Report

Proposed Task Group: Electrical Cable and Condition Monitoring Codes and Standards for Nuclear Power Plants

FOR REVIEW PURPOSES ONLY!

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Thursday, Minutes. David Young II. Commissioner Young. III. FORUM IV. PUBLIC. Project. He believes. crossing. all the traffic of after the

Walter Fumy discusses the importance of IT security standards in today s world and the role that SC 27 plays in this field.

Policies and Procedures Communications Quality & Reliability (CQR) Technical Committee

ISA Security Compliance Institute. ISASecure Embedded Device Security Assurance Certification

Faculty IT Advisory Committee Monday March 3, :00pm 1:30pm

IT-014 Health Informatics Committee

OPENKONSEQUENZ WORKING GROUP CHARTER

Communication Security Measures for SCADA Systems

Agenda: Workforce Development for ICS Security

Security Levels in ISA-99 / IEC 62443

M I N U T E S PLANNING COMMITTEE CONFERENCE CALL

Critical Manufacturing Sector Government Coordinating Council Charter

Article IV Membership and Member Representatives

Frequency Asked Questions Information Security Management System (ISMS) Standards Version 3.0 May 2005

Energy Storage Safety Plan Implementation Kickoff

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

Program Overview. BOSC Homeland Security Subcommittee Meeting August 25, 2015

CWSS-SCM Annual Business Meeting Thursday, November 20 th, 2014 Fairmont The Queen Elizabeth Montreal, Québec

2016 CHAPTER OFFICERS & COMMITTEE ROLES

Association Executives

NIST Cybersecurity Framework. ARC World Industry Forum 2014

Facilitated Self-Evaluation v1.0

Where Smart Data meets Data Security Siemens Cloud for Industry powered by SAP HANA. April 2015

ISA Security Compliance Institute

TeleTrusT Bundesverband IT-Sicherheit e.v.

Information Security Management System Information Security Policy

An AFSCME Guide. chair. How to. a meeting

Working Group 5 Identity Management and Privacy Technologies within ISO/IEC JTC 1/SC 27 IT Security Techniques

Framework for Improving Critical Infrastructure Cybersecurity

Standardizing contactless communication between ticketing equipment and fare media Transport Ticketing 2014

Kevin Staggs - CISSP February 2, Patch Management

Call to Order: Jeff Dumermuth, President called the meeting to order at 10:05 AM

Energy sector control centers across the nation, such as this one at Kansas City Power & Light, benefit from the system security assessments

Incident Standard Service Request Information Request. IT Request. Minor/Low Impact Change to Existing Service. Capture and refine the idea

1 Call meeting to order Jon Aubart, Chair. 2 Establish Quorum and Adopt Agenda Jon Aubart, Chair

AG E N D A O C T O B E R 27 30, WO R K I N G G R O U P M E E T I N G W V W 0 1. M Ve r s i o n 1. 1

ISO/IEC/IEEE The New International Software Testing Standards

Organization for Transformative Works. Volunteers & Recruiting Annual Report

Critical Infrastructure Cybersecurity Framework. Overview and Status. Executive Order Improving Critical Infrastructure Cybersecurity

NIST Cybersecurity Framework Manufacturing Implementation

The State-of-the-State of Control System Cyber Security

H 2 USA Update. Department of Energy Annual Merit Review Panel Hydrogen Infrastructure Thursday, June 19, 2014

Fundamental Issues: Nuclear Generators Lead Cyber Security

Preparing yourself for ISO/IEC

Global Industrial Cyber Security Professional GICSP

Transcription:

Date: May 14, 2015 Time: 11:00 ET US Lead: E. Cosman Notes: E. Cosman Distribution: ISA99 committee and stakeholders ISA99 Working Group 5 ISA99 Working Group 5 ISA 67 Alexander Drive PO Box 12277 Research Triangle Park, NC 27709 Telephone 919/549-8411 Fax 919/549-8288 Name Affiliation Group Present Ayman Al-Issa WG1 Eliana Brazda ISA Staff P Eric Cosman OIT Concepts LLC Chair P William Cotter 3M PI&CS WG6 P John Cusimano AE Solutions WG7 Jim Gilsinn Kenexis WG2 Andrew Ginter Waterfall WG1 Tom Good DuPont WG2 Vic Hammond Argonne National Laboratory WG12 P Dennis Holstein Opus Consulting Group WG12 Lee Neitzel Consultant TC65 WG10 Johan Nye ExxonMobil WG4 Tom Phinney Consultant TC65 WG10 Jeff Potter Emerson Process Management WG3/4/7 P Charley Robinson ISA Staff P Ragnar Schierholz ABB WG3 Kevin Staggs Honeywell Corporate Research WG4 Herman Storey Consultant WG9 P Donovan Tindill Honeywell WG6 Joe Weiss Applied Control Solutions WG11 P P Present; p Partial attendance; D Declined or Unavailable Page 1 of 5

1. Old Business 1.1 Action Items The following are pending from previous meetings:- ID Action Item Responsibility Status Comments 12 Work with Jake Jackson on the process for embedding writers in the work and task groups. 24 Develop a single timeline that shows projected milestones for each of the 62443 work products. 32 Have WG4 discuss how to address supply chain, including manufacturing requirements for cybersecurity. 34 Poll WG5 members about the possibility of rescheduling these calls. Eric Suspended Eric has opened an Email dialog with Jake. The first step is to describe the role. Charley, Eric Closed The timeline tool is in place. Now we have to keep the data current. Johan N. Open Eric C. Closed Eric sent a note to WG5 to get feedback. Add link to milestone plan to minutes, as well as the Wiki. 2. New and Continuing Business In addition to regular work group updates the following specific topics will be addressed in this meeting. Face to face meeting plans Insurance Interest 3. Working Group Updates 3.1 WG1: Technologies (From April 30): Ayman reported that the meeting this week was well attended by the group; the discussion covered authentication methods, VPNs, industrial cybersecurity, etc. There was no report from this group. 3.2 WG2: Security Program (From April 30): Jim G. noted that he should have the draft of ISA-62443-2-1 by Monday, a cleaned up version with material that updates the requirements from the 2009 edition. Jim has posted the latest draft of ISA-62443-1-1 on the portal. 3.3 WG3: Concepts and Models (From April 30): There was no report from this group. This group met on Monday. The primary topic discussed was the relationship between the various life cycles used in the 62443 series. The group agreed that the general model developed by Pierre and Ragnar and the more focused model offered by John Cusimano are complementary. 3.4 WG4: Technical Requirements (From April 30): This group did not meet this week. The WG4 leaders did not meet his week. Page 2 of 5

3.5 WG6: Patch Management (From April 30): Jim G. has completed ISA-TR62443-2-3 and is getting the IEC version cleaned up and should be done with it today or tomorrow. He will be ready to go with publication of ISA-TR62443-2-3 shortly. The final 62443-2-3 documents are complete (ISA and IEC versions). WG6 is conducting a survey about next steps. This group has no plans to meet in Frankfurt. 3.6 WG7: Safety & Security (From April 30): ISA84 met and there was discussion about the safety & security technical report. Jim is continuing his work with that group, along with other members of WG7. TG1 met in the regular WG12 time slot. They are waiting for revisions to ISA-84.00.09. Based on comments from Hal Thomas, Vic Maggioli and other ISA84 members it appears that ISA84 and ISA99 are aligned with respect to the security and safety topic. Dennis Holstein will be providing a summary of status at the planned meeting of the IEC ad-hoc group in Vienna. 3.7 WG8: Communication and Outreach (From April 30): There was no update from this Work Group. There was no update from this Work Group. Our recent difficulties in getting the news out about our Frankfurt meeting point out the need to focus more on communications. 3.8 WG9: Wireless and Security JWG (From April 30): There was no report from this group. Herman was asked to give a talk at the ISA Analysis Division Symposium in Galveston, Texas. The stated theme was remote access, but it developed more into a security topic, related to third party (vendor) remote access. There was good discussion but no formal follow-up. Jeff said that his experience has been that best practices involve a single portal maintained by the customer that provides an entry point for all vendors. It is important to make sure that remote access is secure during assembly, commissioning, FAT, etc. This is more of a topic for ISA99 than ISA100. Specific guidelines are required. This is a possible use case for ISA-62443-1-4. 3.9 WG11: ISA99-ISA67 JWG on cyber security for nuclear plants (From April 30): Joe submitted comments on the TC45A CD. There is an IAEA meetings in the first week of June. Joe will be presenting, as well as participating on a panel on standards. 3.10 WG12: Metrics (From April 30): The group is on schedule for a mid-june circulation of the draft for comment; the draft document has gone through several edits. The charter for WG12 was approved by ISA99, unanimously approved. The group is working to rebuild 62443-1-3 in accordance with the charter. This group is working on a Draft for Comment (DC) which is planned for the end of June. This group will be meeting in Frankfurt. All comments from previous review are being addressed. 3.11 IEC TC65 WG10, ISO/IEC JTC1/SC27, and Other International Liaisons (From April 30): Joe W. submitted comments on the draft SC45A CD on nuclear pipeline security. Jim G. submitted the ISA99 liaison report to ISO/IEC JTC1/SC27 prior to their meeting in May. There was no report on this topic. Page 3 of 5

4. Committee Planning and Direction 4.1 Committee Work Product Roadmap Once we have confirmed the content of this document we will add a link to the committee wiki. The working copy is available in the Shared library: 4.2 Face to Face Meeting Planning http://isa99.isa.org/shared/planning/work-product-roadmap.xlsx (From April 30): WG12 has asked for a ½-day meeting in Frankfurt. Dennis H. expressed concern that there is no finalized agenda yet for the meeting. He thinks there may limited US participation in the meeting given that getting authorization from companies would require a more detailed agenda. Ayman expressed concern that the agenda and logistics need to be finalized in order for him to apply for his Visa to Germany. Charley confirmed that Lee will be in Frankfurt. We will schedule the lessons learned sessions in sequence on Thursday afternoon. Eric will send a note to the committee tomorrow with a copy of the agenda document. 4.3 WG5-TG1: Editors task group (Jim G.) Eliana will take care of reconciling the IEC and ISA versions of 62443-2-3. Once this has been completed there will be a quick default ballot to give voting members a chance to look at the final copy and confirm their previous votes. 5. External Initiatives Joe has spoken with representatives of insurance companies who are considering (or offering) cybersecurity related policies. They are trying to determine what has to be considered with respect to IACS. DHS has a Cyber Incident Data and Analysis (CIDA) working group that is looking at this and has asked for SME input from AF. Eric is offering input with Steve Mustard and Leo Staples. It is not clear that we need any more formal structure in the committee. Jeff suggested that someone should also try to determine if asset owners want this too. 6. Liaison Activities 6.1 Discussions with IEEE about cyber related activities There was no update on this topic. 6.2 Cybersecurity in Field Bus communications There is a meeting of the FieldComm group scheduled for Toronto in June. Jeff and Ragnar will attend. Security is one of the topics. Ragnar is chairing a security subgroup. The exact scope has to be defined, followed by specific tasks and objectives. Herman volunteered to help. Page 4 of 5

7. Membership and Recruitment There was no update on this topic. 8. Conferences and Events (From April 2): The next ICSJWG meeting is scheduled for the same week as the Frankfurt meeting. Ayman asked about an ISA conference planned for the end of May in the Middle East. He will provide more details. The ICS cyber security conference will be held in Atlanta on October 26-29. 9. Other Committee Business / Issues (From April 30): The most recent ISA99 Overview presentation that Jim G. could find on the ISA99 SharePoint, dated January 22, 2015, is available at: http://isa99.isa.org/public/information/201501-isa99-overview.pptx. There were no additional items mentioned. 10. Meeting Close The meeting adjourned at approximately 12:00 ET US. 10.1 Action Item Update ID Action Item Responsibility Status Comments 35 10.2 Next call / Adjourn The next WG5 call is scheduled for May 28, 2015 at 11:00 ET US. Page 5 of 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information