Emerson’s Mike Boudreaux pointed me to a great article written by ISA84 committee member, Paul Gruhn. The article, Safety, Security groups form joint working group, describes the reasons for the ISA84 Process Safety standards group and the ISA99, Industrial Automation and Control System Security group joining forces. ISA99 Working Group 7 (WG7) is the home of this effort and is chaired by Mike and Kenexis Security’s Bryan Singer.
Paul’s article acknowledges that we all learn from our own mistakes:
…but when it comes to the safety and security of high-risk process facilities, it is important we learn from the mistakes of others. That is the collective knowledge that standards are built on.
In the article, he describes how safety and security are similar:
…the greater the level of risk in a process, the better the safety instrumented systems that will be needed to control it. Similarly, the greater the level of risk of a security breach, the stronger the measures will be needed to combat it.
I asked Mike for some recent developments with WG7. He told me that they have created task groups to review the existing ISA99 standard as well as the two leading global safety standards related to process manufacturers–IEC 61508 and IEC 61511. Other relevant standards are also being considered. The intent is to look at how the lifecycle and risk reduction methodologies in these safety standards might be applied to automation system security.
Mike described three task groups that have been created: ISA-99 WG07.TG01-2009, -.TG02-2009, and -TG03-2009. Brian Singer leads the TG01 group and they are working on the creation of the ISA-99 WG07 charter document.
Mike leads TG02 and his task group is assembling a list of recommendations to the ISA99 leadership on how to improve consistency with other engineering practices. They would also provide a list of recommendations on key benefits of the current ISA99 approach or additional areas of opportunity to provide value. Finally, the task group will provide input to the standards roadmap for the documents that will receive WG7 content and any other needed documents.
The final work group, TG03 is lead by Jim Gilsinn whose group will lead the effort for a target outline and document structure for the WG7 work products.
These structures help provide a framework for collective knowledge sharing that’s required to develop security standards, which will benefit process manufacturers the way ISA84 and IEC 61511 have benefitted them from a process safety standpoint.
For those of you who use Twitter (and you should! J), you can follow updates by Mike and Bryan and Dow’s Eric Cosman on this important standards effort at @isa99chair.
Update: Mike shared with me that Bryan Singer and Eric Cosman of Dow Chemical are the two folks who manage the ISA99chair Twitter account and I’ve fixed the post above.