ISA Leading Development of Electric Energy Operational Technology Security Profile for IEC 62443 Standard

June 1, 2022

The U.S. Department of Energy (DOE), global equipment suppliers, and other stakeholders announced the establishment of the Electric Energy OT Security Profile working group hosted by the International Society of Automation ISA99 standards committee.

The Electric Energy OT Security Profile will be a cybersecurity work product utilizing the ISA/IEC 62443 series of standards. The final product will be a formal ISA/IEC 62443 application guide, recognized globally as the consensus work product for securing various control systems used in electric energy generation, transmission, and distribution operations.

The ISA/IEC 62443 standards are designated as a horizontal standard, applicable to many industry sectors and applications. Industry groups leverage the ISA/IEC 62443 standard series as the basis for securing industrial control systems (ICS). DOE’s Securing Energy Infrastructure Executive Task Force (SEI ETF) evaluated available industry standards and recommended the electric energy OT applications be formalized as ISA/IEC 62443-5 security profile applications—gaining international energy sector consensus on applying ISA/IEC 62443 to electric energy OT applications.

The ISA Electric Energy OT Security Profile working group is seeking participation from industry groups, including the Institute of Electrical and Electronics Engineers (IEEE), the International Electrotechnical Commission (IEC), the International Council on Large Electric Systems (CIGRE), and other industry stakeholders to ensure consideration of and alignment with other cybersecurity work product development efforts.

The initiative will leverage the DOE SEI ETF’s Reference Architecture and Profiles for Electric Energy OT as a foundation for the ISA/IEC 62443-5 application profile development. The SEI Reference Architecture and Profiles and associated whitepaper will be available on the DOE website in the upcoming weeks.

“The Securing Energy Infrastructure Executive Task Force developed an OT-specific reference architecture for electricity systems to provide a common language for control system environments that can be used to design and assess security applications,” Puesh Kumar, Director, DOE Office of Cybersecurity, Energy Security, and Emergency Response (CESER). “The ISA Working Group represents an opportunity to validate these profiles and put them into practice for the energy industry. CESER is excited to see energy sector stakeholders carrying forward the task force’s reference architecture work.”

The Electric Energy OT Security Profile will be publicly available at no charge for asset owners, manufacturers, standards organizations, and other industry stakeholders. The application profiles will be used as a basis for designing, implementing, testing, and maintaining electric energy OT systems and their cybersecurity capabilities. They will also be useful by third-party assessment organizations and regulatory authorities around the globe.

Eric Cosman, Co-Chair of the ISA99 Standards Committee, noted that, “Global standards and supporting specifications provide efficiencies for end users, product suppliers, and system integrators that design, deliver, and support products and systems all around the world. One specification and one globally recognized certification provides needed transparency and reduces the regulatory burden on manufacturers.”

Companies and individuals interested in participating in the Electric Energy OT Security Profile working group should contact Eliana Brazda at ebrazda@isa.org to be added to the working group roster.

Source