Presentation is loading. Please wait.

Presentation is loading. Please wait.

Standards Certification Education & Training Publishing Conferences & Exhibits ISA SP-99 Working Group #3 October 27, 2005 Chicago, IL Eric Cosman, Evan.

Published byNoah Adams Modified over 8 years ago

Similar presentations

Presentation on theme: "Standards Certification Education & Training Publishing Conferences & Exhibits ISA SP-99 Working Group #3 October 27, 2005 Chicago, IL Eric Cosman, Evan."— Presentation transcript:

1 Standards Certification Education & Training Publishing Conferences & Exhibits ISA SP-99 Working Group #3 October 27, 2005 Chicago, IL Eric Cosman, Evan Hand

2 ISA–The Instrumentation, Systems, and Automation Society 2 Meeting Purpose Assess the current status of the content of dS99.00.01 and determine what additional work is required to create a draft suitable for committee vote. –Review each of the major sections and identify any needed additions or updates. Create specific assignments and expected completion dates.

3 ISA–The Instrumentation, Systems, and Automation Society 3 Session Ground Rules One topic will be discussed at a time. All opinions and input are important but some discussions may be tabled in order to keep to the agenda. All unresolved topics and action items will be recorded for follow-up. Please yield to the meeting leader to help keep the sessions on track

4 ISA–The Instrumentation, Systems, and Automation Society 4 SP-99 Goals (A Review) Capture current industry “best practice” thought and apply it to the industrial automation environment in a manner that clearly communicates to this industry space Provide guidance on the applicability of current technologies to industrial automation systems Create recommendations for future security needs Create standards that are specifically tailored to the unique needs of industrial automation systems

5 ISA–The Instrumentation, Systems, and Automation Society 5 A Brief History of ISA SP-99 Foundations formed in late 2001 Committee formed in July 2002 First meetings in Chicago (October 2002) Regular meetings since 2002 Two Technical Reports published Two parts of the standard being prepared

6 ISA–The Instrumentation, Systems, and Automation Society 6 Purpose Statement “The SP99 Committee will establish standards, recommended practices, technical reports, and related information that will define procedures for implementing electronically secure manufacturing and control systems and security practices and assessing electronic security performance. Guidance is directed towards those responsible for designing, implementing, or managing manufacturing and control systems and shall also apply to users, system integrators, security practitioners, and control systems manufacturers and vendors.”

7 ISA–The Instrumentation, Systems, and Automation Society 7 ISA SP-99 Scope The SP99 Committee addresses Manufacturing and Control Systems whose compromise could result in any or all of the following situations: –endangerment of public or employee safety –loss of public confidence –violation of regulatory requirements –loss of proprietary or confidential information –economic loss –impact on national security

8 ISA–The Instrumentation, Systems, and Automation Society 8 “Manufacturing & Control Systems” “The concept of manufacturing and control systems security is applied in the broadest possible sense, encompassing all types of plants, facilities, and systems in all industries. Manufacturing and control systems include, but are not limited to, hardware and software systems such as DCS, PLC, SCADA, networked electronic sensing, and monitoring and diagnostic systems, and associated internal, human, network, or machine interface used to provide control, safety, and manufacturing operations functionality to continuous, batch, discrete, and other processes.”

9 ISA–The Instrumentation, Systems, and Automation Society 9 Current Organization ISA 99.00.01 – Scope, Concepts, Models & Terminology ISA 99.00.02 – Establishing a Manufacturing and Control Systems Security Program ISA 99.00.03 – Operating a Manufacturing and Control Systems Security Program ISA 99.00.04 – Specific Security Requirements for Manufacturing and Control Systems

10 ISA–The Instrumentation, Systems, and Automation Society 10 Our Objectives Make sure that: –the necessary fundamental concepts are addressed –each major topic is well framed and bounded –introductory sections establish the proper foundation for the more detailed parts that follow (forward references) –detailed information is consistent with basic concepts introduced earlier (backward references)

11 ISA–The Instrumentation, Systems, and Automation Society 11 Messages from October 24 Meeting Expand the title to include “Scope” (i.e., Scope of the ISA-99 series) Scope: –Current material addresses the scope of the subject; not just part 1 –Move this information into the foreword or introduction –Repurpose as the scope of this document Normative References –Move non-normative references to a bibliography (check for alignment with ISA style guide) Glossary –Glossary terms to be finalized and all sources cited

12 ISA–The Instrumentation, Systems, and Automation Society 12 Messages from October 24 Meeting Overview: –Material from the current Overview can move to the Introduction Concepts: –List of concepts needs review for completeness –any concepts in Part 2 that need a foundation? Models: –Rationalize various discussions related to security “Level” –Confirm use of material from INL Framework –Complete the few remaining “empty parts” Case Studies: –Should illustrate the application of models and concepts

13 ISA–The Instrumentation, Systems, and Automation Society 13 Sections and Clauses (Revised) Foreword –Structure of ISA-99, including a description of the content of each part Introduction –Describe the “boundaries of investigation” of the subject. (i.e., what is included in “M&CS Security?”) Clause 1: Scope –Establish the scope of this document (Part 1) Clause 2: Normative References –List of other documents or standards that form the basis for this work Clause 3: Glossary –consolidated list of terms for all parts of ISA-99

14 ISA–The Instrumentation, Systems, and Automation Society 14 Sections and Clauses (Revised) Clause 4: Overview of the Subject –Why is this subject important? –What has changed from past situations and practices? –What are seen as major trends? Clause 5: Concepts –Describes the fundamental concepts that form the basis of ISA-99? Clause 6: Models –Describe the basic models and how they are related Annex: Case Studies Annex: Bibliography

15 ISA–The Instrumentation, Systems, and Automation Society 15 Things to Consider… necessary fundamental concepts are addressed each major topic is well framed and bounded introductory sections establish the proper foundation for the more detailed parts that follow (forward references) detailed information is consistent with basic concepts introduced earlier (backward references)

16 ISA–The Instrumentation, Systems, and Automation Society 16 Introduction Describe the “boundaries of investigation” of the subject. Think of this as a “scope” for all four parts. Could be replicated in Parts 2 through 4

17 ISA–The Instrumentation, Systems, and Automation Society 17 Scope of Security Standards Common technologies, policies and practices Company Management Data Presentation Company Management Information Company Production Assignment Scheduling Supervision Company Production Scheduling Assignment Operational & Production Supervision Production Scheduling & Operational Management Supervisor’s Console Inter-Area Coordination Supervisor’s Console Supervisory Control Operator’s Console Direct Digital Control Level 5 Level 4 Level 3 Level 2 Level 1 Controllers Process IT Security Policies and Practices (ISO 17799) Mfg Security Policies and Practices (ISA 99) Process Safety (ISA 84, IEC 61508, IEC 61511) Purdue reference Model Levels Common technologies, policies and practices Company Management Data Presentation Company Management Information Company Production Assignment Scheduling Supervision Company Production Scheduling Assignment Operational & Production Supervision Production Scheduling & Operational Management Supervisor’s Console Inter-Area Coordination Supervisor’s Console Supervisory Control Operator’s Console Direct Digital Control Level 5 Level 4 Level 3 Level 2 Level 1 Controllers Process IT Security Policies and Practices (ISO 17799) Mfg Security Policies and Practices (ISA 99) Process Safety (ISA 84, IEC 61508, IEC 61511) Purdue reference Model Levels

18 ISA–The Instrumentation, Systems, and Automation Society 18 Clause 1: Scope Has to be rewritten to address this document only. Expand on one element of the outline that appears in the foreword Look to other ISA and IEC standards for examples

19 ISA–The Instrumentation, Systems, and Automation Society 19 Clause 2: Normative References (Models & Concepts) ANSI/ISA 95.00.01-2000, Enterprise-Control System Integration Part 1: Models and Terminology ANSI/ISA-88.01-1995, Batch Control Part 1: Models and Terminology ISO/IEC 7498: Information processing systems – Open System Interconnection – Basic reference Model, Part 2: Security Architecture ISO 15408, Common Criteria

20 ISA–The Instrumentation, Systems, and Automation Society 20 Clause 2: Normative References (Terminology) CNSS Instruction No. 4009, National Information Assurance Glossary, May 2003 SANS Glossary of Terms used in Security and Intrusion Detection, May 2003 RFC 2828, Internet Security Glossary, May 2000 Federal Information Processing Standards (FIPS) PUB 140-2, (2001) “SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES,” Section 2, Glossary of Terms and Acronyms, U.S. National Institute of Standards and Technology. Federal Information Processing Standards Publication, FIPS PUB 140-2, Security Requirements for Cryptographic Modules, December 2002

21 ISA–The Instrumentation, Systems, and Automation Society 21 Clause 3: Glossary Will incorporate terms from Part 2 Consolidate definitions with AGA-12 and other related efforts

22 ISA–The Instrumentation, Systems, and Automation Society 22 Clause 4: Overview of the Subject Some of this content may be relocated to Introduction Section will survive if sufficient content remains

23 ISA–The Instrumentation, Systems, and Automation Society 23 Clause 5: Concepts Security Context Reference Model Zones and Conduits Security Levels Policy

24 ISA–The Instrumentation, Systems, and Automation Society 24 Context Model (from ISO 15408)

25 ISA–The Instrumentation, Systems, and Automation Society 25 Model Relationships

26 ISA–The Instrumentation, Systems, and Automation Society 26 Basic Reference Model Enterprise Site Business Planning and Logistics Site Manufacturing Operations and Control Area Supervisory Control Basic Control Safety- Critical Process Level 5 Level 4 Level 3 Level 2 Level 1 Level 0 Enterprise Manufacturing Control Safety

27 ISA–The Instrumentation, Systems, and Automation Society 27 Detailed Reference Model Safety-Critical Protective Systems Safety Instrumented Systems Level 0 - Field Instrumentation Sensors, Transmitters, Control Valves Field Networks (e.g. Foundation Fieldbus, Profibus) Level 1 - Basic Process Control Batch Controllers Continuous Controllers Discrete Controllers Process Monitoring Level 2 - Area Supervisory Control Supervisory Controllers Primary Operator Interface Level 3 - Site Manufacturing Operations Production Control Optimizing Control Process History Windows Domains Level 4 - Site Business Planning Site Production Scheduling Site Accounting Site Business Network Process Protective System Production Control Process History Batch Control Discrete Control Supervisory Control Operator Interface Process Control Network WAN Router Level 5 - Enterprise Enterprise Financial Systems Continuous Control Process Monitoring Supervisory Control Operator Interface Enterprise Network Optimizing Control

28 ISA–The Instrumentation, Systems, and Automation Society 28 Clause 6: Models Assets Reference Architecture Zones and Conduits Maturity Security Integrity

29 ISA–The Instrumentation, Systems, and Automation Society 29 Assets

30 ISA–The Instrumentation, Systems, and Automation Society 30 Zone Model

31 ISA–The Instrumentation, Systems, and Automation Society 31 Maturity Model May “adopt” content from Part 2

32 ISA–The Instrumentation, Systems, and Automation Society 32 Security Integrity Introduces “security levels” Current content, technical note and other sources

33 ISA–The Instrumentation, Systems, and Automation Society 33 Annex: Case Studies

Download ppt "Standards Certification Education & Training Publishing Conferences & Exhibits ISA SP-99 Working Group #3 October 27, 2005 Chicago, IL Eric Cosman, Evan."

Similar presentations

Module N° 4 – ICAO SSP framework

Module N° 4 – ICAO SSP framework
EMS Checklist (ISO model)

EMS Checklist (ISO model)
Course Material Overview of Process Safety Compliance with Standards

Course Material Overview of Process Safety Compliance with Standards
Dr Lami Kaya LamiKaya@gmail.com ISO 27001 Information Security Management System (ISMS) Certification Overview Dr Lami Kaya LamiKaya@gmail.com.

Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya
ANSI/ASQ E Overview Gary L. Johnson U.S. EPA

ANSI/ASQ E Overview Gary L. Johnson U.S. EPA
Software Quality Assurance Plan

Software Quality Assurance Plan
How to Document A Business Management System

How to Document A Business Management System
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Implementation/Acceptance Testing / 1 Implementation and Acceptance Testing Physical Implementation Criteria: 1. Data availability 2. Data reliability.

Implementation/Acceptance Testing / 1 Implementation and Acceptance Testing Physical Implementation Criteria: 1. Data availability 2. Data reliability.
Examine Quality Assurance/Quality Control Documentation

Examine Quality Assurance/Quality Control Documentation
Management Responsibility Procedure Tutorial. Introduction to Management Responsibility In this presentation we will discuss how to write a procedure.

Management Responsibility Procedure Tutorial. Introduction to Management Responsibility In this presentation we will discuss how to write a procedure.
Welcome ISO9001:2000 Foundation Workshop.

Welcome ISO9001:2000 Foundation Workshop.
Complying With The Federal Information Security Act (FISMA)

Complying With The Federal Information Security Act (FISMA)
ISA–The Instrumentation, Systems, and Automation Society SP99 Work Group 2 TR#2 “Second Edition” Long Beach Meeting April 28, 2004.

ISA–The Instrumentation, Systems, and Automation Society SP99 Work Group 2 TR#2 “Second Edition” Long Beach Meeting April 28, 2004.
Introduction to Software Quality Assurance (SQA)

Introduction to Software Quality Assurance (SQA)
2009 NWCCU Annual Meeting Overview of the Revised Accreditation Standards and New Oversight Process Ronald L. Baker Executive Vice President and Director,

2009 NWCCU Annual Meeting Overview of the Revised Accreditation Standards and New Oversight Process Ronald L. Baker Executive Vice President and Director,
Basics of OHSAS Occupational Health & Safety Management System

Basics of OHSAS Occupational Health & Safety Management System
Audit objectives, Planning The Audit

Audit objectives, Planning The Audit
October 2009 Klaus Grensemann, Division WS 23 St. Petersburg 1 Development and Implementation of an Overall E-Navigation Strategy.

October 2009 Klaus Grensemann, Division WS 23 St. Petersburg 1 Development and Implementation of an Overall E-Navigation Strategy.
ISA 562 Internet Security Theory & Practice

ISA 562 Internet Security Theory & Practice

Similar presentations

Ads by Google