Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISA–The Instrumentation, Systems, and Automation Society ISA SP-99 Introduction: Manufacturing and Control Systems Security -- Kickoff Meeting Call to.

Published byGriffin Hardy Modified over 8 years ago

Similar presentations

Presentation on theme: "ISA–The Instrumentation, Systems, and Automation Society ISA SP-99 Introduction: Manufacturing and Control Systems Security -- Kickoff Meeting Call to."— Presentation transcript:

1 ISA–The Instrumentation, Systems, and Automation Society ISA SP-99 Introduction: Manufacturing and Control Systems Security -- Kickoff Meeting Call to Order Images Contained Herein May Not be Used Without Explicit Permission

2 ISA SP-99 Agenda Item 2 Introductions/Circulate Roster

3 ISA SP-99 Agenda Item 3 Review and Modify the Agenda

4 ISA SP-99 Agenda Item 4 Nominate Vice-Chairman and Secretary Discussions on Nominations Identify Nominees if possible

5 ISA SP-99 Agenda Item 5 Review Officer Responsibilities and Guidelines Managing Director appoints Chairman Appoint Vice Chairman Appoint Secretary Other responsibilities … 1- From S&P Manual of Procedures, Dec 8 1997

6 ISA SP-99 Agenda Item 6 Recommendations for Further Appointments Editor(s) Others

7 ISA SP-99 Agenda Item 7 S&P Procedures Standards and Practices Committee Guide Standard and Practices Department Manual of Procedures

8 ISA SP-99 Agenda Item 8 Review of Scope, Purpose, Title, Tasks

9 ISA SP-99 Scope and Purpose Manufacturing & Process Control systems whose failure or compromise of contained information could endanger public or employee health or safety, violate federal or state regulations, or cause economic loss, and which have interfaces providing communications with external systems. For the purposes of this standard, manufacturing & process control systems is taken in the broadest possible sense, to include both process control, manufacturing operations and systems, continuous, discrete, and batch, control and safety systems, serving all types of plants, facilities, and systems in all industries. Agenda Item 11

10 ISA SP-99 Title Manufacturing and Control Systems Security Agenda Item 11

11 ISA SP-99 Committee Liaisons ISA SP-95 Keith Unger ISA SP-67 Bob Webb ISA SP-91 TBD ISA SP-84 Vic Maggioli ISA SP-50 TBD NIST PCSRF – Dave Teumim IEC, IEEE, IAS? Others?

12 ISA SP-99 Vendor Representatives Who do we have Currently Represented? Who Else should we Attempt to Involve?

13 ISA SP-99 Agenda Item 10 Technical Report Working Group Initial Proposed Section Titles: Manufacturing and Control Systems Security Overview Survey of Technology as Applicable to Manufacturing and Control Systems Integrating Security into the Manufacturing and Control Systems Environment Audit and Metrics of Security Performance

14 ISA SP-99 Technical Report Purpose n “Close the Barn Door After the Horse is Gone.” Security is already a problem n Make technical and procedural recommendations that will improve current security of process control systems, but not necessarily finalized measures n Represent current “best practice” thoughts and general recommendations in absence of the full discovery and analysis of the standards creation process n Essence should be on speed of delivery with definite goals, under the premise that a full standards effort is right behind the technical report Agenda Item 11

15 Technical Report Section 1: Manufacturing and Control System Security Overview n Provide General Introduction, Statement of Intent, Purpose, Etc for Technical Report n Definition of Scope n Definition of Terminologies Used Within Report n Reference Resources Used in Creation of Report l ISO/IEC 17799 l BS 17799-2 l ISO/IEC 15408 l NIST PCSRF SPS l ISO/IEC 13335 l Others? Agenda Item 11

16 ISA–The Instrumentation, Systems, and Automation Society Technical Report Section 2: Survey of Technology as Applicable to Control Systems Eric Byres, P.Eng. eric_byres@bcit.ca Agenda Item 12

17 The Task n Prepare an abstract for: Section 2 -Survey of Technology as applicable to Manufacturing and Control Systems. n Base this on ISO 17799 standard.

18 Bad News… n The ISO 17799 Standard Doesn’t Really Address Technology Well. n Focuses on Audit “Check List” Agenda Item 12

19 Proposed Solution n Define 5 Broad Classes for Security Technology: 1. Filtering/blocking Technology (E.G. Firewalls) 2. Encryption Technology 3. Authentication Technology 4. Detection Technology (Intrusion Prevention) 5. Data Validation/ Integrity Technology Agenda Item 12

20 Comments? n Is There Better Technology Classifications to Be Found Elsewhere? n Are We Missing Anything? l E.G. Technology for Non-repudiation? l E.G. Should Filtering Be Part of Authentication? n Will Something New Show up Next Year? Agenda Item 12

21 Technical Report Section 3- Integrating Security into the Manufacturing and Control Systems Environment Agenda Item 13

22 Technical Report Section 3 Overview Agenda Item 13 n Guidelines for Asset Identification and Business Requirements Modeling for Process Control Systems n General Guidelines for Threat Vulnerability and Assessment n Application of Commonly Accepted Technologies and Security Practices to the Control Systems Environment

23 Technical Report Section 4 – Audit and Metrics Agenda Item 14 n Tools, Checklists, Etc for Self Evaluation of Security Policies, Practices, and Procedures n Evaluation Tools for Analyzing Technological Performance a Security Measures n Audit Procedures for Evaluating Performance of Business Model Including Security Policies.

24 ISA SP-99 Agenda Item 15 Next Steps for Technical Report Organize Committee Into General Subcommittees to Continue Work Produce Framework of Report Sections by January 2003 Produce Initial Draft of Sections by March 2003 Produce Final Draft for Approval by July 2003

25 ISA SP-99 Agenda Item 16 Schedule Next Meetings Conference Call in November? Conference Call in December? ISA Show in Houston, next Face to Face?

26 ISA SP-99 Agenda Item 17 Additional Agenda Items – New Business

27 ISA SP-99 Agenda Item 18 Review Action Items

28 ISA SP-99 Agenda Item 19 Final Comments/Adjourn Bryan_singer@entegreat.com

Download ppt "ISA–The Instrumentation, Systems, and Automation Society ISA SP-99 Introduction: Manufacturing and Control Systems Security -- Kickoff Meeting Call to."

Similar presentations

ASTM OFFICERS CONFERENCE SUBCOMMITTEE CHAIRMENS DUTIES AND RESPONSIBILITIES.

ASTM OFFICERS CONFERENCE SUBCOMMITTEE CHAIRMENS DUTIES AND RESPONSIBILITIES.
Secure Systems Research Group - FAU Process Standards (and Process Improvement)

Secure Systems Research Group - FAU Process Standards (and Process Improvement)
Security Controls – What Works

Security Controls – What Works
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
SECURITY SIG IN MTS 28 TH JANUARY 2015 PROGRESS REPORT Fraunhofer FOKUS.

SECURITY SIG IN MTS 28 TH JANUARY 2015 PROGRESS REPORT Fraunhofer FOKUS.
Top Tactics for Maximizing GMP Compliance in Blue Mountain RAM Jake Jacanin, Regional Sales Manager September 18, 2013.

Top Tactics for Maximizing GMP Compliance in Blue Mountain RAM Jake Jacanin, Regional Sales Manager September 18, 2013.
ISA–The Instrumentation, Systems, and Automation Society SP99 Work Group 2 TR#2 “Second Edition” Long Beach Meeting April 28, 2004.

ISA–The Instrumentation, Systems, and Automation Society SP99 Work Group 2 TR#2 “Second Edition” Long Beach Meeting April 28, 2004.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
S/W Project Management

S/W Project Management
Introduction to ISO 14000. International Organization for Standardization (ISO) n Worldwide federation of national standards bodies from over 100 countries,

Introduction to ISO International Organization for Standardization (ISO) n Worldwide federation of national standards bodies from over 100 countries,
Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.

Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.
Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2007 ISA ISA 99 WG4 Technical Requirements Organization and.

Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2007 ISA ISA 99 WG4 Technical Requirements Organization and.
Doc.: IEEE 15-06-0078-00-0000 TG4a January 2006 Pat Kinney - Kinney Consulting LLC.Slide 1 Project: IEEE P802.15 Working Group for Wireless Personal Area.

Doc.: IEEE TG4a January 2006 Pat Kinney - Kinney Consulting LLC.Slide 1 Project: IEEE P Working Group for Wireless Personal Area.
ISA–The Instrumentation, Systems, and Automation Society SP99 Work Group 2 Planning for TR#2 Second Edition Long Beach Meeting April 28, 2004.

ISA–The Instrumentation, Systems, and Automation Society SP99 Work Group 2 Planning for TR#2 Second Edition Long Beach Meeting April 28, 2004.
Federal Aviation Administration Federal Aviation Administration 1 Presentation to: Name: Date: Federal Aviation Administration AMHS Security Security Sub-Group.

Federal Aviation Administration Federal Aviation Administration 1 Presentation to: Name: Date: Federal Aviation Administration AMHS Security Security Sub-Group.
Deakin Richard Tan Head, Information Technology Services Division DEAKIN UNIVERSITY 14 th October 2003.

Deakin Richard Tan Head, Information Technology Services Division DEAKIN UNIVERSITY 14 th October 2003.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.

Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
Introduction to the ISO 27000 series ISO 27000 – principles and vocabulary (in development) ISO 27001 – ISMS requirements (BS7799 – Part 2) ISO 27002 –

Introduction to the ISO series ISO – principles and vocabulary (in development) ISO – ISMS requirements (BS7799 – Part 2) ISO –

Similar presentations

Ads by Google