Presentation is loading. Please wait.

Presentation is loading. Please wait.

Standards Certification Education & Training Publishing Conferences & Exhibits ISA SP-99 Structure & Organization October 24, 2005 Chicago, IL Bryan L.

Published byTimothy Wilkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Standards Certification Education & Training Publishing Conferences & Exhibits ISA SP-99 Structure & Organization October 24, 2005 Chicago, IL Bryan L."— Presentation transcript:

1 Standards Certification Education & Training Publishing Conferences & Exhibits ISA SP-99 Structure & Organization October 24, 2005 Chicago, IL Bryan L Singer, Eric Cosman, Tom Good, Evan Hand

2 ISA–The Instrumentation, Systems, and Automation Society 2 Meeting Purpose Review and revise the overall structure and contents of the SP99 standards, building on the current drafts of Parts 1 and 2. –The major sections of each part will be reviewed and decisions will be made as to how the material may be better organized in order to improve the flow between documents. –Specific attention will be given to the fundamental elements that form the basis for the standard. These include basic concepts, models and terminology.

3 ISA–The Instrumentation, Systems, and Automation Society 3 Specific Goals for Parts 1 & 2 Agreement on concepts and definitions that are common to the part 1 and part 2 standards Identification of additional areas where consistency is required

4 ISA–The Instrumentation, Systems, and Automation Society 4 Session Ground Rules! One topic will be discussed at a time. All opinions and input are important but the facilitators may table some discussions in order to keep to the agenda. All unresolved topics and action items will be recorded for follow-up. Please yield to the facilitator to help keep the sessions on track

5 ISA–The Instrumentation, Systems, and Automation Society 5 Agenda Topics for Today15 Minutes SP99 Background30 Minutes Scope and Name of Standard60 Minutes SP99 Overview90 Minutes SP99 Annotated Outline180 Minutes General Discussion, Transitions60 Minutes Wrap Up, Action Items, Close30 Minutes

6 ISA–The Instrumentation, Systems, and Automation Society 6 Topics for Today TopicDesired Outcome Naming and Scope Consensus on a naming of the standard that reflects true scope. SP99 OverviewUnderstanding and agreement on the “macro” organization of all parts of the standard, including placement of topics and transitions required. SP99 Annotated Outline An outline of all four parts of the standard, down to the second level. This includes a brief description of each topic. (1-2 sentences). The result is in a form suitable for communication to others.

7 ISA–The Instrumentation, Systems, and Automation Society 7 Agenda Topics for Today15 Minutes SP99 Background30 Minutes Scope and Name of Standard60 Minutes SP99 Overview90 Minutes SP99 Annotated Outline180 Minutes General Discussion, Transitions60 Minutes Wrap Up, Action Items, Close30 Minutes

8 ISA–The Instrumentation, Systems, and Automation Society 8 SP-99 Goals (A Review) Create a large “sounding board” for the applicability of current technologies to industrial automation systems Create recommendations for future security needs Create a standard which is specifically tailored to the unique needs of industrial automation systems Attempt to capture current industry “best practice” thought and apply it to the industrial automation environment in a manner that clearly communicates to this industry space

9 ISA–The Instrumentation, Systems, and Automation Society 9 A Brief History of ISA SP-99 Foundations formed in late 2001 Committee formed in 2002 (July), First meetings in Chicago Regular Meetings since October 2002 Two Technical Reports published Two parts of the standard being prepared

10 ISA–The Instrumentation, Systems, and Automation Society 10 ISA SP-99 Purpose “The SP99 Committee will establish standards, recommended practices, technical reports, and related information that will define procedures for implementing electronically secure manufacturing and control systems and security practices and assessing electronic security performance. Guidance is directed towards those responsible for designing, implementing, or managing manufacturing and control systems and shall also apply to users, system integrators, security practitioners, and control systems manufacturers and vendors.”

11 ISA–The Instrumentation, Systems, and Automation Society 11 Related Efforts (*) IEC 65C NIST PCSRF PCSF (DHS) IEEE ANSI CIGRE ISO CSWG NERC FERC (*) - Detailed references are available

12 ISA–The Instrumentation, Systems, and Automation Society 12 Obstacles Volunteer organization means uneven effort –How to get more volunteers, more consistently Adoption and Consensus process is slow moving –How can it be accelerated? Simultaneous work on Parts 1 and 2 can create disconnects –Why we are here today Other related industry efforts –Possible dilution of standards development efforts –Possible copyright problems in sharing information

13 ISA–The Instrumentation, Systems, and Automation Society 13 Agenda Topics for Today15 Minutes SP99 Background30 Minutes Scope and Name of Standard60 Minutes SP99 Overview90 Minutes SP99 Annotated Outline180 Minutes General Discussion, Transitions60 Minutes Wrap Up, Action Items, Close30 Minutes

14 ISA–The Instrumentation, Systems, and Automation Society 14 ISA SP-99 Scope The SP99 Committee addresses Manufacturing and Control Systems whose compromise could result in any or all of the following situations: –endangerment of public or employee safety –loss of public confidence –violation of regulatory requirements –loss of proprietary or confidential information –economic loss –impact on national security

15 ISA–The Instrumentation, Systems, and Automation Society 15 “Manufacturing & Control Systems” “The concept of manufacturing and control systems security is applied in the broadest possible sense, encompassing all types of plants, facilities, and systems in all industries. Manufacturing and control systems include, but are not limited to, hardware and software systems such as DCS, PLC, SCADA, networked electronic sensing, and monitoring and diagnostic systems, and associated internal, human, network, or machine interface used to provide control, safety, and manufacturing operations functionality to continuous, batch, discrete, and other processes.”

16 ISA–The Instrumentation, Systems, and Automation Society 16 Name of ISA SP-99 Standard Current Name: –Manufacturing and Control Systems Security Proposed Names –Automation and Control Systems Security –Process Control Systems Security –Industrial Control Systems Security –Industrial Automation Systems Security Your Thoughts ?

17 ISA–The Instrumentation, Systems, and Automation Society 17 Agenda Topics for Today15 Minutes SP99 Background30 Minutes Scope and Name of Standard60 Minutes SP99 Overview90 Minutes SP99 Annotated Outline180 Minutes General Discussion, Transitions60 Minutes Wrap Up, Action Items, Close30 Minutes

18 ISA–The Instrumentation, Systems, and Automation Society 18 SP-99 “Guide to the Standard” A separate document, prepared to introduce the reader to the general organization and scope of the standard Each section described in terms of: –Theme – describes the general theme or subject of the document. –Audience – addresses the type of reader who might find the material in this section most useful –Purpose – a specific purpose of set of objectives, in terms of the information conveyed and the level of understanding or awareness to be achieved –Organization – a general description of how the material in this part of the standard is organized, listing the major topics covered and describing how they are related –Questions Addressed – a list of potential questions that could be addressed by the material in this part of the standard

19 ISA–The Instrumentation, Systems, and Automation Society 19 Current Organization ISA 99.00.01 – Concepts, Models and Terminology ISA 99.00.02 – Establishing a Manufacturing and Control Systems Security Program ISA 99.00.03 – Operating a Manufacturing and Control Systems Security Program ISA 99.00.04 – Specific Security Requirements for Manufacturing and Control Systems

20 ISA–The Instrumentation, Systems, and Automation Society 20 Discussion Questions Is the four part structure still appropriate? Does the “Guide to the Standard” document adequately describe the material? Is there other descriptive material that we can develop or provide?

21 ISA–The Instrumentation, Systems, and Automation Society 21 Agenda Topics for Today15 Minutes SP99 Background30 Minutes Scope and Name of Standard60 Minutes SP99 Overview90 Minutes SP99 Annotated Outline180 Minutes General Discussion, Transitions60 Minutes Wrap Up, Action Items, Close30 Minutes

22 ISA–The Instrumentation, Systems, and Automation Society 22 Annotated Outline Builds on the “Guide to the Standard” The goal is to “lay out the puzzle pieces” and make sure that we have the right organization: Industrial Automation Systems Security Part 1 Part 2Part 3Part 4Part “N”?

23 ISA–The Instrumentation, Systems, and Automation Society 23 Our Objectives Make sure that: –the necessary fundamental concepts are addressed –each major topic is well framed and bounded –introductory sections establish the proper foundation for the more detailed parts that follow (forward references) –detailed information is consistent with basic concepts introduced earlier (backward references)

24 ISA–The Instrumentation, Systems, and Automation Society 24 Outline Review Refer to separate document: “SP99 Annotated Outline.doc”

25 ISA–The Instrumentation, Systems, and Automation Society 25 Part 1 Headings 1Scope 1.1Functional Elements 1.2Activity-Based Criteria 1.3Asset-Based Criteria 2Normative References 2.1Other References 3Definitions 3.1Common Terms and Definitions 3.2Abbreviations 4Overview 4.1Current Trends 4.2Current Situation 4.3Security Objectives 5Manufacturing and Control Systems Concepts 5.1Security Context 5.2Assets 5.3Models 5.4Risk 5.5Security Zones 5.6Conduits (Information Flows) 5.7Security Levels 5.8Policy 6Models 6.1Physical Models 6.2Logical Models 6.3Functional Models 6.4Conceptual Models

26 ISA–The Instrumentation, Systems, and Automation Society 26 Part 1 Key Concepts Scope Security Context Reference Model Zone and Conduit Model Security Levels Policy

27 ISA–The Instrumentation, Systems, and Automation Society 27 Scope of Security Standards Common technologies, policies and practices Company Management Data Presentation Company Management Information Company Production Assignment Scheduling Supervision Company Production Scheduling Assignment Operational & Production Supervision Production Scheduling & Operational Management Supervisor’s Console Inter-Area Coordination Supervisor’s Console Supervisory Control Operator’s Console Direct Digital Control Level 5 Level 4 Level 3 Level 2 Level 1 Controllers Process IT Security Policies and Practices (ISO 17799) Mfg Security Policies and Practices (ISA 99) Process Safety (ISA 84, IEC 61508, IEC 61511) Purdue reference Model Levels Common technologies, policies and practices Company Management Data Presentation Company Management Information Company Production Assignment Scheduling Supervision Company Production Scheduling Assignment Operational & Production Supervision Production Scheduling & Operational Management Supervisor’s Console Inter-Area Coordination Supervisor’s Console Supervisory Control Operator’s Console Direct Digital Control Level 5 Level 4 Level 3 Level 2 Level 1 Controllers Process IT Security Policies and Practices (ISO 17799) Mfg Security Policies and Practices (ISA 99) Process Safety (ISA 84, IEC 61508, IEC 61511) Purdue reference Model Levels

28 ISA–The Instrumentation, Systems, and Automation Society 28 Context Model (from ISO 15408)

29 ISA–The Instrumentation, Systems, and Automation Society 29 Basic Reference Model Enterprise Site Business Planning and Logistics Site Manufacturing Operations and Control Area Supervisory Control Basic Control Safety- Critical Process Level 5 Level 4 Level 3 Level 2 Level 1 Level 0 Enterprise Manufacturing Control Safety

30 ISA–The Instrumentation, Systems, and Automation Society 30 Detailed Reference Model Safety-Critical Protective Systems Safety Instrumented Systems Level 0 - Field Instrumentation Sensors, Transmitters, Control Valves Field Networks (e.g. Foundation Fieldbus, Profibus) Level 1 - Basic Process Control Batch Controllers Continuous Controllers Discrete Controllers Process Monitoring Level 2 - Area Supervisory Control Supervisory Controllers Primary Operator Interface Level 3 - Site Manufacturing Operations Production Control Optimizing Control Process History Windows Domains Level 4 - Site Business Planning Site Production Scheduling Site Accounting Site Business Network Process Protective System Production Control Process History Batch Control Discrete Control Supervisory Control Operator Interface Process Control Network WAN Router Level 5 - Enterprise Enterprise Financial Systems Continuous Control Process Monitoring Supervisory Control Operator Interface Enterprise Network Optimizing Control

31 ISA–The Instrumentation, Systems, and Automation Society 31 Zone Model

32 ISA–The Instrumentation, Systems, and Automation Society 32 Part 2 Headings 1Scope 1.1Functional Criteria 1.2Activity-Based Criteria 2Definitions 3Normative References 3.1Other References 3.2Informational References & Resources 4Executive Overview 4.1Maturity of a Company’s Cyber Security Program 4.2Establishing an Integrated Security Program 4.3How to use this document 5Establishing the Business Case for Manufacturing and Control System Security 6Activities Required to Develop a Cyber Security Management System (Overview) 7Activities Required to Develop a Cyber Security Management System (Detail) 8Cyber Security Management System Details Annexes

33 ISA–The Instrumentation, Systems, and Automation Society 33 Plan, Do, Check, Act

34 ISA–The Instrumentation, Systems, and Automation Society 34 Process Overview

35 ISA–The Instrumentation, Systems, and Automation Society 35 Agenda SP99 Background30 Minutes Topics for Today30 Minutes Scope and Name of Standard60 Minutes SP99 Overview90 Minutes SP99 Annotated Outline180 Minutes General Discussion, Transitions60 Minutes Wrap Up, Action Items, Close30 Minutes

36 ISA–The Instrumentation, Systems, and Automation Society 36 Discussion Topics necessary fundamental concepts are addressed each major topic is well framed and bounded introductory sections establish the proper foundation for the more detailed parts that follow (forward references) detailed information is consistent with basic concepts introduced earlier (backward references)

37 ISA–The Instrumentation, Systems, and Automation Society 37 Agenda SP99 Background30 Minutes Topics for Today30 Minutes Scope and Name of Standard60 Minutes SP99 Overview90 Minutes SP99 Annotated Outline180 Minutes General Discussion, Transitions60 Minutes Wrap Up, Action Items, Close30 Minutes

Download ppt "Standards Certification Education & Training Publishing Conferences & Exhibits ISA SP-99 Structure & Organization October 24, 2005 Chicago, IL Bryan L."

Similar presentations

Module N° 4 – ICAO SSP framework

Module N° 4 – ICAO SSP framework
EMS Checklist (ISO model)

EMS Checklist (ISO model)
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
ANSI/ASQ E Overview Gary L. Johnson U.S. EPA

ANSI/ASQ E Overview Gary L. Johnson U.S. EPA
Enhancing Data Quality of Distributive Trade Statistics Workshop for African countries on the Implementation of International Recommendations for Distributive.

Enhancing Data Quality of Distributive Trade Statistics Workshop for African countries on the Implementation of International Recommendations for Distributive.
GReening business through the Enterprise Europe Network EN 16001 Giovanni FRANCO European Commission Enterprise and Industry EN 16001.

GReening business through the Enterprise Europe Network EN Giovanni FRANCO European Commission Enterprise and Industry EN
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Contractor Management and ISO 14001:2004

Contractor Management and ISO 14001:2004
EEN [Canada] Forum Shelley Borys Director, Evaluation September 30, 2010 Developing Evaluation Capacity.

EEN [Canada] Forum Shelley Borys Director, Evaluation September 30, 2010 Developing Evaluation Capacity.
Examine Quality Assurance/Quality Control Documentation

Examine Quality Assurance/Quality Control Documentation
Management Responsibility Procedure Tutorial. Introduction to Management Responsibility In this presentation we will discuss how to write a procedure.

Management Responsibility Procedure Tutorial. Introduction to Management Responsibility In this presentation we will discuss how to write a procedure.
SMART GRID: Privacy Awareness and Training – A Starting Point for Utilities October 2011 SGIP-CSWG Privacy Group 1.

SMART GRID: Privacy Awareness and Training – A Starting Point for Utilities October 2011 SGIP-CSWG Privacy Group 1.
RC14001 ® Update GPCA Responsible Care Committee September 23, 2013.

RC14001 ® Update GPCA Responsible Care Committee September 23, 2013.
Runway Safety Teams (RSTs) Description and Processes Session 5 Presentation 1.

Runway Safety Teams (RSTs) Description and Processes Session 5 Presentation 1.
Information Technology Service Management

Information Technology Service Management
Complying With The Federal Information Security Act (FISMA)

Complying With The Federal Information Security Act (FISMA)
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
ISA–The Instrumentation, Systems, and Automation Society SP99 Work Group 2 TR#2 “Second Edition” Long Beach Meeting April 28, 2004.

ISA–The Instrumentation, Systems, and Automation Society SP99 Work Group 2 TR#2 “Second Edition” Long Beach Meeting April 28, 2004.
ISO 9001:2015 Revision overview - General users

ISO 9001:2015 Revision overview - General users
CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.

CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.

Similar presentations

Ads by Google