Вы находитесь на странице: 1из 12

Cyber Security

ISA 99 / IEC 62443


D14 DLC-Meet, Jan 2019
Standards
Certification
Education & Training
Publishing
Conferences & Exhibits
Presenter

Mayur Mehta
Academic:
- “M.Tech” - “BITS Pilani”
“Software Systems” (Networks & Networked Systems)
- “B.E.” - “JNCT/RGPV Bhopal”
“Electronics & Communications Engineering”
- Certifications
GICPS, CSM, CTFL & few more

Worked for:
- SEIMENS
- Schneider Electric
- PwC
Currently working in:
- Novartis
Lead Security Architect OT/ICS

Association:
- ISA (ISA99 / IEC62443),
- IEEE,
- SANS-ICS & Other ICS/OT Security Groups
ISA 99 / IEC 62443
standard
History of ISA99 / IEC62443

• The ISA99 standards development committee brings together industrial cyber


security experts from across the globe to develop ISA standards on industrial
automation and control systems security.
• When the ISA99 committee was formed there was an agreement between ISA
and IEC to cooperate on the development of cybersecurity standards. This
would avoid the need to create duplicate committees in each organization.
• This original and ongoing ISA99 work is being utilized by the International
Electrotechnical Commission (IEC) in producing the multi-standard IEC 62443
series.
• ISA/IEC 62443 is a series of standards being developed by two groups:
– ISA99  ANSI/ISA-62443
– IEC TC65/WG10  IEC 62443
• In consultation with:
– ISO/IEC JTC1/SC27  ISO/IEC 2700x
ISA99 Scope

ISA99 – IEC 62443 is International in scope


• Requirement contributions come from other standards like NERC-CIP,
NIST, ISO etc.
• Flexible framework which serves a basis for Country and Local
standards as well as Manufacturing guidelines.
The ISA99 committee addresses industrial automation and control
systems whose compromise could result in any, or all, of the following
situations:
• Endangerment of public or employee safety
• Loss of public confidence
• Violation of regulatory requirements
• Loss of proprietary or confidential information
• Economic loss
• Impact on national security.
ISA 99 / IEC 62443 Standards

ISA99/IEC-62443 standard is a family of standards with a large scope of use for ICS / OT environments.
Some guidelines are rather general, while others are precise, specific and focussed. Many of those
guidelines are still in the process of being defined or upgraded.
Training &
Certification
ISA/IEC 62443 Cybersecurity Certification
Programs
• Certificate 1: ISA/IEC 62443 Cybersecurity Fundamentals Specialist (online
version available)
• Certificate 2: ISA/IEC 62443 Cybersecurity Risk Assessment Specialist
• Certificate 3: ISA/IEC 62443 Cybersecurity Design Specialist
• Certificate 4: ISA/IEC 62443 Cybersecurity Maintenance Specialist

• ISA/IEC 62443 Cybersecurity Expert: Individuals who achieve Certificates


1, 2, 3, and 4
ISA/IEC 62443 Cybersecurity Certification
Programs
ISA/IEC 62443 Days Prerequisite Online Cost Certification
Training Name version

Cybersecurity 2 3 to 5 years of Available 2000 USD IC32 / IC32E


Fundamentals Specialist exp. in the IT (1640 USD for
cybersecurity + 2 ISA members)
year of exp. in ICS
Cybersecurity Risk 3 IC32 / IC32E Not 2700 USD IC33
Assessment Specialist certification available (2200 USD for
ISA members)

Cybersecurity Design 3 IC32 / IC32E Not 2700 USD IC34


Specialist certification available (2200 USD for
ISA members)

Cybersecurity 3 IC32 / IC32E Not 2700 USD IC37


Maintenance Specialist certification available (2200 USD for
ISA members)

•Cost details link


•Certificate Steps:
1) Complete a designated training program Link
2) Pass a multiple choice exam through the Prometric testing center

9
D14 initiative

• Demand for Cyber Security professionals is increasing


rapidly
• Other competing certification programs in the market
which are easy so access compared to ISA
certification which can only be achieved after attending
class rooms trainings at USA.
• D14 is trying to negotiate a Train the Trainer program
with the ISA to train local trainers to reduce the cost of
training in D14.
Instructor Qualifications

• Ten (5) years active related industry experience in the


course subject matter.
• One (1) year (or equivalent) experience teaching adults
• Ability to use a variety of training aids and instructional
methods and to function in a hands-on adult learning
environment
• Ability to relate subject matter to students work
experience
• ISA Membership preferred, but not required
• To qualify as an instructor for courses marked with "*"
you must be an active and voting member of the related
standards committee (IC32* in this case).

11
Q&A