ISA Leads Development of Electric Power OT Security Profile for 62443

From May 24, 2022

The U.S. Department of Energy (DOE), global equipment vendors and other stakeholders have announced the creation of the Electric Power OT Security Profile working group led by International Automation Society ISA99 Standards Committee.

The Electric Power OT Security Profile will be a cybersecurity work product using the ISA/IEC 62443 series of standards. The end product will be a formal ISA/IEC 62443 application guide, recognized globally as the consensus work product for securing various control systems in use in the production, transmission and distribution of electrical energy.

The ISA/IEC 62443 standards are designated as a horizontal standard, applicable to many industrial sectors and applications. Industrial groups leverage the ISA/IEC 62443 series of standards as the foundation for securing industrial control systems (ICS). The DOE’s Securing Energy Infrastructure Executive Task Force (SEI ETF) evaluated available industry standards and recommended that electrical power OT applications be formalized as ISA/Security Profile applications. IEC 62443-5, thereby achieving international energy industry consensus on the application of ISA/IEC 62443 to electrical power OT applications.

AIS Electric Power OT Security Profile The task force is seeking input from industry groups, including the Institute of Electrical and Electronics Engineers (IEEE), the International Electrotechnical Commission (IEC), the International Council on Large Power Systems (CIGRE), and other industry stakeholders. industry to ensure consideration and alignment with other cybersecurity work product development efforts.

The initiative will use the DOE SEI ETF Reference Architecture and Profiles for OT Electric Power as the basis for the development of the ISA/IEC 62443-5 Application Profile. The SEI Reference Architecture and Profiles and associated white paper will be available on the DOE website in the coming weeks.

“The Securing Energy Infrastructure Executive Working Group has developed an OT-specific reference architecture for power systems to provide a common language for control system environments that can be used to design and evaluate Security Applications,” Puesh Kumar, Director, DOE Office of Cybersecurity, Energy Security, and Emergency Response (CESER). “The ISA working group represents an opportunity to validate these profiles and put them into practice for the energy industry. The CESER is delighted to see the players in the energy sector continuing the reference architecture work of the working group.

The Electric Power OT Security Profile will be freely available to the public for asset owners, manufacturers, standards bodies and other industry stakeholders. The application profiles will serve as the basis for designing, implementing, testing, and maintaining electric power OT systems and their cybersecurity capabilities. They will also be useful to third-party assessment organizations and regulators around the world.

Eric Cosman, Co-Chair of the ISA99 Standards Committee, said “Global standards and associated specifications provide efficiencies for end users, product vendors and system integrators who design, deliver and support products and systems worldwide. A globally recognized specification and certification provides the necessary transparency and reduces the regulatory burden on manufacturers. »