Eric Cosman, chairman of ISA99 Committee, explains that standards, guidance, and direction are available from several sources, but surveys and anecdotal reports have shown that many still struggle with how to turn this information into effective programs. Suppliers have a clear imperative to improve their products, but asset owners often struggle with how to get started. Practical approach into cybersecurity is very hard to find in the market, still today.
When the owner of the industrial plant has the possibility of having the best of both worlds, the best control systems and the best security. When the consequences occur the damage is done, and there is no turning back. That is why we say that it is never too late to deal with security (redesign), but the sooner much better (design).
The International Society of Automation (ISA) and the ISA Global Cybersecurity Alliance (ISAGCA) are proud to announce that the International Electrotechnical Commission (IEC) has officially designated the IEC/ISA-62443 series of standards as "horizontal," meaning they are proven to be applicable to a wide range of different industries.
We see how many professionals with vast experience in Information Security, industrial companies that take action, renowned cybersecurity consultants, government organizations and technology developers are wrong (by far) in defining the objectives for their strategy in industrial cybersecurity. Clearly defining goals is the first big step before we begin this big change.