IIC, ISA Help Companies Secure Industrial Automation & Control Systems
August 18, 2022 | ISAEstimated reading time: 1 minute
The Industry IoT Consortium (IIC) and the International Society of Automation announced the IoT Security Maturity Model (SMM): 62443 Mappings for Asset Owners, and Product Suppliers, and Service Suppliers.
“This new guidance adds the service provider role. It extends the previously published IoT Security Maturity Model (SMM): Practitioner’s Guide to provide mappings to existing 62443 standards and specific guidance for the asset owner, product supplier, and service provider roles,” said Ron Zahavi, Chief Strategist for IoT standards at Microsoft and IoT SMM co-author.
The IIC IoT SMM helps organizations choose their security target state and determine their current security state. By repeatedly comparing the target and current states, organizations can identify where they can make further improvements.
The ISA99 committee developed the 62443 series of standards, which the International Electrotechnical Commission (IEC) adopted. The standards address current and future vulnerabilities in Industrial Automation and Control Systems (IACS) and apply necessary mitigation systematically and defensibly. The ISA/IEC 62443 standards focus on maturity, but only on the maturity of security programs and processes.
“Achieving security maturity targets can be difficult to put into practice without concrete guidance,” said Frederick Hirsch, co-chair of the IIC ISA/IIC Contributing Group. "These 62443 mappings enable practitioners to better achieve security maturity by relating IIC IoT SMM practice comprehensiveness levels to ISA/IEC 62443 requirements. In this way, IACS asset owners and product suppliers can achieve appropriate maturity targets more easily."
Eric Cosman, co-chair of the ISA99, said, "While standards such as ISA/IEC 62443 are needed to codify proven and accepted engineering practices, they are seldom sufficient. Joint efforts such as this provide the practical guidance necessary to promote and support their adoption."
Pierre Kobes, a member of both ISA99 and IEC Technical Committee 65, said, “It is not about more security but about implementing the appropriate security measures. IoT SMM: 62443 Mappings for Asset Owners and Product Suppliers helps companies select the adequate security levels commensurate with their expected level of risk.”
You can download IoT SMM: 62443 Mappings for Asset Owners, Product Suppliers and Service Providers from IIC and ISA websites. You will find a complete list of the contributing authors in the document. Work is underway to add the service provider role to the document in a future revision.
Suggested Items
Standards Development Propels the Industry Forward
03/20/2024 | Teresa Rowe, IPC Senior Director, Assembly and Standards TechnologyStandards development task groups will meet face-to-face at IPC APEX EXPO, April 6–11. The technical discussions provide an opportunity to share knowledge, learn from other subject matter experts, and network with others who have similar technical interests. You may remember the urgent need for coffee and the possibility of snagging a cookie or a granola bar to maintain the necessary energy level for these marathon sessions.
Flex Earns Coveted Spot on Ethisphere's 2024 World's Most Ethical Companies for Second Consecutive Year
03/12/2024 | FlexFlex announced its inclusion as one of Ethisphere's 2024 World's Most Ethical Companies in the category of industrial manufacturing. This recognition underscores Flex's unwavering commitment to ethical business practices, integrity, and corporate social responsibility.
AIM Solder Recognized for 25 Years of IPC Membership
03/08/2024 | AIM SolderAIM Solder, a leading global manufacturer of solder assembly materials for the electronics industry, is pleased to announce its receipt of recognition for 25 years of IPC membership.
Demystifying the IPC Technical Activities Executive Committee Global
02/28/2024 | Linda Stepanich, IPCYou have an excellent idea for a new standard in the electronics manufacturing industry. How do you turn that idea into a reality? It’s simple: You submit a PIN to the TAEC. Now, what does that even mean? To develop a new standard, you need the help of the IPC Technical Activities Executive Committee (TAEC) Global. Ideas for new IPC standards are submitted via Project Identification Notification (PIN) to TAEC Global, which conducts an initial review. The PIN is then sent to the general TAEC standards development oversight committee for review and approval. Now, how do they review it and who comprises the committee?
IPC Certification: Leading the Way in Ensuring Quality in Electronics
02/27/2024 | Michelle Te, I-Connect007When high school students face an upcoming test, they may experience a mix of dread and excitement, depending on the source material and how well they’ve prepared. Similarly, professionals sitting for a certification exam to test their knowledge of IPC standards may feel a whirlwind of emotions. However, these aren't just any exams; they’re meant for operators, engineers, and managers building the critical infrastructure of our world’s most essential electronics systems.