• ISA Insights
    June 2013

    The ISA Security Compliance Institute (ISCI) announces globalization of ISASecure™

    Organizations are increasingly utilizing general purpose platforms such as Windows and UNIX in control systems, and network and external media are increasingly being utilized for cost reduction and convenience. As a result, the changing IT landscape is becoming more vulnerable to cyberattack around the globe.

    In response, ISCI, in partnership with the Japan-based Information-technology Promotion Agency (IPA), has officially published plans to open a testing and accreditation body in Japan through the Japanese Accreditation Board (JAB).  Currently ISCI's ISASecure Embedded Device Security Assurance (EDSA) certification scheme assesses ICS devices through an ANSI/ACLASS-accredited North American test lab.  A Japanese-based testing lab will facilitate support for the EDSA scheme in Japan and the nearby region. The JAB will start the formal accreditation process during fiscal year 2013, and will begin EDSA certifications in fiscal year 2014.

    Additionally, IPA will promote and publish in Japanese the EDSA certification scheme.  Publication of a Japanese translation will further facilitate adoption of the EDSA scheme in Japan, as well as simplify the proposal process in the international standards community, specifically for control device/system vendors and users in Japan.  These specifications can be viewed in Japanese here:
    http://www.ipa.go.jp/security/fy25/reports/edsa/index.html, and downloaded in both English and Japanese here: www.isasecure.org.  

    The IPA lab plans to add future ISASecure certifications as they become available.  These include the System Security Assurance (SSA) certification and the Security Development Lifecycle Assurance certification, expected to be launched by ISCI in the second half of 2013.

    Japan Information-technology Promotion Agency

    IPA was established to undertake matters deemed essential to the interest of the general public, including ensuring stability in people's lives, society, and the economy. IPA activities are aimed at fulfilling three missions: 1) Assuring the security and reliability of social IT services and systems 2) Strengthening international competitiveness 3) Cultivating highly skilled, world-class IT human resources. www.ipa.go.jp

    Collaboration with NIST (National Institute of Standards and Technology)

    In early 2013, President Obama issued an executive order to establish frameworks for reducing cyber risks in the America's critical infrastructure, designating NIST as the primary architect and lead agency.  In April 2013, ISCI submitted a response to the NIST RFI for the Framework for Reducing Cyber Risks to Critical Infrastructure, focusing on industrial controls and automation systems.  ISCI, along with ISA99 committee representatives and the Automation Federation, is continuing to collaborate with the sponsors at NIST.