#None #Cybersecurity #Brussels #ISASecure #ACSSA

ISASecure Launches New IACS Security Assurance Inspection and Certification Scheme

The International Society of Automation (ISA) has set a new benchmark in industrial automation safety with the announcement of its latest initiative: the ISASecure® Industrial Automation Control System Security Assurance (ACSSA) inspection and certification scheme. The launch, presented by ISASecure's program manager Dr. Mark DeAngelo at the ISA OT Cybersecurity Summit in Brussels, marks a significant advancement in the push towards standardized security practices within the industry.

Understanding ACSSA

The ACSSA program is designed to provide a robust method for assessing whether industrial automation and control systems (IACS) comply with the ISA/IEC 62443 standards. These standards encompass a wide range of policies, procedures, service provisions, and technical security measures vital for safeguarding automation systems.

Dr. DeAngelo emphasized the importance of ACSSA in creating a shared language among various stakeholders—including asset owners, insurance providers, product manufacturers, service professionals, and regulatory bodies. This initiative aims to mitigate risks by allowing all parties involved to understand and manage security postures consistently across diverse platforms.

Addressing Security Gaps

One of the primary motivations behind the establishment of ACSSA is to close the existing gaps in operational site assurance. Historically, asset owners faced inconsistencies due to relying on a mix of internal standards and varying third-party audits. This fragmented approach heightened security vulnerabilities and led to potential compliance issues. By implementing ACSSA, ISA aims to create a uniform, standards-based approach that aligns all involved parties, ultimately leading to a more secure environment for industrial assets.

ACSSA evaluates compliance against the ISA/IEC 62443 framework which is grounded in risk assessment principles. The evaluation process begins with a thorough examination of the asset owner's risk assessment procedures and the outcomes derived from these evaluations. This ensures that security measures are not only compliant but effectively tailored to the specific needs and risks of the individual asset.

Training and Accessibility

As part of the initiative, the first training course specifically focused on ACSSA will kick off in early fall 2025 at ISA's headquarters located in Durham, North Carolina. An online format of the course will also be made available toward the end of 2025, catering to a broader audience eager to enhance their understanding of automation cybersecurity. ISA's commitment to education and training underlines its goal to empower the global automation community through effective knowledge sharing and resources.

The Role of ISASecure

ISASecure has been a prominent player in the landscape of cybersecurity certification for industrial automation since its inception in 2007. The program has earned global recognition for its rigorous adherence to the ISA/IEC 62443 standards. By ensuring that products and supplier practices meet internationally recognized benchmarks for operational technology (OT) security, ISASecure plays a pivotal role in promoting a culture of safety within the automation industry.

Among the stakeholders already engaged with ISASecure's initiatives are industry giants like Chevron, ExxonMobil, Honeywell, Schneider Electric, and Yokogawa, highlighting the program's reach and influence.

Conclusion

The introduction of the ACSSA inspection and certification scheme signifies a proactive step towards enhancing the cybersecurity posture of industrial automation systems. By establishing a common framework for assessing and improving security practices, ISASecure aims to empower organizations to manage risks more effectively and foster an environment of resilience in the face of evolving cybersecurity threats. For more information about ISASecure and its initiatives, visit www.isasecure.org.