Overview
ISA/IEC-62443/ISA-99 Based Industrial Automated Control System (IACS) Cybersecurity
Industrial Automated Control System (IACS) Cybersecurity has quickly become a serious issue for professionals in the process and critical infrastructure industries.
An unprecedented number of security vulnerabilities have been exposed in industrial control products and regulatory agencies are demanding compliance to complex and confusing regulations. Very few industries are actually regulated, and of those that are, the regulating agencies are demanding compliance to complex and confusing regulations. Those that are not regulated are dealing with a wide variety of vague and sometimes conflicting standards from multiple sources.
There are well established strategies and techniques that automation professionals can employ to discover and mitigate security vulnerabilities and improve the inherent security of their products and systems. Learning and adopting these strategies will help companies stay ahead of potential vulnerabilities.
exida is an ISA/IEC-62443/ISA-99 based industrial automated control system (IACS) and SCADA system security consulting and certification firm that focuses on the unique requirements of industrial automation and process control systems.
Cybersecurity certification programs have been established to assess compliance with IEC 62443 standards by impartial third party technical organizations. exida has been accredited per ISO 17065 and ISO 17025 by the American National Standards Institute (ANSI) to provide cybersecurity certification and offers cybersecurity certification programs for design processes, devices, applications, and systems using both the ISASecure® and exida® schemes.
Services
IACS Cybersecurity
- Cybersecurity Workshop
- IEC 62443 Gap Analysis
- High-Level Risk Assessment
- Detailed Risk Assessment
- Cybersecurity Vulnerability Assessment (CVA)
- Cybersecurity Requirements Specification (CSRS)
- Security Level (SL) Verification
Certification
- Device Process
- System Process
- Device and Application
- OEM System
- Integrated System
- Personnel
Software
exSILentia Cyber
Industrial Control System Cybersecurity Risk Assessment Tool
exSILentia Cyber helps to streamline communication across an organization and between different departments when performing cyber risk assessments. It provides a standardize approach across all disciplines while aligning cyber security activities with overall corporate risk criteria.
Training
We offer a range of IACS Cybersecurity training courses for today’s industry professionals, from basic to advanced concepts. We also offer customized training options available upon request.
Students benefit from exida’s in-depth knowledge and expertise, enabling them to fully understand cybersecurity and implement procedures in their organizations to ensure that they are not vulnerable to cyberattacks.
CS 100 - IEC 62443: Automation Cybersecurity Analysis, Design, and Operation
This course provides an overview of the automation cybersecurity lifecycle. The course reviews cybersecurity risk assessment, developing zones and conduits, cybersecurity requirement specification (CSRS), designing secure systems, Security Level Determination and Verification, detailed design considerations, and operations requirements. Detailed workshop problems are used to provide students with practical cybersecurity experience.
CS 201 - IEC 62443 Cybersecurity Software Development
The IEC 62443 Security Software Development training course and workshop was created specifically for developers of industrial control system products with a particular focus on network-enabled embedded control system products such as PLCs, DCSs, SISs, RTUs, VFDs, etc. The objective of this course is to train R&D teams, through a combination of lecture and workshop, on how to properly and effectively integrate software security assurance practices and techniques into their existing software development lifecycle. The training covers all phases of IEC 62443-4-1 (Product Development Lifecycle Requirements) as well as IEC 62443-4-2 (Technical Security Requirements for IACS components.)
CS 203 - IEC 62443 Cybersecurity for Industrial Automation Control Systems (IACS) for Employees & Contractors
This course addresses the quality and understanding employees and contractors need to have on the topic of cybersecurity for the IEC 62443 IACS space. The access granted to IACS networks is often the same for employees and contractors. The seriousness of access must be established with a joint work process similar to a Job Safety Assessment. The Job Cyber Assessment is a work process to protect both client and contractor from inadvertent impact on the given IACS cyber protective system The ability to access the client’s network without an impact on the IACS cyber protective systems whilst leveraging the tools on site requires a clear understanding of the following.
CS 204 - IEC62443 Cybersecurity for Integrators and Solution Providers
This course addresses solution providers acting in roles of integrators and on-going support of industrial automated control systems, and how they interact with owner / operators as part of the overall supply chain throughout the owner / operator’s lifecycle. The maturity model is introduced as a means of measuring the quality of an integrators cybersecurity management system versus the requirements of IEC 62443-2-4, which is largely the basis for this course. Some coverage of IEC 62443-2-1 is also provided as a means to show the interface between owner / operators and the integrator.