SP99-- who are those guys?

Ken Anderson will be speaking on security issues with Wireless applications. I don't know what happened, but this was supposed to be given by Bryan Singer... Anderson works for an oilsands company. What I want to talk about is where SP99 is, and what we're doing there. Components included based on function performed, not industry, type of control or other limited views SCADA, etc. We go from Level 0,1,and2 and a little of Level 3 of the purdue model. IT security is an established discipline, but its application in industrial control systems is a challenge. It is necessary to add domain expertise to provide workable, practical solutions for control systems without screwing them up. Effective automation security is a function of appropriate technology, specialized expertise and domain expertise. Anderson described the SP99 working groups. TR1 has already been released, and will be released in a revised format soon. There are 260 members from 220 companies from a wide number of industry verticals and sectors. SP99 is developing the ANSI standards. ANSI/ISA-TR99.00.01-2004 revision has been issued for voting. ANSI/ISA-d99.00.01 Terminology, concepts and models: estimated publication 3Q 2007 d99.00.02 Establishing an Industrial Automation and Control Ssytems SEcurity program. 400 comments received, analysis is in progress. Major themes are organization of information and ease of use, consistency with other standards, process complexity, for release in late 2007 There are other documents available: master glossary, guide to the standards. d99.00.03: Operating an industrial automation and control ssytems security program. work will commense after completion of part 2. d99.00.04 Technical security requirements, working group active. Newly started. DHS Security catalog will be available-- great document. Working group 6, concerned with Patch Management, has been formed in conjunction with MS-MUG. We are increasing awareness of and coordination between SP99 and other automation systems security activities and standards bodies. Here's the begging part: None of these standards will get done without volunteer help, folks. Priorities: Complete Part 1 and Part 2 Standards Complete the revised TR-1 Support working groups SP99 needs your participation.
Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.


  • <p>Unfortunately, I was not able to attend. The rigors of being in a solution provider type job... billable work has to take the right of way. Most of the time we can plan around this, but sometimes pressure hits!</p> <p>I would like to stress that there have been great strides as of late in ISA-99. With Part 1 having recently passed voting and being finalized, round two of Technical Report 1 passing initial votes, and Part 2 about ready to go out for vote again, there has been a lot of both action and progress.</p> <p>All this, and at the same time we can still effectively manage the development of the ISA-99 Part 4 document and WG6 on Patch Management. Do we still need volunteers? Absolutely. Especially editorial help. Overall, though, things are moving along well and this represents some significant milestones to the rest of the industry.</p>


RSS feed for comments on this page | RSS feed for all comments