The International Society of Automation announced on July 25 that Schneider Electric, Rockwell Automation, Honeywell, Johnson Controls, Claroty and Nozomi Networks are the first members of its new Global Cybersecurity Alliance (GCA).
ISA created GCA on July 10 to advance cybersecurity readiness and awareness in manufacturing and critical infrastructure facilities and processes. The alliance brings end-user companies, automation and control systems providers, IT infrastructure providers, services providers, and system integrators and other cybersecurity stakeholder organizations together to proactively address growing threats.
ISA developed the ANSI/ISA 62443 automation and control system cybersecurity standards, which have been adopted by the International Electrotechnical Commission as IEC 62443 and endorsed by the United Nations. The standards define requirements and procedures for implementing electronically secure automation and industrial control systems and security practices and assessing electronic security performance. The standards approach the cybersecurity challenge in a holistic way, bridging the gap between operations and information technology.
Using ISA/IEC 62443, GCA will work to increase awareness and expertise, openly share knowledge and information, and develop best practice tools to help companies navigate the entire lifecycle of cybersecurity protection. The alliance will work closely with government agencies, regulatory bodies and stakeholder organizations worldwide.
"Accelerating and expanding globally relevant standards, certification and education programs will increase workforce competence and help end users identify gaps, reduce risks, and ensure they have the tools and systems they need to protect their facilities and installations," says Mary Ramsey, ISA executive director. "Through the proliferation of standards and compliance programs, we'll strengthen our global cyber culture, and transform the way industry identifies and manages cybersecurity threats and vulnerabilities to their operations."
The alliance is also seeking more members to support its initiatives. They can include end-user companies, asset owners, automation and control systems providers, IT infrastructure providers, services providers, and system integrators and other cybersecurity stakeholder organizations. Annual contributions to fund initiatives are based on company revenues and are tax-deductible.
Comments from the six new GCA members include:
"Over the last few years, global industry has recognized that taking on increasingly dangerous cyber risks can't be limited to a single company, segment or region," says Klaus Jaeckle, chief product security officer at Schneider Electric. "However, until now, there's been limited ability to respond as a unified whole to these worldwide threats. But, by establishing an open, collaborative and transparent body with a focus on strengthening people, processes and technology, we can drive true cultural change. We're pleased that ISA has stepped forward, and we look forward to working openly and collaboratively with them, our fellow founding members and many others affiliated with global industry, especially end users. Together we'll bring to bear the standards-based technology, expertise, and special skills required to better secure and protect the world's most critical operations and the people and communities we serve."
"Cybersecurity is critical to digital transformation. It's critical not only for the protection of information and intellectual property, but also for protecting physical assets, the environment and worker safety," says Blake Moret, CEO of Rockwell Automation. "We make it a priority to collaborate with partners and research institutions to develop secure products. Rockwell Automation participated in the development of the 62443 standards from the beginning, and continues to support ISA cybersecurity initiatives. Our engagement with the GCA will be another important step in our efforts to help customers identify and mitigate risks."
"At Honeywell, we see cybersecurity as a core part of the future we're making, and we see the GCA as an important way to work together to make that happen," says Matthew Bohne, VP and chief of product security at Honeywell Building Technologies. "Cybersecurity is critical to the connected world we live in and the cornerstone of trust that the world needs to be able to operate. Whether protecting critical infrastructure or managing a building's operations, users need to do this with the confidence that the employed systems are robust and secure. We're committed to and proud to work together with ISA and the GCA members to continue to drive adoption of the ISA/IEC 62443 series of standards and identify further ways to secure and protect the connected world. Honeywell has a robust history with ISA and is also a founding member of the ISA Security Compliance Institute."
"Digital transformation in the building sector continues to accelerate, which heightens the urgency for cybersecurity across the industry and beyond," says Jason Christman, VP and chief product security officer for global products at Johnson Controls. "As a leader in the industrial automation controls business, Johnson Controls is already a strategic member of the ISASecure program, and is consistently taking proactive actions to protect customers against cyber-threats and risks. Joining GCA is a necessary and meaningful step as it supports our company values, customer adoption of the ISA/IEC 62443 standard, and efforts to educate global government and regulatory bodies. We're proud to solidify our commitment to this important effort."
"One of the most effective ways to drive consistency in an industry is by putting standards in place, and we're looking forward to collaborating with all of these founding members, as well as future alliance members, to help drive global best-practices forward in this historically standard-less environment," says Dave Weinstein, chief security officer at Claroty. "Claroty is committed to the mission of protecting all IoT and OT networks from cyber risks. Through our work with GCA, we'll be able to help shape the future of cybersecurity in these high-risk industries."
"Nozomi Networks believes real community collaboration, actionable standards and effective education are key to ensuring a secure future for industrial organizations around the world," says Andrea Carcano, co-founder and chief product officer at Nozomi Networks. "That's why we're helping develop secure-by-design standards as a working member of ISA99 standards committees; why we've designed our industrial cybersecurity solutions for easy integration across the broadest possible set of industrial and IT technologies; and why we're thrilled to help establish the GCA. Together we'll build a secure future for the industrial infrastructure that runs the world."