summary
New cybersecurity threats can emerge as digital transformation breaks down the barriers between OT and IT systems to pursue innovation and efficiency.
Digital transformation can unravel the barriers between operational technology (OT) and information technology (IT) systems to pursue innovation and efficiency, and new cybersecurity threats can emerge. This means cross-training OT and IT security teams to create robust threat assessment, mitigation and response plans has never been important. This summer, the International Automation Association expanded the resources available to meet these needs.
The two-day ISA OT Cybersecurity Summit in Brussels, Belgium offered multiple sessions on two tracks (threat and supply chain protection).
Keynote speaker John Fitzpatrick, founder of LAB539, discussed how zero-day vulnerabilities could be exploited, explained why patching wasn’t always a solution, and investigated security testing within OT networks. He also explained how enhanced detection can ensure resilience.
Fitzpatrick said that so-called “unstable” systems often pose minimal risk in the context of OT. “Relying on established OT strategies allows us to effectively protect critical infrastructure from modern threats while maintaining the core principles that define OT security,” he explained. He spoke about “trust the OT path to cybersecurity” and shared lessons directly from his experience advocating for fuel terminals and other assets from cyber threats.
In another session, Isasecure Program Manager Dr. Mark Deangelo provided early details about the new ISA initiative. This is an Isasecure Industrial Automation Control System System Assurance (ACSSA) inspection and authentication scheme. This new program provides a popular industry-heavy way to assess the suitability of industrial automation and control systems to ISA/IEC 62443 series standards.
ACSSA assesses compliance with ISA/IEC 62443-2-1, 2-4, 3-2, and 3-3 requirements by verifying the configuration and utilization of processes, procedures, support from service providers, and control system functions. It was created to bridge the prolonged gaps in operational site warranty.
“Despite the comprehensive nature of Isasecure and the Cybersecurity Professional Program, asset owners rely on patchwork of different internal policies and third-party audits across sites, leading to increased security attitudes, increased compliance gaps, increased risk exposure, increased liability and increased non-compliance with regulations.
ACSSA coordinates all stakeholders, including asset owners, insurance providers, product suppliers, service providers, conformance assessment agencies, and government agencies.
ACSSA’s first three-day training course will be available at ISA headquarters in Durham, North Carolina at the beginning of 2025. An online version of the course will be available in the second half of 2025.
This column was published in the June/July issue of Automation.com Monthly.
About the author
Renee Bassett is Editor-in-Chief of Automation.com, the Monthly Digital Magazine and other International Society of Automation Publications. Bassett is an experienced writer, editor and project manager in industrial automation, engineering, information technology and infrastructure publications. She holds a Bachelor of Arts in Journalism from Indiana University in Bloomington and is based in Nashville.
Download the June/July issue of Automation.com every month
Have you enjoyed this amazing article?
To read free articles, check out our free e-newsletter.
Subscribe
