Automation Federation contributes to National Institute of Standards and Technology (NIST) Cybersecurity Framework

The Automation Federation participates in the first NIST meeting for developing the Cybersecurity Framework initiated by President Obama’s Executive Order to address the growing threat of cyberattacks on our nation’s critical infrastructure.

Washington, DC, USA (5 April 2013) – At the request of the National Institute of Standards and Technology (NIST), representatives from the Automation Federation on Wednesday of this week were invited to participate in the first NIST meeting for developing a national cybersecurity program called for by President Barack Obama.

The Wednesday meeting, held at the office of the United States Department of Commerce offices in Washington, DC, is an important step in establishing the Cybersecurity Framework within President Obama’s Executive Order announced in his State of the Union address to confront the growing threat of cyberattacks on our nation’s critical infrastructure. The Cybersecurity Framework will include “standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks,” and “help owners and operators of critical infrastructure identify, assess, and manage cyber risk.”

Pat Gallagher, Director of NIST, has been instructed to lead the effort to develop the Cybersecurity Framework. Responding to NIST’s invitation to participate in the initial meeting were Automation Federation’s Leo Staples, 2013 Automation Federation Energy Committee Chair; Eric Cosman, Chair of ISA99 Security Committee; Steve Mustard, member of the Automation Federation Government Relations Committee; and Mike Marlowe, Automation Federation Managing Director and Government Relations Director. Cosman, in addressing the NIST Cybersecurity Framework meeting, said that “securing automation control systems from cyberattacks is at the heart of protecting our nation’s critical infrastructure.”

The NIST Cyber Security Framework for Reducing Cyber Risks to Critical Infrastructure is a mechanism to help secure a wide range of systems by working with industry and standards organizations to leverage existing industry standards. As the founding organization of the Automation Federation, the International Society of Automation (ISA) provides cybersecurity standards, processes, and training focused on Industrial Automation & Control Systems (IACS). Since 1945, ISA has a proven track record creating and extending standards as demonstrated by successful IACS- related standards, including ISA95, ISA88 and ISA84. ISA provides users with cybersecurity training programs for building the next generation of cybersecurity professionals.

Automation Federation and ISA are committed to working with NIST to meet targeted deadlines in completing the Cybersecurity Framework as outlined in President Obama’s Executive Order. Members of the Automation Federation will participate at the next NIST Cybersecurity Framework meeting, which is scheduled for 29-31 May 2013 at Carnegie Mellon University in Pittsburgh, PA, USA.

[an error occurred while processing this directive] The Automation Federation has advocated the development and application of consensus industry standards to protect vital industrial and critical infrastructure. The Automation Federation has voiced the importance of including the American National Standards developed by ISA99, Industrial Automation and Control Systems Security, a multi-industry initiative of ISA as part of the Cybersecurity Framework. These standards apply to all key industry sectors and critical infrastructure. Given the interconnectivity of today’s advanced computer and control networks--where vulnerabilities exploited in one sector can impact and damage multiple sectors--it’s essential that cybersecurity standards be broadly applicable across industries.

ISA Security Compliance Institute (ISCI), an affiliate of ISA, has also developed a widely recognized compliance and testing program that ensures that industrial automation and control devices and equipment conform to consensus cybersecurity standards. The Automation Federation is promoting the work of ISCI as part of the Cybersecurity Framework.

About the Automation Federation
The Automation Federation is a global umbrella organization of fifteen (15) member organizations engaged in automation activities. The Automation Federation enables its members to more effectively fulfill their missions, advance the science and engineering of automation technologies and applications, and develop the workforce needed to capitalize on the benefits of automation. The Automation Federation is the “Voice of Automation.” For more information about the Automation Federation, visit www.automationfederation.org.