Automation Federation participates in fourth NIST Cybersecurity Framework Workshop

Research Triangle Park, North Carolina, USA (13 September 2013) – Representatives of the Automation Federation today participated in the fourth in a series of workshops organized by the National Institute of Standards and Technology (NIST) to develop an initial draft of a national Cybersecurity Framework for the US.

The workshop, held at the University of Texas at Dallas and involving leading cybersecurity experts across America and the world, moves NIST one step closer to finalizing the draft and preparing it for official release in October. These actions are in keeping with an executive order signed by President Barack Obama earlier this year that calls for a federal framework to help owners and operators of critical infrastructure identify, assess, and manage cyber risk.

At NIST’s request, the Automation Federation and its affiliated organization, the International Society of Automation (ISA), have actively participated in all four workshops, serving as advisors to the federal government in the development of the framework. Since standards are widely viewed as essential to any effective cybersecurity initiative, the Automation Federation and ISA are strongly recommending the inclusion of the ANSI/ISA99, Industrial Automation and Control Systems Security standards—widely recognized for their comprehensive approach to industrial cybersecurity.

“The Automation Federation continues to play an important role in the development of the Cybersecurity Framework,” says Leo Staples, the past chair of the Automation Federation who serves as leader of the Automation Federation’s Cybersecurity Framework team. “Both The White House and NIST have noted the invaluable contributions by the Automation Federation throughout these workshops. They continue to rely on our expertise during this process, and have asked for our continued support as the framework enters the implementation phase.”

In addition to Staples, other members of the Automation Federation Cybersecurity Framework team who attended today’s NIST workshop in Texas include Michael Marlowe, Automation Federation Managing Director and Director of Government Relations; Steve Mustard, member of the Automation Federation Government Relations Committee; and Eric Cosman, current Co-Chairman of the ISA99 committee on industrial automation and control systems security and the Vice President of Standards and Practices at ISA.

Today’s NIST workshop, which attracted hundreds of other participants, focused on further refining the Cybersecurity Framework discussion draft, and addressing additional concerns among industry representatives about their specific cybersecurity challenges.

“Members of the Automation Federation Cybersecurity Framework team today referenced the ISA99 Industrial Automation and Control Systems Security standards as being essential resources that all industry sectors can utilize in protecting their critical assets,” reports Staples.

[an error occurred while processing this directive] The ANSI/ISA99, Industrial Automation and Control Systems Security standards—developed by a cross-section of international cybersecurity subject-matter experts from industry, government and academia—apply to all key industry sectors and critical infrastructure, and, as a result, provide the flexibility to address and mitigate current and future vulnerabilities in industrial automation and control systems (IACS).

Putting widespread cybersecurity standards in place is vital since many of America’s industrial production settings and infrastructure environments are woefully under-prepared to address cyberwarfare. If industrial control systems and critical infrastructure—such as a power plant, water treatment facility, or transportation grid—are attacked, the result could be significant equipment impairment, production loss, environmental damage, and public endangerment.

“The risk of cyberattacks on our nation’s critical infrastructure is a growing threat that must be addressed,” emphasizes Paul Galeski, the founder and chief executive officer of MAVERICK Technologies who has advocated for improved cybersecurity safeguards on behalf of the Automation Federation in meetings with government officials in Washington, DC. “Like many others in our industry, I have been following the work of the Automation Federation as it leads the effort to address the protection of industrial automation and control systems in the Cybersecurity Framework currently being drafted by NIST. I commend the Automation Federation volunteers and staff that have worked with NIST to make sure that the Framework helps protect the vital infrastructure assets of our nation.”

About the Automation Federation
The Automation Federation is a global umbrella organization of sixteen (16) member organizations and five working groups engaged in automation activities. The Automation Federation enables its members to more effectively fulfill their missions, advance the science and engineering of automation technologies and applications, and develop the workforce needed to capitalize on the benefits of automation. The Automation Federation is the “Voice of Automation.” For more information about the Automation Federation, visit www.automationfederation.org.