Industrial automation industry representatives The International Instrument Users Association (WIB) of the Global Manufacturers International organization in the industrial automation industry has announced the second version of the process control domain security requirements for supplier documents - international standards, and lists a set of The specific requirements focus on the best practices of network automation suppliers of industrial automation control systems.
"We are pleased to announce the second edition of our cybersecurity standards today," said Alexandre Delft, who controls the process of WIB's capacity management process at the DSM and the chairman's workforce investment manager. "This is an important step in the process of Improve the reliability of our key manufacturing and production systems, and provide end-user communication capabilities, now expecting process automation, control and safety system safety.â€
"The consequences of our entering a period of time now"
As industrial networks are increasingly connected to the hostility of the IT world, the frequency and complexity of malware are multiplying, and industrial stakeholders must take action to protect their critical systems today. Whether it is a targeted attack like Stuxnet, or an accidental disruption, a network incident can cost millions of dollars in lost revenue, impair the safety of employees and the public, and potentially undermine the country's critical infrastructure.
“As we increasingly connect production systems, we are faced with daily growing threats. We must do our best to ensure a safe and reliable operating environment,†said Casper, EMEA Regional Control and Automation System Projects and Shell Technology Strategy and Development Manager. Peter said, "This document provides a common language and we need to communicate our suppliers' expectations in terms of safety and framework, working together to help improve the overall security status of our critical systems."
Major companies, such as Shell, BP, Saudi Aramco, Dow Chemicals, DuPont, Laborelec, Winters and dozens of other end-users, and under the leadership of several government agencies and leading companies such as Invensys and Commonsense The group spent two years developing requirements and pilot programs to ensure that the certification function can be expanded and ultimately have valuable results.
“The requirements outlined in the security document were passed one/several revisions from more than 50 global stakeholders and were thoroughly annotated over the past eight months by the accreditation process.†said France Gas Suez Group cybersecurity consultant, Jos Mendi said, "We have now arrived at a standard of real cybersecurity features based on end-users' needs. It is now our turn to the end-users to take advantage of this, and insist on working hard on our supplier certification."
Members of the WIB relationship security working group have already begun implementing their procurement process, and other parts of the world are also following this trend.
"Shell has authorized the compliance of all supply system suppliers that will be deployed through the WIB environment from January 1st, 2011 to Shell's process control," said Ted, head of the Control & Automation Systems team at Parker Heights. Ai Wenwen said, "These conditions will become part of our linguistic standard that saves us a lot of time and effort."
Leading suppliers of industrial process control and automation systems are also beginning to integrate into their organization's requirements.
“Using security requirements through WIB ensures that Invensys has a measurable approach to implementing a safer and more secure critical infrastructure setting in place. Not only does it require the provision of current state measures, enabling us to continue to improve and adapt The security situation is changing,†said Enericka Lake, Invensys operations manager of the program's network security manager. “From our point of view, this program is a major change, not only in terms of tactics, but a In place to meet the business strategy essentials to propose changes."
Network Security's Life Cycle of Industrial Products
The standard aims to meet the needs of the end user through WIB-system owners/operators, reflecting the unique needs of the oil and gas, electricity, smart grid, transportation, pharmaceutical, chemical and other industries. Our goal is to address network security best practices and assign responsibilities throughout the lifecycle of industrial systems: organizational behavior, product development, testing and debugging, maintenance and support.
"Safety is not a one-time application, but a process in which every stakeholder must contribute to achieve a significant improvement in any operational reliability," said Oiko Huistrra, National NICC Infrastructure Project Manager: "Labor Investment Management The bureau required that this core principle be designed, and we encouraged the integration of important infrastructure in the Netherlands into their stakeholder cyber security plan."
The funding is also being constructed to address a wide range of topics related to cybersecurity related industry stakeholders, from the internal security policies, procedures and management of suppliers to high-level requirements, related access/verification, data protection, password protection by default and specific Request patch management. When a supplier's solution, which meets the prescribed settings, the solution is considered to be compatible by the process control domain security through the WIB.
These requirements are further subdivided into various points designed to reflect the starting point of global suppliers, and provide an extensible framework that improves over time with three levels of planning. In the program, there are gold, silver and bronze award levels, each level of design, to verify the applicable policies and practices, and the implementation of the implementation of the place where the supplier is a set of requirements.
A successful global cooperation
From the beginning, industry leaders recognized that given the global industry of cybersecurity, any effort to standardize cybersecurity requires stakeholders to collaborate on best practices from different industries and in different regions of the world. The association through WIB is the ideal channel to guide the establishment of standards in view of its independence and membership. In addition, the initiative needs to reflect and incorporate important international activities in cybersecurity so many government agencies, industry working groups and standard setting bodies negotiate to ensure harmony. For example, major industries such as ISASP99 standards, NIST 800-53, NISTIR7628, and various other natural environment research councils and/or chief inspectors conducted reviews and adopted appropriate efforts to ensure testability or international government regulations. The process of passing the requirements of WIBPCD within the framework of the CEN/CENELEC and IEC international standards that the Administrative Commission of the Labor Investment Authority has begun to introduce.