Alliances can help companies better protect themselves against cyber criminals. Source: Pexels

Alliances can help companies better protect themselves against cyber criminals. Source: Pexels

Interview: What will ISA’s Global Cybersecurity Alliance actually do?

CYBERSECURITY is getting increasingly complicated — not only because hackers have access to sophisticated tools but also because they’re willing and able to collaborate via online platforms and secret forums on the dark web.

Professionals are beginning to realize the value of that collaboration, and believe that forming their own open alliances will not only help better defend against cyberattacks but also allow them to better engage with government bodies to secure their support.

Recently, the International Society of Automation (ISA) recently formed the Global Cybersecurity Alliance, with the support of a few industry giants to advance cybersecurity readiness and awareness in manufacturing and critical infrastructure facilities and processes.

To better understand the strategy behind the ISA’s Global Cybersecurity Alliance, Tech Wire Asia interviewed ISA Executive Director Mary Ramsey.

“We see industry’s cybersecurity challenge as three-pronged: we need to effectively train and validate the skills of our people, we need to comprehensively and consistently apply standards to protect our processes, and we need to leverage compliance programs to ensure the development of secure technology.”

ISA believes that its background in offering training and certification prepares the organization to lead a widespread workforce development effort that focuses on cultural change as well as skill development.

ISA’s series of cybersecurity standards, ISA/IEC 62443, is the world’s only consensus-based series of industrial cybersecurity standards and it is applicable to dozens of industries, providing a solid baseline for securing processes.

In fact, the ISASecure™, the organization’s cybersecurity compliance institute, certifies that products and processes meet the 62443 standards’ requirements, helping vendors and providers show that their technology is inherently secure.

“As a global community, we need to focus on increasing the number of companies that follow minimum industry guidance for protecting control systems – we can’t do that working in our own individual board rooms.

“We must do it together, by creating the resources that end-users need to efficiently apply the standards in their facilities and ensure that their employees have the right skills and mindset to be the front lines of the cybersecurity challenge.”

Ramsey, who’s part of the team driving the ISA’s Global Cybersecurity Alliance project said that the organization is currently in discussions with several multi-national asset owners in multiple industry segments, including oil/gas, chemicals, buildings/facilities, and utilities who are interested in becoming members and better protecting their business.

Ensuring that members from all kinds of organizations, industries, and sectors join the alliance is key to success.

“The first step to ensuring diverse perspectives is to remain open for all kinds of companies and organizations to join. That’s a key differentiator for the ISA GCA, and we already have several different types of organizations from multiple countries involved.”

Ramsey, who took the time to explain the purpose of the ISA’s new alliance shared that current members are aligned around a set of common principles, and have created four initial working groups to allow member company experts to engage in their areas of interest.

The four initial working groups include:

# 1 | Awareness and outreach

The awareness and outreach team is made up of experts from member companies that are creating a comprehensive stakeholder analysis.

“These experts will collaborate to define the key stakeholders and primary needs across industry segments and world regions so that we can guide and prioritize the ISAGCA’s work to ensure meaningful impact for key stakeholder groups.”

# 2 | Advocacy and adoption

According to Ramsey, this group will focus on expanding and extending the adoption and use of cybersecurity standards worldwide.

The idea is for members to create and maintain relationships with key stakeholder groups and agencies, organizing opportunities to work together with other organizations globally, and developing materials that help all relevant sectors better utilize standards and technical guidance.

# 3 | Training and education

Core to the ISA’s objectives, the training and education working group will identify, scope, plan, and execute specific workforce development initiatives with consideration to all relevant job functions and industry sectors.

This includes the development and/or proliferation of training courses, web seminars, educational events, certificates, and even certification programs.

# 4 | Compliance and prevention

The compliance and prevention working group is expected to focus on expanding and developing compliance, prevention, and harmonization initiatives to leverage the collective expertise and intelligence of member companies for the common good of the industry.

Given that the ISA’s Global Cybersecurity Alliance has just been formed, Ramsey pointed out that each working group will identify priorities and projects to scope, fund, and execute in the coming months.