Update to ISA/IEC 62443 Standards Addresses Organization-Wide Cybersecurity in Industrial and Critical Infrastructure Operations

DURHAM, N.C., Jan. 28, 2025 /PRNewswire/ -- The International Society of Automation (ISA) — the leading professional society for automation — has announced the publication of ANSI/ISA-62443-2-1-2024, Security for Industrial Automation and Control Systems. It is the latest update to the ISA/IEC 62443 series of standards, the widely used global consensus-based automation and control systems cybersecurity standards.

Addressing cybersecurity on an organization-wide basis can be a daunting challenge for companies that rely on industrial automation and control systems (IACS) in their manufacturing, processing and critical infrastructure operations. While no one-size-fits-all set of security practices can meet the widely varying security needs across global industry, ANSI/ISA-62443-2-1-2024 addresses the complexity by setting forth requirements for establishing, implementing, maintaining and continually improving a security program intended to reduce IACS security risks to tolerable levels. The requirements are written to be implementation independent, allowing asset owners to select approaches most suitable to their needs. This update of the 2010 version provides significant technical changes including a revision of the requirement structure into security program elements and a maturity model for evaluating requirements.

The standards are developed by the ISA99 Standards Committee as American National Standards, with simultaneous review and adoption by the Geneva-based International Electrotechnical Commission. ISA99 draws on the input of cybersecurity experts across the globe in developing the standards, which are applicable to all industry sectors and critical infrastructure in providing a flexible and comprehensive framework to address and mitigate current and future security vulnerabilities in IACS.

"Security is a balance of risk versus cost, and each situation will be different," said ISA99 Co-Chair Eric Cosman of OIT Concepts. "In some, the risk can be related to health, safety and environmental factors rather than purely economic impact — presenting the possibility of an unrecoverable consequence instead of a temporary financial setback. Thus, a predetermined set of mandatory security practices could be overly restrictive and costly — or else insufficient to address the risk. This newly updated standard provides the flexibility to reach the right level of risk versus cost for a given operation."

To learn more about the ISA/IEC 62443 series of standards, visit www.isa.org/62443standards.

About ISA
The International Society of Automation (ISA) is a non-profit professional association founded in 1945 to create a better world through automation. ISA's mission is to empower the global automation community through standards and knowledge sharing. ISA develops widely used global standards and conformity assessment programs; certifies professionals; provides education and training; publishes books and technical articles; hosts conferences and exhibits; and provides networking and career development programs for its members and customers around the world. Learn more at www.isa.org.

About ISAGCA
The ISA Global Cybersecurity Alliance (ISAGCA) is a collaborative forum to advance OT cybersecurity awareness, education, readiness, standardization, and knowledge sharing. ISAGCA is made up of 50+ member companies and industry groups, representing more than $1.5 trillion in aggregate revenue across more than 2,400 combined worldwide locations. Automation and cybersecurity provider members serve 31 different industries, underscoring the broad applicability of the ISA/IEC 62443 series of standards. Learn more at www.isagca.org.

SOURCE The International Society of Automation