Post on 02-Jan-2016
ISA–The Instrumentation, Systems, and Automation Society
ISA SP-99 Introduction: Manufacturing and Control
Systems Security --Kickoff Meeting
Call to Order
Images Contained Herein May Not be Used Without Explicit Permission
ISA SP-99 Agenda Item 2
Introductions/Circulate Roster
ISA SP-99 Agenda Item 3
Review and Modify the Agenda
ISA SP-99 Agenda Item 4
Nominate Vice-Chairman and Secretary
•Discussions on Nominations•Identify Nominees if possible
ISA SP-99 Agenda Item 5
Review Officer Responsibilitiesand Guidelines
•Managing Director appoints Chairman•Appoint Vice Chairman•Appoint Secretary•Other responsibilities …
1- From S&P Manual of Procedures, Dec 8 1997
ISA SP-99 Agenda Item 6
Recommendations for FurtherAppointments
• Editor(s)• Others
ISA SP-99 Agenda Item 7
S&P Procedures
•Standards and Practices Committee Guide•Standard and Practices Department Manual of Procedures
ISA SP-99 Agenda Item 8
Review of Scope, Purpose, Title,Tasks
ISA SP-99 Scope and PurposeManufacturing & Process Control systems whose failure or
compromise of contained information could endanger public or employee health or safety, violate federal or state regulations, or cause economic loss, and which have interfaces providing communications with external systems.
For the purposes of this standard, manufacturing & process control systems is taken in the broadest possible sense, to include both process control, manufacturing operations and systems, continuous, discrete, and batch, control and safety systems, serving all types of plants, facilities, and systems in all industries.
Agenda Item 11
ISA SP-99 Title
Manufacturing and Control Systems Security
Agenda Item 11
ISA SP-99 Committee Liaisons
•ISA SP-95 Keith Unger•ISA SP-67 Bob Webb•ISA SP-91 TBD•ISA SP-84 Vic Maggioli•ISA SP-50 TBD•NIST PCSRF – Dave Teumim• IEC, IEEE, IAS?•Others?
ISA SP-99 Vendor Representatives
•Who do we have Currently Represented?•Who Else should we Attempt to Involve?
ISA SP-99 Agenda Item 10
Technical Report Working GroupInitial Proposed Section Titles:• Manufacturing and Control Systems Security Overview• Survey of Technology as Applicable to Manufacturing and Control Systems• Integrating Security into the Manufacturing and Control Systems Environment•Audit and Metrics of Security Performance
ISA SP-99 Technical Report Purpose “Close the Barn Door After the Horse is Gone.” Security is
already a problem Make technical and procedural recommendations that will
improve current security of process control systems, but not necessarily finalized measures
Represent current “best practice” thoughts and general recommendations in absence of the full discovery and analysis of the standards creation process
Essence should be on speed of delivery with definite goals, under the premise that a full standards effort is right behind the technical report
Agenda Item 11
Technical Report Section 1:Manufacturing and Control System Security Overview Provide General Introduction, Statement of Intent, Purpose, Etc
for Technical Report Definition of Scope Definition of Terminologies Used Within Report Reference Resources Used in Creation of Report
ISO/IEC 17799 BS 17799-2 ISO/IEC 15408 NIST PCSRF SPS ISO/IEC 13335 Others?
Agenda Item 11
ISA–The Instrumentation, Systems, and Automation Society
Technical Report Section 2: Survey of Technology as Applicable to Control Systems
Eric Byres, P.Eng.
eric_byres@bcit.ca
Agenda Item 12
The Task
Prepare an abstract for:Section 2 -Survey of Technology as applicable to Manufacturing and Control Systems.
Base this on ISO 17799 standard.
Bad News…
The ISO 17799 Standard Doesn’t Really Address Technology Well.
Focuses on Audit “Check List”
Agenda Item 12
Proposed Solution
Define 5 Broad Classes for Security Technology:1. Filtering/blocking Technology (E.G. Firewalls)2. Encryption Technology 3. Authentication Technology 4. Detection Technology (Intrusion Prevention)5. Data Validation/ Integrity Technology
Agenda Item 12
Comments?
Is There Better Technology Classifications to Be Found Elsewhere?
Are We Missing Anything? E.G. Technology for Non-repudiation? E.G. Should Filtering Be Part of Authentication?
Will Something New Show up Next Year?
Agenda Item 12
Technical Report Section 3- Integrating Security into the Manufacturing and Control Systems Environment
Agenda Item 13
Technical Report Section 3 Overview
Agenda Item 13
Guidelines for Asset Identification and Business Requirements Modeling for Process Control Systems
General Guidelines for Threat Vulnerability and Assessment
Application of Commonly Accepted Technologies and Security Practices to the Control Systems Environment
Technical Report Section 4 – Audit and Metrics
Agenda Item 14
Tools, Checklists, Etc for Self Evaluation of Security Policies, Practices, and Procedures
Evaluation Tools for Analyzing Technological Performance a Security Measures
Audit Procedures for Evaluating Performance of Business Model Including Security Policies.
ISA SP-99 Agenda Item 15
Next Steps for Technical Report
• Organize Committee Into General Subcommittees toContinue Work• Produce Framework of Report Sections by January 2003•Produce Initial Draft of Sections by March 2003•Produce Final Draft for Approval by July 2003
ISA SP-99 Agenda Item 16
Schedule Next Meetings
• Conference Call in November?• Conference Call in December?• ISA Show in Houston, next Face to Face?
ISA SP-99 Agenda Item 17
Additional Agenda Items – New Business
ISA SP-99 Agenda Item 18
Review Action Items
ISA SP-99 Agenda Item 19
Final Comments/Adjourn
Bryan_singer@entegreat.com