International Society of Automation (ISA) executive director Patrick Gouhin delivered a keynote address, entitled, “Utilizing an Operational Technologies Approach to Mitigating Cybersecurity Risk” at the Cybersecurity Conference in Raleigh, NC, December 15, which was co-hosted by the US Chamber of Commerce and the North Carolina Chamber of Commerce.
Top experts from government, law enforcement, and the private sector participated in the summit, offering technical information and best practices to help small- and mid-size businesses navigate the cybersecurity framework released by the White House. Experts from DHS, the FBI, Duke Energy, Smith Anderson, SAS, FS-ISAC, the National Institute of Standards and Technology, Century Link, NC State University, UNC-Charlotte, Duke University, and others, presented on topics such as securing the cyber supply chain, engaging with law enforcement, protecting cyber networks, data breaches, and the evolution of cybersecurity in universities and higher education.
Gouhin’s keynote focused on leveraging an operational technologies approach to cybersecurity challenges, explaining that while IT (information technology) approaches focus on the computers and servers that make the business run, OT (operational technology) approaches focus on the machines that make the factory or plant run.
Gouhin described industry standards development work underway within ISA99, a consensus-based standards committee of more than 500 international experts representing all sectors and critical infrastructure, including energy, water, chemical processing, petroleum refining, food and beverage, pharmaceuticals, and manufacturing. The committee is developing a cohesive series of technical standards and best practices (ISA/IEC 62443) focused on industrial automation and control systems security. The keynote also featured information about conformance schemes (ISASecure) used to certify products so that asset owners can have confidence that the industrial automation and control systems and products they purchase are robust against network attacks and free from known security vulnerabilities.
“It was an honor to deliver a keynote address to this audience filled with cybersecurity experts from industry, small- and medium-sized business leaders, and government agencies,” said Gouhin. “The challenge that we face is very real, and the solutions are vital to the survival and success of manufacturing companies and critical infrastructure around the world. We have hundreds of cybersecurity experts from around the world working together to deliver common-sense risk mitigation approaches for industry, and we look forward to continuing our leadership in this area.”
In 2014, the National Institute of Standards and Technology (NIST) released a cybersecurity framework to help businesses start a cybersecurity program or improve an existing one. The framework was developed in collaboration with public and private organizations, including companies, trade associations, and the US Chamber's Cybersecurity Working Group.
The framework features a number of industry-vetted actions that businesses can take to assess and strengthen their state of security over time. It provides organizations—including their customers, partners and suppliers—with common language for understanding their current cybersecurity posture, setting goals for cybersecurity improvements, and much more.
“A few years ago, cyberattacks against the government and corporations were on the margins of news stories, but now a day doesn't go by that we don't hear about a data breach or cyber-intrusion,” said Ann Beauchesne, senior vice president for National Security and Emergency Preparedness at the U.S. Chamber. “Through this conference and our cybersecurity awareness campaign, the Chamber is urging businesses of all sizes to adopt fundamental Internet security practices to reduce network weaknesses and make the price of successful hacking steep.”
For more information about ISA’s cybersecurity offerings, visit www.isa.org/cybersecurityresources.
For related articles, news, and equipment reviews, visit our Instrumentation & Control Equipment Zone
Click here for a List of Instrumentation & Control Equipment Manufacturers