by Kirk Anderson, Industry Director, NEMA

July/August 2019

During a recent Industrial Control Systems Joint Working Group meeting, representatives from the Department of Defense (DOD), International Society of Automation (ISA), and National Electrical Manufacturers Association (NEMA) outlined a new program to address the growing risk of unprotected and underprotected building control systems in the U.S. and abroad.

Building owners, users, and manufacturers of control systems continuously work to find practical ways to create safe and more secure environments. Combining the expertise from ISA, NEMA, and DOD advisors, the working group has spent several months developing a proposed program in preparation for a rollout to a wider audience of industry peers.

“While cyber risks are well documented, implementing solutions that address different risk levels within a single building is no simple task,” said NEMA Industrial Products and Systems Industry Director Kirk Anderson. “Coming up with a path forward required the efforts from multiple groups, including manufacturers, installers, and end users; however, we weren’t sure if this would appeal to the entire supply chain. When the program received near-unanimous support, we knew we were on the right track.”

“The International Society of Automation has an internationally recognized certification program for automation and control systems that started in 2007,” stated ISA Managing Director Andre Ristaino. “Under the ISASecure® brand, the scope of the ISA/IEC 62443 Standards-based certification includes building management technology. The proposed facility certification would be a natural extension of the ISASecure® program.”

The national program will incentivize the use of existing Standards for cybersecurity in building control systems. It will create easy-to-understand tiers for end users to apply industry-accepted Standards to products, processes, and technology to allow end users to market cyber protections and consumers to understand the level of security present. The program would also help building owners protect building automation systems, and provide a means for insurers and other stakeholders to offer incentives for buildings to incorporate safer and more secure systems and processes. The working group plans to open the frame document to additional stakeholders’ input, with a potential launch date later this year. For more information, contact NEMA Industry Director Kirk Anderson at Kirk.Anderson@nema.org.