The path to real security in the process industries is made up of many small victories, each a step toward the end goal of making it extremely difficult for a cyber penetrant or a cyber accident (whether internal or external) to have a significant effect on an operating process plant, power plant, or other industrial control system.
Although we seem to be agreeing that the responsibility for security is 75% that of the end user/asset owners, there is that 25% of the responsibliity that falls to the OEM vendors. It is incumbent on them to work to make their own products as difficult to penetrate as possible, and thus contribute to the overall security of the system.
Here's a press release from the ISA Security Compliance Institute that highlights one more small victory...one step toward offering control systems that are inherently safe and secure.
Two additional Honeywell Process Solutions achieve ISASecureTMEmbedded Device Security Assurance (EDSA) certification
Research Triangle Park, North Carolina, USA (22 August 2012) – The ISA Security Compliance Institute (ISCI) announced that two additional Honeywell Process Solutions have earned ISASecure Embedded Device Security Assurance (EDSA) certification. Honeywell’s latest demonstration of cybersecurity assurance comes on the heels of having earned, in the fall of 2011, its first EDSA certification for the company’s embedded Safety Manager device, which delivers safety assurance for operators who oversee industrial processes.
Now, two additional Honeywell industrial control system products, the company’s Experion® C300 distributed control system (DCS) controller and Experion fieldbus interface module (FIM), have completed the rigors of ISCI EDSA testing. Each of these devices now carries the ISASecureTMdesignation.
The designation recognizes the integrity of the embedded devices and their production lifecycle. This achievement follows extensive testing for communication robustness, functional security, and software development security.
The Experion C300 DCS controller supports a range of process control situations, including continuous and batch processes and integration with smart field devices. It handles process control requirements from integration with batch systems to controlling devices on a variety of networks. The Experion FIM assists the integration of FOUNDATION Fieldbus and the Experion system.
The ISASecure™ EDSA certification provides Honeywell’s customers and their procurement teams the extra assurance that these certified devices can deliver on their promises.
“Honeywell is proud to be able to demonstrate the security and robustness of our products,” commented Mike Baldi of the Honeywell Process Solutions Global Architect Team. “The ISASecure designation reflects our ability to deliver secure products to our customers, and helps us meet their demands for security assurance.”
ISASecure certified devices are registered on the ISCI website at www.isasecure.org.