ISA working on standards for securing plant-floor networks

Plant-floor control network security is an urgent issue for manufacturers seeking to integrate control and enterprise systems and, at the same time, secure critical operations and processes. With that in mind, the Instrumentation, Systems, and Automation Society (ISA) is working on an industry standard—SP99—that vendors can use to develop secure plant-level control networks.

According to Bryan Singer, chairman of the SP99 standards committee, a draft of Part 1 of the standard will be released for comment by March 2006. This first section—Concepts, Models, and Terminology—attempts to forge a common language to enable IT/plant-floor collaboration necessary to build secure control-layer networks using standard local area network architectures.

Part 2 of the standard—Establishing a Manufacturing and Control System Security Program—will be released in third quarter 2006.

The final standard will contain four parts. One of the proposed features of Parts 3 and 4 will be built around the concept of a security authentication level, or SAL. The SAL is a way of quantifying the effects of a security breach in a system comparable to safety-integrity level ratings that measure the safety of a given process.

"We're trying to answer the question, how secure do you need to be," says Singer. "The SAL will help people build and buy systems according to their security requirements.

"We don't know what the first iteration [of the SAL] will be," Singer continues. "We've all been batting the idea around. The only thing holding us up on this is that we want to finish the first two parts of the standard first."