An Overview of ISA99 Part 1

October 2007

Standards

Certification

Education & Training

PublishingConferences & Exhibits

Eric C. CosmanPrincipal Editor

An Overview of ISA99Part 1

Copyright 2007 by ISA, www.isa.orgPresented at ISA EXPO 2007, 2-4 October 2007, Reliant Center, Houston, Texas

1October 2007 ISA Expo 2007

ISA99 Part 1

“Security for Industrial Automation and Control Systems: Terminology, Concepts and Models”


Our theme…

• A noble quest…With characters, situations, and occasional absurdity.


Your narrator…

• A member of the ISA99 committee since its formation

• A founding member of the Part 1 working group• Editor of Part 1• Representing the interests of the chemical

sector


Our Topics…

• ISA99 Context (The Landscape)

• The Evolution of Part 1

• Overview of Content

• Relevance to Other Parts


ISA-99 Context

ISA99.00.04 – Part 4: Security Requirements for Industrial

Automation and Control Systems

ISA99.00.03 – Part 3: Operating an Industrial Automation and

Control Systems Security Program

ISA99.00.02 – Part 2:Establishing an Industrial Automation and

Control System Security Program

ISA99.00.01 – Part 1:Concepts, Terminology and Models

ANSI/ISA-TR99.00.01-2004:Security Technologies for Manufacturing and

Control Systems

Completed

In Progress

Planned

Legend


ISA99 Leadership

• Eric Byres• Eric Cosman• Robert Evans• Jim Gilsinn • Tom Good• Evan Hand• Charley Robinson (ISA Staff)

• Johan Nye• Tom Phinney• Bryan Singer • Keith Stouffer• Bob Webb• Joe Weiss

“But all the decisions … have to be ratified at a special biweekly meeting…by a simple majority, in the case of purely internal affairs.”


ISA99 Committee Structure

• Over 260 Members and 220+ companies• Working Group 1 – Security Technologies• Working Group 2 – building & maintaining a security program

(ISA99 Part 2)• Working Group 3 – Concepts, Models, and Terminology

(ISA99 Part 1)– 30 registered members

• Working Group 4 – Security Requirements• Working Group 5 – SP99 Leadership• Working Group 6 – Patch Management

“… Wise and creative, you are able to counsel others as well as come up with some really ingenious plans of attack… sort of.”


Our Topics…






Working Group 3

• Work begins in 2004, First draft in July 2004

• Seven revisions to Draft 1• Models reorganized for Draft 2• Seven revisions to Draft 2• Draft 2 Edit 9 submitted for committee vote (approved)• Comments reflected in a revised Draft 3• Draft 3 Edit 5 submitted for committee vote (approved)• Draft 4 Edit 1 prepared as the final standard in July

“I seek the finest and bravest knights to join me in my court at Camelot.”


ISA d99.00.01 Draft 2 Edit 9

• Released for vote in April 2006• Voting closed May 30, 2006• >50% of eligible voting

members approved– 80% of those who voted

approved– 4 disapprovals, 1 abstention

• 283 comments received • 183 editorial, 73 technical, 27

general

√Two thirds of votes received

√Majority of voting members


ISA d99.00.01 Draft 3 Edit 5

• Released for vote in February 2007

• Voting closed March 9, 2007• >50% of voting members

approved– no disapprovals

• 280 comments received from 24 reviewers– 163 editorial, 117 technical

√Two thirds of votes received

√Majority of voting members

Draft 3 Edit 5February 2007

ISA-d99.00.01 (Draft 3, Edit 5) February 2007


ISA d99.00.01 Summary

• Draft 4 Edit 1 incorporates all changes and improvements

• Substantial contributions from over ten authors• Over 600 formal comments received from over 25

reviewers• Over 20 drafts and edits• Elapsed time for Part 1: 3 Years


Our Topics…






Providing the Foundation…

• Terminology• Concepts• Models

“Who would cross the Bridge of Death must answer me these questions three.”


Terminology

• 135 terms defined as a basis for the ISA99 series

• Definitions drawn from established sources, adapted as required


Concepts

• Foundational Requirements• Defense in Depth• Security Context• Threat-Risk Assessment• Security Program Maturity• Policies• Security Zones• Conduits• Security Levels• Security Level Lifecycle


Assess Phase

Develop & Implement

Phase

Maintain Phase

Addressed in SP99 Part 2



SP99 Part 4 explores SL(Capability)

Security Lifecycle


Security Levels

High3Medium2

Low1Qualitative DescriptionSecurity Level

SL(Target) Target Security Level for a zone or conduitSL(Achieved) Achieved Security Level of a zone or conduitSL(Capability) Security Level Capability of countermeasures

associated with a zone or conduit or inherentSecurity Level Capability of devices or systemswithin a zone or conduit


Models

• Zones and Conduits• Reference Models• Model Relationships


DataServer

File/PrintServer

App.Server

WorkstationLaptop computer

Router

Plant A Zone

Controller Controller

I/O I/O

App.Server

DataServer

Maint.Server

Plant A Control ZoneFirewall

DataServer

File/PrintServer

App.Server


Router

Plant B Zone

DataServer

File/PrintServer

App.Server


Router

Plant C Zone

MainframeWorkstationLaptop computer Server Server

Enterprise Zone

Firewall

Enterprise Conduit

Plant Control Conduit


I/O I/O

App.Server

DataServer

Maint.Server

Plant B Control ZoneFirewall

Firewall



I/O I/O

App.Server

DataServer

Maint.Server

Plant C Control ZoneFirewall

Firewall


Zones and Conduits


Enterprise Systems(Business Planning & Logistics)

Operations Management

Supervisory Control

Basic ControlSafety and Protection

Process(Equipment Under Control)

Industrial Automation and Control

Systems

Level 0

Level 1

Level 2

Level 3

Level 4

Reference Model


System Management

Local ControlProtection

Equipment Under Control

Operations Management

Level 0

Level 1

Level 2

Level 3

Level 4

Control Centers

Wide Area Network

Site Monitoring &Local Display

Remote Sites

Enterprise Systems(Engineering Systems)

Supervisory Control

SCADA Reference Model


Model Relationships

Policies

E n t e r p r i s e

G e o g r a p h i c S i t e s

L o c a l o r R e m o t eA r e a s

L i n e s , U n i t s , C e l l s ,V e h i c l e s , E t c . . .

C o n t r o l E q u i p m e n t

F i e l d I / O

S e n s o r s a n dA c t u a t o r s

I n t e r n e t

W A N

L A N o rD i s t r i b u t e d

N e t w o r k

C o n t r o lN e t w o r k s

C o n t r o lN e t w o r k s

I / O N e t w o r k s

M a yC o n t a i n

M a yc o n t a i n

M u s tC o n t a i n



M u s tc o n t a i n

M a y b e l i n k e d b y

M a y b e l in k e d b y


M a y b e l in k e d b y




IBM AS/400Data

Server

File/Print

Server

App.Server



I/O I/O

App ServerData ServerMaint. Server

Firewall

Router

IBM AS/400Data

Server

File/Print

Server

App.Server



I/O I/O


Firewall

Router

IBM AS/400Data

Server

File/Print

Server

App.Server



I/O I/O


Firewall

Router

Enterprise Zone

Plant A Zone Plant B Zone Plant C Zone

Plant A Control Zone Plant B Cotrol Zone Plant C Control Zone

AssetsZone and Conduit

Model

Policies, Procedures

and Guidelines


IBM AS/400Data

ServerFile/PrintServer

App.Server



I/O I/O


Firewall

Router

IBM AS/400Data


App.Server



I/O I/O


Firewall

Router

IBM AS/400Data


App.Server



I/O I/O


Firewall

Router

Enterprise Zone

Plant A Zone Plant B Zone Plant C Zone

Plant A Control Zone Plant B Cotrol Zone Plant C Control Zone

Reference Architecture


Our Topics…






Providing the Foundation

• Glossary of terms and abbreviations• Reference model (similar to ISA95)• Zone and conduit concept (network partitioning)• Security levels concept to be expanded in Parts 2

& 4• Foundational requirements set the stage for Part 4• Security life cycle and program maturity extend to

Part 2

“Please! This is supposed to be a happy occasion. Let's not bicker and argue over who killed who.”


Review

• ISA99 Context • The Evolution of Part 1• Overview of Content• Relevance to Other Parts

√√√√


Questions?

Documents

An Overview of ISA99 Part 1