Drawing on its expertise in industrial automation and control systems security, the International Society of Automation (ISA) has developed a knowledge-based industrial cybersecurity certificate program.
Through the work of the ISA Committee on Security for Industrial Automation & Control Systems (ISA99), ISA has developed the ANSI/ISA99, Industrial Automation and Control Systems Security standards (known internationally as ISA99/IEC 62443).
ISA’s new certificate program, the ISA99/IEC 62443 Cybersecurity Fundamentals Specialist Certificate, is designed to help professionals involved in IT and control systems security improve their understanding of ISA99/IEC 62443 principles and acquire a command of industrial cybersecurity terminology.
Developed by a cross-section of international cybersecurity subject-matter experts from industry, government and academia, the series of ISA99/IEC 62443 standards apply to all key industry sectors and critical infrastructure, providing the flexibility to address and mitigate current and future vulnerabilities in industrial automation and control systems.
The ISA99/IEC 62443 Cybersecurity Fundamentals Specialist Certificate will be awarded to those who successfully complete a designated, two-day ISA classroom training course, Using the ANSI/ISA99 (IEC 62443) Standards to Secure Your Industrial Control System (IC32), and pass a 75-question, multiple-choice exam.
While there are no required prerequisites to register for the certificate program and an application is not required to take the exam, it is helpful if interested professionals possess at least three to five years of experience in the IT cybersecurity field, with at least two of those years in a process control engineering environment in an industrial setting.
“Our new cybersecurity certificate program is another step forward in ISA’s development as a global leader in industrial cybersecurity standards, training and education, and in building on our commitment to meeting the needs of industrial control systems professionals throughout the world,” says Dalton Wilson, ISA’s Manager of Education Services.
Throughout 2013, both ISA and its sister organization, the Automation Federation, have played prominent roles in helping the US government develop a national Cybersecurity Framework designed to thwart a potentially devastating cyberattack on critical infrastructure, such as a power plants, water treatment facilities and transportation grids.
The exam
The paper/pencil-formatted version of the ISA99/IEC 62443 Cybersecurity Fundamentals Certificate Program exam is available now. The electronic version will be available through the Prometric global network of testing centers during the first quarter of 2014.
In order to sit for the exam, applicants must register for both the aforementioned ISA course (IC32) and exam, and successfully complete the course.
The exam will cover the following areas:
• Understanding the Current Industrial Security Environment
• How Cyber Attacks Happen
• Creating a Security Program
• Risk Analysis
• Addressing Risk with Security Policy, Organization, and Awareness
• Addressing Risk with Selected Security Counter Measures
• Addressing Risk with Implementation Measures
• Monitoring and Improving the CSMS
• Designing/Validating Secure Systems
Certificate renewal requirements
Because the ISA99/IEC 62443 Cybersecurity Fundamentals Certificate Program is a certificate and not a certification, certificate holders are not required to renew the ISA99/IEC 62443 Certificate.
However, once obtained, the certificate will only be considered current for three years. After the three-year expiration date, a certificate holder will no longer be able to claim that he or she holds a current/active ISA99/IEC 62443 certificate.
In order to extend the current status of an expired certificate, a certificate holder must register for and take the related ISA99/IEC 62443 Certificate Knowledge Review. A score of 70% or higher is required to extend the current status of a certificate.
[Graphic courtesy isa99.isa.org]