New ISA99 Task Force Targets Cyber Threat Gaps

The Stuxnet malware, a sophisticated piece of computer malware designed to sabotage industrial processes controlled by Siemens SIMATIC WinCC and PCS 7 control systems, has left many wondering how to protect against future similar attacks. To try and answer this question, a new task force will identify necessary changes in ISA99 cyber security standards for future protection.

In the wake of Stuxnet, the new group — Industrial Automation and Control Systems Security — will aim to identify what, if any, changes are needed in the ISA99 cyber-security standards to protect industrial control systems against such sophisticated attacks.

The new group will conduct a gap analysis of the current ANSI/ISA99 standards and better identify the rapidly evolving threat landscape. The task force said it will produce a technical report summarizing the results of its analysis by mid-2011.

After the Stuxnet worm hit, an industry White Paper examined the malware and quickly determined that existing best-practice industrial security measures were insufficient against such sophisticated attacks.

“Not surprisingly, we learned that a worm as complex as Stuxnet will make short work of even the best of today’s ICS (industrial control system) security architectures,” according to White Paper author Eric Byres, CTO of Byres Security Inc. Going forward, automation systems must be able to detect and either block or be able to recover from advanced Stuxnet-like threats, according to industry analysts.

For more information on the new task force, read the full article:

For more information on the White Paper, “How Stuxnet Spreads — A Study of Infection Paths in Best Practice Systems,” read the full article: