an overview of isa99 part 1

October 2007

Standards

Certification

Education & Training

PublishingConferences & Exhibits

Eric C. CosmanPrincipal Editor

An Overview of ISA99Part 1

Copyright 2007 by ISA, www.isa.orgPresented at ISA EXPO 2007, 2-4 October 2007, Reliant Center, Houston, Texas

1October 2007 ISA Expo 2007

ISA99 Part 1

“Security for Industrial Automation and Control Systems: Terminology, Concepts and Models”

2October 2007 ISA Expo 2007

Our theme…

• A noble quest…With characters, situations, and occasional absurdity.

3October 2007 ISA Expo 2007

Your narrator…

• A member of the ISA99 committee since its formation

• A founding member of the Part 1 working group• Editor of Part 1• Representing the interests of the chemical

sector

4October 2007 ISA Expo 2007

Our Topics…

• ISA99 Context (The Landscape)

• The Evolution of Part 1

• Overview of Content

• Relevance to Other Parts

5October 2007 ISA Expo 2007

ISA-99 Context

ISA99.00.04 – Part 4: Security Requirements for Industrial

Automation and Control Systems

ISA99.00.03 – Part 3: Operating an Industrial Automation and

Control Systems Security Program

ISA99.00.02 – Part 2:Establishing an Industrial Automation and

Control System Security Program

ISA99.00.01 – Part 1:Concepts, Terminology and Models

ANSI/ISA-TR99.00.01-2004:Security Technologies for Manufacturing and

Control Systems

Completed

In Progress

Planned

Legend

6October 2007 ISA Expo 2007

ISA99 Leadership

• Eric Byres• Eric Cosman• Robert Evans• Jim Gilsinn • Tom Good• Evan Hand• Charley Robinson (ISA Staff)

• Johan Nye• Tom Phinney• Bryan Singer • Keith Stouffer• Bob Webb• Joe Weiss

“But all the decisions … have to be ratified at a special biweekly meeting…by a simple majority, in the case of purely internal affairs.”

7October 2007 ISA Expo 2007

ISA99 Committee Structure

• Over 260 Members and 220+ companies• Working Group 1 – Security Technologies• Working Group 2 – building & maintaining a security program

(ISA99 Part 2)• Working Group 3 – Concepts, Models, and Terminology

(ISA99 Part 1)– 30 registered members

• Working Group 4 – Security Requirements• Working Group 5 – SP99 Leadership• Working Group 6 – Patch Management

“… Wise and creative, you are able to counsel others as well as come up with some really ingenious plans of attack… sort of.”

8October 2007 ISA Expo 2007

Our Topics…

• ISA99 Context (The Landscape)

• The Evolution of Part 1

• Overview of Content

• Relevance to Other Parts

9October 2007 ISA Expo 2007

Working Group 3

• Work begins in 2004, First draft in July 2004

• Seven revisions to Draft 1• Models reorganized for Draft 2• Seven revisions to Draft 2• Draft 2 Edit 9 submitted for committee vote (approved)• Comments reflected in a revised Draft 3• Draft 3 Edit 5 submitted for committee vote (approved)• Draft 4 Edit 1 prepared as the final standard in July

“I seek the finest and bravest knights to join me in my court at Camelot.”

10October 2007 ISA Expo 2007

ISA d99.00.01 Draft 2 Edit 9

• Released for vote in April 2006• Voting closed May 30, 2006• >50% of eligible voting

members approved– 80% of those who voted

approved– 4 disapprovals, 1 abstention

• 283 comments received • 183 editorial, 73 technical, 27

general

√Two thirds of votes received

√Majority of voting members

11October 2007 ISA Expo 2007

ISA d99.00.01 Draft 3 Edit 5

• Released for vote in February 2007

• Voting closed March 9, 2007• >50% of voting members

approved– no disapprovals

• 280 comments received from 24 reviewers– 163 editorial, 117 technical

√Two thirds of votes received

√Majority of voting members

Draft 3 Edit 5February 2007

ISA-d99.00.01 (Draft 3, Edit 5) February 2007

12October 2007 ISA Expo 2007

ISA d99.00.01 Summary

• Draft 4 Edit 1 incorporates all changes and improvements

• Substantial contributions from over ten authors• Over 600 formal comments received from over 25

reviewers• Over 20 drafts and edits• Elapsed time for Part 1: 3 Years

13October 2007 ISA Expo 2007

Our Topics…

• ISA99 Context (The Landscape)

• The Evolution of Part 1

• Overview of Content

• Relevance to Other Parts

14October 2007 ISA Expo 2007

Providing the Foundation…

• Terminology• Concepts• Models

“Who would cross the Bridge of Death must answer me these questions three.”

15October 2007 ISA Expo 2007

Terminology

• 135 terms defined as a basis for the ISA99 series

• Definitions drawn from established sources, adapted as required

16October 2007 ISA Expo 2007

Concepts

• Foundational Requirements• Defense in Depth• Security Context• Threat-Risk Assessment• Security Program Maturity• Policies• Security Zones• Conduits• Security Levels• Security Level Lifecycle

17October 2007 ISA Expo 2007

Assess Phase

Develop & Implement

Phase

Maintain Phase

Addressed in SP99 Part 2

Addressed in SP99 Part 2

Addressed in SP99 Part 3

SP99 Part 4 explores SL(Capability)

Security Lifecycle

18October 2007 ISA Expo 2007

Security Levels

High3Medium2

Low1Qualitative DescriptionSecurity Level

SL(Target) Target Security Level for a zone or conduitSL(Achieved) Achieved Security Level of a zone or conduitSL(Capability) Security Level Capability of countermeasures

associated with a zone or conduit or inherentSecurity Level Capability of devices or systemswithin a zone or conduit

19October 2007 ISA Expo 2007

Models

• Zones and Conduits• Reference Models• Model Relationships

20October 2007 ISA Expo 2007

DataServer

File/PrintServer

App.Server

WorkstationLaptop computer

Router

Plant A Zone

Controller Controller

I/O I/O

App.Server

DataServer

Maint.Server

Plant A Control ZoneFirewall

DataServer

File/PrintServer

App.Server

WorkstationLaptop computer

Router

Plant B Zone

DataServer

File/PrintServer

App.Server

WorkstationLaptop computer

Router

Plant C Zone

MainframeWorkstationLaptop computer Server Server

Enterprise Zone

Firewall

Enterprise Conduit

Plant Control Conduit

Controller Controller

I/O I/O

App.Server

DataServer

Maint.Server

Plant B Control ZoneFirewall

Firewall

Plant Control Conduit

Controller Controller

I/O I/O

App.Server

DataServer

Maint.Server

Plant C Control ZoneFirewall

Firewall

Plant Control Conduit

Zones and Conduits

21October 2007 ISA Expo 2007

Enterprise Systems(Business Planning & Logistics)

Operations Management

Supervisory Control

Basic ControlSafety and Protection

Process(Equipment Under Control)

Industrial Automation and Control

Systems

Level 0

Level 1

Level 2

Level 3

Level 4

Reference Model

22October 2007 ISA Expo 2007

System Management

Local ControlProtection

Equipment Under Control

Operations Management

Level 0

Level 1

Level 2

Level 3

Level 4

Control Centers

Wide Area Network

Site Monitoring &Local Display

Remote Sites

Enterprise Systems(Engineering Systems)

Supervisory Control

SCADA Reference Model

23October 2007 ISA Expo 2007

Model Relationships

Policies

E n t e r p r i s e

G e o g r a p h i c S i t e s

L o c a l o r R e m o t eA r e a s

L i n e s , U n i t s , C e l l s ,V e h i c l e s , E t c . . .

C o n t r o l E q u i p m e n t

F i e l d I / O

S e n s o r s a n dA c t u a t o r s

I n t e r n e t

W A N

L A N o rD i s t r i b u t e d

N e t w o r k

C o n t r o lN e t w o r k s

C o n t r o lN e t w o r k s

I / O N e t w o r k s

M a yC o n t a i n

M a yc o n t a i n

M u s tC o n t a i n

M u s tC o n t a i n

M u s tC o n t a i n

M u s tc o n t a i n

M a y b e l i n k e d b y

M a y b e l in k e d b y

M a y b e l i n k e d b y

M a y b e l in k e d b y

M a y b e l i n k e d b y

M a y b e l i n k e d b y

MainframeWorkstationLaptop computer Server Server

IBM AS/400Data

Server

File/Print

Server

App.Server

WorkstationLaptop computer

Controller Controller

I/O I/O

App ServerData ServerMaint. Server

Firewall

Router

IBM AS/400Data

Server

File/Print

Server

App.Server

WorkstationLaptop computer

Controller Controller

I/O I/O

App ServerData ServerMaint. Server

Firewall

Router

IBM AS/400Data

Server

File/Print

Server

App.Server

WorkstationLaptop computer

Controller Controller

I/O I/O

App ServerData ServerMaint. Server

Firewall

Router

Enterprise Zone

Plant A Zone Plant B Zone Plant C Zone

Plant A Control Zone Plant B Cotrol Zone Plant C Control Zone

AssetsZone and Conduit

Model

Policies, Procedures

and Guidelines

MainframeWorkstationLaptop computer Server Server

IBM AS/400Data

ServerFile/PrintServer

App.Server

WorkstationLaptop computer

Controller Controller

I/O I/O

App ServerData ServerMaint. Server

Firewall

Router

IBM AS/400Data

ServerFile/PrintServer

App.Server

WorkstationLaptop computer

Controller Controller

I/O I/O

App ServerData ServerMaint. Server

Firewall

Router

IBM AS/400Data

ServerFile/PrintServer

App.Server

WorkstationLaptop computer

Controller Controller

I/O I/O

App ServerData ServerMaint. Server

Firewall

Router

Enterprise Zone

Plant A Zone Plant B Zone Plant C Zone

Plant A Control Zone Plant B Cotrol Zone Plant C Control Zone

Reference Architecture

24October 2007 ISA Expo 2007

Our Topics…

• ISA99 Context (The Landscape)

• The Evolution of Part 1

• Overview of Content

• Relevance to Other Parts

25October 2007 ISA Expo 2007

Providing the Foundation

• Glossary of terms and abbreviations• Reference model (similar to ISA95)• Zone and conduit concept (network partitioning)• Security levels concept to be expanded in Parts 2

& 4• Foundational requirements set the stage for Part 4• Security life cycle and program maturity extend to

Part 2

“Please! This is supposed to be a happy occasion. Let's not bicker and argue over who killed who.”

26October 2007 ISA Expo 2007

Review

• ISA99 Context • The Evolution of Part 1• Overview of Content• Relevance to Other Parts

√√√√

27October 2007 ISA Expo 2007

Questions?