UPDATE: The 12-page Call for Input document is now posted. It definitely answers the intellectual property question, but will anyone bite on giving away useful IP?
2. The participant identifies any holders of copyright interests in the contribution, and affirms that the copyright holder grants to ASCI a perpetual, irrevocable, non-exclusive, royalty-free, worldwide license to [...]

ISA99 Working Group 4 completes its three day working session today in West Palm Beach, FL. I attended some of the sessions Tuesday and Wednesday despite my earlier blog on ROI of standards efforts. It was just too close to pass up an opportunity to get an update and see some friends.
For those new to [...]

After the Congressional testimony in October, the panelists were provided with questions from committee members. Joe Weiss shares two along with his answers in his latest Unfettered entry.
Congressman McCaul asks “What are the principal differences between the ISA 99 standards and the NIST best practices found in Special Publication 800-53?”
I know and admire Joe, but [...]

I’m just back from the first face-to-face meeting of Working Group 4’s effort to write ISA SP99 Part 4. Part 4 will contain normative requirements for technical security measures in control system devices, sub-systems and systems. This means that vendors, integrators and asset owners will be able to verify or audit compliance with SP 99 [...]

There has been an effort underway for over a year now to develop a compliance organization for control system security standards. It was started at PCSF 2006 in San Diego by Eric Byres as the Control Systems Security Foundation. After some organizational research and feasibility studies it was taken over by the ISA’s Automation Standards [...]

Next week in Scottsdale there will be a three day face-to-face meeting to begin drafting a structure and table of contents on SP99 Part 4. Parts 1 to 3 provided useful guidance and  defined terms and models and set the stage for Part 4. Part 4 will be a normative standard meaning there will be [...]

Bryan Singer, the chairman of SP-99, put out a concise and informative update on the committees control system security efforts. I have copied it below with his permission.
Working Group 1: ISA TR-99.00.01 (Technical Report 1) Technologies for Industrial Automation and Controls Security - Largely due to significant editorial and substantive contributions from Idaho National Labs [...]

A few odds and ends from my one day at ISA Expo

The Expo offers an interesting dichotomy on security that may demonstrate a broader point. ISA SP99 is arguably the most active and productive control systems security body (one could make a case for NERC and some IEC committees as well). Yet walking the ISA [...]

SP99, the cyber security group in ISA, is meeting at ISA Expo in Houston. Here is a quick update.
Technical Report 1 - Security Technologies for Manufacturing and Control Systems
SP99 intends on keeping this document current and the first update is scheduled to go out for vote in Q1 2007. TR1 is a highly useful document, [...]

ISA’s SP99 has been the most active SCADA security standards body over the last two years. They have produced two technical reports and are working on a SP99 standard. The technical reports are typically available at a price just under $100 and the draft documents are only available to committee members.
For a limited time ISA [...]