ISA99 Part 1
From SCADApedia
Contents |
Part 1: Terminology, Concepts and Models
ISA's four part security standard, ISA99, covers the administrative and technical controls for Industrial Automation and Control Systems (IACS), their acronym for SCADA, DCS and other control systems. ISA envisions this standard being using across vertical sectors and certainly more broadly than the manufacturing sector.
Part 1 of the standard sets the stage by defining terms, concepts and models that will be consistently used to define requirements in the other parts of ISA99. Part 1 is not a normative standard. Products cannot be compliant or certified to SP99 Part 1.
Definitions
Section 3 of Part 1 defines 134 terms from access to zone. Many of the definitions were taken from other control system standard and guideline documents. The Part 1 definitions are also incorporated into the PCSF Combined Glossary.
The Situation
Section 4 provides a three page overview of the current IACS security situation.
Concepts
Section 5, Concepts, comprises the bulk of Part 1 and covers a lot of ground. It begins by discussions how the priority of the Confidentiality-Integrity-Availability (CIA) triangle is typically inverted in control systems to prioritize Availability highest followed by Integrity and then Confidentiality (AIC).
Foundational requirements such as Access Control and Resource Availability that will be specified in other ISA99 Parts are defined here.
The Risk/Threat Assessment process is covered in detail. While no particular formula or methodology is defined in normative, must/shall terms, the process and factors to consider is documented with many helpful tables and charts and includes response options to identified risks.
Implementing a holistic Security Program is discussed along with the maturity phases most programs go through. Guidance on an architecture for security documents is also provided.
Models
A variety of applicable models are discussed in Section 6, Models.
- The ISA 95 Five Level Model
- Asset Models
- Zone and Conduit Models
Understanding the Zone and Conduit Model is critical to implementing ISA99 requirements. Assets with similar security requirements are grouped together to form a security zone and a security level is applied to the security zone. Conduits within security zones and between security zones are defined and also assigned a security level based on the communication that passes through the conduit and the assets connected to the conduit. With the security zones and conduits defined, the asset owner is able to determine the appropriate security controls defined in other parts of ISA99.
Security Zones
Security Zones are covered in the Concepts and Models Sections. It is an important concept that will be used in the other ISA99 Parts. The Part 1 definition is "a security zone is a logical grouping of physical, informational, and application assets sharing common security requirements... A security zone has a border, which is the boundary between included and excluded elements... Zones may be considered to be trusted or untrusted."
The standard requires a minimum of three security levels for security zones: high, medium and low. Other Parts of the ISA99 standard will define administrative and technical requirements for these security levels.
Conduits
Conduits are another important ISA99 concept in the Concepts and Models Sections and is related to Security Zones. A conduit regulates communication between one or more devices in the same security zone or different security zones. A conduit within a security zone could be the control center LAN. A conduit between two zones could be the WAN connection between the primary and backup control centers.
Conduits can be trusted or untrusted. Each conduit is assigned a security level of high, medium or low, and future Parts of ISA99 will define requirements for the three conduit security levels.
Status
ISA99 Part 1 was approved and published in late 2007.
