The symposium committee is pleased to announce that Bryan Singer from Kenexis Consulting Corporation will be our invited speakeron SCADA security for the 2012 WWAC symposium. He will be presenting a talk that gives an overview of the ISA99 family of automation security standards and how to effectively apply them to your facilities.
Bryan is the founding chairman and now co-chairman of the ISA99, Industrial Automation and Control Systems Security Standards Committee, a standards body focusing on the security issues of the control systems environments. He has recently co-authored the book “Cybersecurity for Industrial Control Systems: SCADA, DCS, PLC, HMI, and SIS” and is a regular speaker on cybersecurity, industrial networks and effectively deploying SCADA technology.
An Overview of ISA99 for the Water or Wastewater SCADA Specialist
Speaker: Bryan Singer, Kenexis
The move to using open standards such as Ethernet, TCP/IP, and web technologies in SCADA (supervisory control and data acquisition) systems exposes these systems to the same types of cyberattacks that have plagued the IT world. Worse, such attacks have previously been shown to cause physical impacts to the process including shutdowns, performance delays, and possibly even dangerous failures. Addressing these challenges is a complex task involving both IT and engineering skills, and the adaptation of engineering disciplines to assure the design, implementation, and maintenance of industrial systems is resilient to cyberattacks. This talk will provide a brief overview how the ISA99 “Industrial Automation and Control systems Security” standards represent a key tool in addressing these challenges, are and how they can be used by SCADA/DCS professionals in the municipal water and wastewater sectors.
Included in the talk will be an overview of the typical stakeholders in SCADA systems and how their interests and needs for SCADA system security can vary. SCADA system stakeholders usually include facility owners, onsite technical staff, hardware/software providers, and system integrators, as well as operations and maintenance personnel. The way that the needs of stakeholders can be addressed by applying the various individual ISA99 standards documents, and associated technical reports, will be covered. This includes the ANSI/ISA-99.00.01-2007 standard that covers control system security “terminology, concepts and models” as well as the ANSI/ISA-99.00.1-2009 standard that outlines how to how to set up a control system security program, and an overview of the additional ISA99 work products both published and under development
This talk is meant to act as a brief introduction to applying ISA99 standards to SCADA systems water/wastewater automation professionals. More detailed information about ISA99 can be found in the individual ISA99 standards and technical reports or by taking one of the ISA’s two classroom-based training courses on the subject. One of the ISA’s courses (course: IC32C) is being offered as an optional full-day short-course on Aug 7th in conjunction with the symposium.
About the Speaker
Bryan Singer, CISM, CISSP is the principal security consultant with Kenexis Consulting Corporation and vice-president of Kenexis Security Corporation. He has over 20 years of experience in information technology security including 11years specializing in industrial automation and control systems security, critical infrastructure protection, computer and ICS forensics, and counter-terrorism. Mr. Singer’s background focuses on software development, network design, information security, and industrial security. He is the founding chairman and now co-chairman of ISA99, Industrial Automation and Control Systems Security Standards Committee, a standards body focusing on the security issues of the control systems environments. Mr. Singer has a Bachelors’ Degree in Computer Information Systems from Phoenix University, and holds the CISSP, CAP, CISM certifications.