ISASecure Overview: Securing the control systems supply chain using IEC 62443 standards

Participants will learn about the structure and content of the international IEC 62443 control systems cybersecurity standards and the related ISASecure ® conformity assessment program. ISASecure certifies Commercial off the Shelf (COTS) Control Devices and Systems and supplier security development lifecycle processes based upon the IEC 62443 Standards. The ISASecure conformity assessment program is a globally recognized ISO/IEC 17065 certification scheme that uses certification bodies accredited by ISO/IEC 17011 accreditation bodies such as JAB, ANSI-ANAB, and DAkkS. ISASecure is structured using the security lifecycle concepts upon which the IEC 62443 standards are based. In 2016, the ISA Security Compliance Institute established a Building Control Systems working group to evaluate the applicability of IEC 62443 and the ISASecure certification scheme to BCS. Summary results of the BCS study will also be presented. Presenter: Andre Ristano Mr. Ristaino is Managing Director of the ISA Automation Standards Compliance Institute based in RTP, North Carolina. He provides staff leadership for ISA’s conformance certification programs, including the ISASecure ® control systems certification program managed under the ISA Security Compliance Institute. Mr. Ristaino is an international presenter on the IEC 62443 standards and control systems certification. He is an invited expert to the ERNCIP in support of the EU control systems cybersecurity certification initiative, an advisor for an ORNL research project on malware in the bulk electric distribution network, an invited presenter on cybersecurity and wireless technology at ARC Forums, and has published articles in the ISA InTech magazine. Prior to ISA, Mr. Ristaino held positions at NEMA, Renaissance Worldwide, and Deloitte & Touche Consulting’s Advanced Manufacturing Technology Group where he was a recognized leader in system lifecycle methodologies. Industries served include state and local government, utilities, USAF-LC, discrete manufacturing, and pharmaceutical and FDA-regulated manufacturing sites. Mr. Ristaino earned a BS in Business Management from the University of Maryland, College Park and an MS in Computer Systems Applications from the American University in Washington DC with a focus on expert systems and artificial intelligence. Mr. Ristaino holds an APICS CPIM certification.