December 12, 2021 | Feature Article

ICS cybersecurity lab accredited

Features dedicated team of cybersecurity and industrial control experts

Supply Chain Resilience

FM Approvals' new state-of-the-art industrial control systems (ICS) cybersecurity laboratory was recently accredited by the Standards Council of Canada (SCC) as an ISASecure® certification body (CB). ISASecure is a third-party conformity assessment scheme based on the ISA/IEC 62443 series of standards and accepted worldwide.

The new cybersecurity laboratory is based in Norwood, Massachusetts, USA and features a dedicated team of cybersecurity and industrial control experts. The fully virtualized security test environment hosts its own servers and specially designed cybersecurity test stations. The lab is configured to efficiently evaluate multiple ICS products in parallel for compliance with the applicable cybersecurity standards.

ICS products that successfully complete FM Approvals' ISASecure evaluation program will bear the FM Diamond along with a specific security level which signifies that the ICS product is robust against cyber-attacks and free from known vulnerabilities. These ICS products will be listed in a special ICS Cybersecurity section of the Approval Guide and listed on the official ISASecure certified product registration list available for view at www.isasecure.org.

ISASecure

The ISASecure scheme was developed and is administered by the not-for-profit industry consortium ISA Security Compliance Institute (ISCI). The ISASecure standards-based certification scheme assesses the cybersecurity of automation and control systems to the ISA/IEC 62443-4-2 and ISA/IEC 62443-3-3 standards and certifies that the supplier/manufacturer's development processes are conformant to the eight practice areas in ISA/IEC 62443-4-1 international standard.

ISASecure certification bodies are independently assessed by ISO/IEC 17011 (EN 45011) accreditation bodies (ABs) such as the Standards Council of Canada for conformance to ISO/IEC 17025, ISO/IEC 17065 and ISASecure technical readiness specifications. ISASecure CBs are audited annually by the AB to ensure they maintain current and updated ISASecure accreditation requirements for participation in the ISASecure scheme.

"We started talking to FM Approvals in early 2021 and they formally applied to become an ISASecure CB in April, " notes ISCI managing director, Andre Ristaino. "Within six months they had their cybersecurity lab up and running and earned accreditation from the Standards Council of Canada. That's lightning fast! Some of the keys to their early success have been the quality of their cyber lab staff, their years of experience in electrical system certification, and the speed of the accreditation body—the SCC in this case."

He adds, "The adoption of the ISA/IEC 62443 series of standards is accelerating worldwide as a way for companies to ensure that their products and systems meet a high level of cybersecurity and provide a one-time, cost-effective certification for multiple markets. In the industrial world, FM Approvals is an important certification and their long-time customers have been asking for this type of cybersecurity program."

According to Ristaino, the ISA/IEC 62443 standards are in the process of being codified into national and international regulatory language around the globe. In a recent development, the IEC formally approved the ISA/IEC 62443 standards as a "horizontal' standard, applicable across many industry sectors. Where industry sector standards exist, ISA/IEC 62443 is strongly recommended to be referenced for the cybersecurity area of the standard rather than developing a redundant specification.

Using a single global cybersecurity standard and single global certification avoids costly/duplicative certifications that might occur when suppliers' products are sold into multiple industry sectors and geographic regions with each having its own cybersecurity standard. This can also reduce administrative and economic barriers to trade.

Bedrock Automation

One of the first customers to seek the ISASecure cybersecurity certification from FM Approvals is Bedrock Automation. The company is based in Boston, Massachusetts, USA and offers one of the world's most powerful and cyber secure automation systems—the Open Secure Automation (OSA®) platform. According to the company, this award-winning automation platform provides a revolutionary architecture and deeply embedded ICS cybersecurity that delivers the highest levels of system performance, cybersecurity and reliability at the lowest life-cycle cost.

"In our search for a certification body for ICS cybersecurity, we were certain that, in addition to technical comprehension, we required a company that was professional and helpful, "noted Bedrock CEO and founder, Albert Rooyakkers. "We know that our products and processes require rigorous attention to avoid vulnerabilities in design, coding and testing, and that the requirements of IEC 62443 certification necessitate support and collaboration between the auditor and the manufacturer. With their vast experience in standards approvals, we believe we have found that company in FM Approvals."

According to Patrick Byrne, manager of the new FM Approvals cybersecurity laboratory, "One of the keys that enabled us to get our program up and running as fast as we did was support from our top management. We had a clear mandate from all stakeholders, including our customers. Our choice of the ISASecure program also reduced our start-up time. By adding this new cybersecurity certification, we will be able to help our electrical system and product customers save even more time and money. We are widening the scope of our loss prevention focus on countering the threat posed by an increasingly accessible IIoT devices and systems. ISCI recently announced the development of an ISA/IEC 62443 based IIOT component certification offering as an expansion of the ISASecure conformance scheme. We look forward to adding this offering to our lineup when it becomes available in 2022."

If you have a question regarding an FM Approval of industrial control systems for cybersecurity, please send an email to information@fmapprovals.com or contact Keith Blackman directly at keith.blackman@fmapprovals.com or +1 781 255 4814.