There’s no question that attacks on operational technology (OT), Industrial Internet of Thing devices (IIoT) and industrial control systems (ICS) are increasing year-over-year. In fact, according to a report by Security Week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) disclosed more than 1,300 common vulnerabilities and exposures (CVEs) in 2022, up from about 1,100 the year before.
This year is showing no sign of relief with nearly 700 new vulnerabilities reported by CISA in the first half of 2023 alone. The global ICS security market is projected to reach nearly $18 billion by 2029, according to a study by Data Bridge Market Research.
To help manufacturers meet the market need for greater security in ICS, FM Approvals in early 2021 introduced a state-of-the-art ICS cybersecurity laboratory at its headquarters in Norwood, Massachusetts, USA. The lab is accredited by both the Standards Council of Canada (SCC) and ISASecure® as a certification body (CB) to the ISA/IEC 62443 series of standards. ISASecure is a third-party conformity assessment focused solely on the ISA/IEC 62443 series of standards and accepted worldwide.
OT, IIoT and ICS products that successfully complete FM Approvals' cybersecurity evaluation program will bear the FM Diamond along with a specific security level which signifies that the product meets the security requirements and is free from known vulnerabilities at that given security level. These products will be listed in a special cybersecurity section of the Approval Guide and listed on the official ISASecure certified product registration list available for viewing at https://www.isasecure.org/.
Built-in value
The benefits of FM Approvals’ cybersecurity certification program include:
- Signals to end users that the system meets certain standards with respect to known vulnerabilities and weaknesses;
- Provides an easy way of specifying security needs;
- Reduces time spent on testing security during factory or site acceptance testing (FAT/SAT);
- Differentiates products with an increased value proposition to end users;
- Assures customers that product security will be maintained over the product lifecycle; and
- Makes cybersecurity an important part of product quality by promoting and rewarding Secure-by-Design practices.
Outreach
For the past year, and for the foreseeable future, representatives from the FM Approvals cybersecurity laboratory are presenting in-depth presentations for existing and prospective customers at industry trade shows, cybersecurity technical conferences, advisory meetings, and customer site visits.
“We are dedicated to helping FM Approvals customers and others ensure that their critical infrastructure and industrial control systems (ICS) are as secure as possible,” says Khalid Ansari, FM Approvals’ principal cybersecurity engineer. “We believe that educational outreach is a vital part of our mission. Many of those who would benefit from SDLA (software development lifecycle assurance) certification (fig 1) are already FM Approvals customers within our electrical group. However, they may not be aware of our new cybersecurity certification offering.”
A major part of this educational effort includes attendance and participation in key industry trade shows, cybersecurity forums, webinars, and other events. Some of the events that the FM Approvals cybersecurity team have taken part in this year or plan to attend, include:
Intersec, Dubai, UAE – January 2023
Intersec 2023 set a new visitor record at 43,000 attendees from 131 countries. The Middle East and Africa’s cybersecurity market size was valued at USD $5.92 Billion in 2021 and is projected to reach USD $19.79 Billion by 2030. Increase cyber threats and cyber terrorism is driving regional industry to invest in cybersecurity. This is especially true across the healthcare, manufacturing, and government sectors.
Intersec was attended by FM Approvals’ principal cybersecurity engineer, Khalid Ansari, who presented at the breakout Cybersecurity Conference and moderated a panel discussion (fig 2).
S4x23 Conference, Miami, Florida, USA – February 2023
This annual three-day conference was devoted to all things cybersecurity and geared toward early adopters and pioneers who are experienced in ICS security. The event mantra was “Create the Future”.
S4x23 was attended by FM Approvals’ operations vice president Patrick Byrne, advanced engineer Chris Shaffer, and Khalid Ansari (fig 3). Back in 2022, Mr. Ansari presented on the IEC 62443 family of standards at S4x22, which continued to be a focus at S4x23.
Hannover Messe, Hannover, Germany – April 2023
“Industrial Transformation – Making a Difference” was the theme of the 2023 Hannover Messe conference. More than 4,000 companies from the mechanical engineering, electrical and digital industries as well as the energy sector showcased technologies and solutions for a connected and climate-neutral industry. The symposiums covered a broad range from the digitalization and automation of complex production processes, the use of hydrogen to power factories, and the use of software to register and reduce carbon footprints.
FM Approvals’ advanced engineer Chris Shaffer attended the conference along with Christoph Lenk (fig 4) of FM Approvals’ EMEA business development team.
DOE Cybersecurity and Technology Innovation Conference, Minneapolis, Minnesota, USA – May 2023
This conference is an annual capstone event designed to strengthen relationships, provide training and practical exercises, share best practices and lessons learned. The theme for the 2023 conference was “Collaborative Innovation and Collective Cyber Defense”.
FM Approvals’ Khalid Ansari took part in the moderated panel discussion, entitled, “One and Net-Zero” (fig 5). In his remarks, Ansari highlighted the importance of cybersecurity standards and secure-by-design products.
China International Petroleum & Petrochemical Technology and Equipment Exhibition (CIPPE), Beijing, China – May 2023
One of the world’s leading events for the oil & gas industry. Annual three-day gathering in Beijing. Provides an opportunity for connections with like-minded professionals, and showcases advanced technology and new ideas
Attended by FM Approvals business development team, including business development engineer Joseph Leung who presented on the topic of “Standards-based Cybersecurity Certification of ICS, IIoT and Connected Products.”
Automatica, Munich, Germany – July 2023
One of the world’s leading exhibitions devoted to smart automation and robotics. Attended by more than 46,000 trade visitors, including suppliers, buyers, decision makers and robotics enthusiasts. Over 900 exhibiting companies.
Attended by FM Approvals’ business development team in Europe, including Christopher Lenk and Witali Engelhardt.
Abu Dhabi International Petroleum Exhibition and Conference (ADIPEC), Abu Dhabi, UAE – October 2023
ADIPEC’s 16 exhibition halls featured a dedicated “Manufacturing & Industrialization Technical Conference” focusing on Cybersecurity in Manufacturing – specifically the de-risking of automated and autonomous systems, IT/OT integration methods, and smart machines. The event also featured four specialized industry areas – the Decarbonization Zone, Maritime & Logistics Zone, Digitalization in Energy Zone, and Manufacturing & Industrialization Exhibition & Conference.
The FM Approvals’ APAC business development team exhibited and attended. On October 4th, Khalid Ansari, FM Approvals Principal Engineer for Industrial Control Cybersecurity, presented “It’s Smart, But Is It Secure?” – an informative talk focusing on standards-based cybersecurity certification for ICS, OT, and IIoT.
American Petroleum Institute (API) Cybersecurity Conference, The Woodlands, USA – November 2023
The 18th Annual API Cybersecurity Conference & Expo. This show looks like over the horizon by showing attendees how the latest technologies can help counter cyber espionage, address cyber warfare, and make cyber efforts secure.
Planned attendance and booth by FM Approvals business development team and principal cybersecurity engineer Khalid Ansari.
To learn more about FM Approvals’ cybersecurity certification services, please contact Khalid Ansari at khalid.ansari@fmapprovals.com.