Stuxnet spurs ISA into action

Research Triangle Park, North Carolina – The ISA (International Society of Automation) has set up a task group to study the “rapidly evolving [cyber-]threat landscape” highlighted by the Stuxnet malware attack.

Led by the ISA99 standards committee – Industrial Automation and Control Systems Security – the study is to determine if current ANSI/ISA99 standards would have protected companies from such attacks. It will also seek to flag up any changes deemed necessary to these standards.

The Stuxnet computer worm, which was first disclosed in early 2010, is the first known malware specifically targeted against a specific control system and process operation – Iranian nuclear facilities.

Stuxnet’s capabilities may migrate into new threats, said ISA, which warns that automation systems must be able to detect and either block or be able to recover from such IT security threats.

ANSI/ISA99 standards address the issue of cyber security for industrial automation and control systems. They describe the basic concepts and models related to cybersecurity, as well as the elements contained in a cyber-security management system for use in the industrial automation and control systems environment.

“Over the next few years, these standards will become core international standards for protecting critical industrial infrastructures that directly impact human safety, health, and the environment,” said the ISA. “Industrial companies following IEC 62443 standards know they will be able to stop the next Stuxnet.”

The task group is to produce a technical summary of its analysis by mid-2011.