The Industrial Automation Control Products and Systems product section of the National Electrical Manufacturers Association (NEMA) has released a
of its principles on the subject of cybersecurity.
Industrial control system (ICS) products are computer-based systems that make use of specialized software and embedded devices that control and automate processes and machines. They are essential components of critical and non-critical infrastructure alike, including but not limited to manufacturing facilities, oil refineries, chemical facilities, power plants, electrical grids, pipelines, rail networks, and water treatment systems.
“The competitive nature of the ICS market drives continual improvement in product security,” said Raj Batra, President of Siemens Industry Automation in the U.S.
“Vendors are hardening hardware with additional security features, which ultimately benefits the end user.
The vendors that provide these enhanced security attributes will enjoy a competitive advantage.”
The statement lists a number of actions that the vendors believe they have a responsibility to take.
For instance, ICS vendors believe they should “provide clear documentation regarding the international security standards to which their products conform, as well as the methods used to assess conformity.”
“A core message of our statement is ‘managing the risk of malicious access to ICS products is a shared responsibility that requires ongoing coordination among end-users, systems integrators, and ICS product vendors,’” said Jim Motes, Vice President and Chief Information Security Officer at Rockwell Automation.
The statement also identifies real-world factors that set reasonable security-related expectations to be directed at vendors of ICS products. For example, ICS products that were designed, sold, and installed many years ago remain in use in countless infrastructure and manufacturing processes, and many old ICS products that are still in use today cannot easily support security-related software/firmware updates.
Further, the ways that users configure, manage, and maintain their facilities can impact cybersecurity at least as much as the attributes of individual embedded ICS products, both old and new.
NEMA's ICS product manufacturers agree that protecting industrial control systems is a collaborative effort and they are dedicated to playing their part.
Electrical Manufacturers Association (NEMA) represents nearly 350 electrical
equipment and medical imaging manufacturers that make safe, reliable, and efficient products
and systems. Our combined industries
account for 360,000 American jobs in more than 7,000 facilities covering every
state. Our industry produces $106 billion shipments of electrical equipment and
medical imaging technologies per year with $36 billion exports.