The Industrial Automation Control Products and Systems product section of the National Electrical Manufacturers Association (NEMA) has released a
of its principles on the subject of cybersecurity.
Industrial control system (ICS) products are computer-based systems that make use of specialized software and embedded devices that control and automate processes and machines. They are essential components of critical and non-critical infrastructure alike, including but not limited to manufacturing facilities, oil refineries, chemical facilities, power plants, electrical grids, pipelines, rail networks, and water treatment systems.
“The competitive nature of the ICS market drives continual improvement in product security,” said Raj Batra, President of Siemens Industry Automation in the U.S.
“Vendors are hardening hardware with additional security features, which ultimately benefits the end user.
The vendors that provide these enhanced security attributes will enjoy a competitive advantage.”
The statement lists a number of actions that the vendors believe they have a responsibility to take.
For instance, ICS vendors believe they should “provide clear documentation regarding the international security standards to which their products conform, as well as the methods used to assess conformity.”
“A core message of our statement is ‘managing the risk of malicious access to ICS products is a shared responsibility that requires ongoing coordination among end-users, systems integrators, and ICS product vendors,’” said Jim Motes, Vice President and Chief Information Security Officer at Rockwell Automation.
The statement also identifies real-world factors that set reasonable security-related expectations to be directed at vendors of ICS products. For example, ICS products that were designed, sold, and installed many years ago remain in use in countless infrastructure and manufacturing processes, and many old ICS products that are still in use today cannot easily support security-related software/firmware updates.
Further, the ways that users configure, manage, and maintain their facilities can impact cybersecurity at least as much as the attributes of individual embedded ICS products, both old and new.
NEMA's ICS product manufacturers agree that protecting industrial control systems is a collaborative effort and they are dedicated to playing their part.
NEMA is the association of electrical equipment and medical imaging manufacturers, founded in 1926 and headquartered in Rosslyn, Virginia. Nearly 400 members strong, its companies manufacture a diverse set of products including power transmission and distribution equipment, lighting systems, factory automation and control systems, and medical imaging and radiation therapy systems. Total U.S. shipments for electroindustry products exceed $100 billion annually.