Cybersecurity is a Global Imperative

ISA/IEC 62443 standard?

The most popular Cybersecurity standards and frameworks are primarily aimed at IT environments. ISA, an established organization that has been developing standards for automation for many years, developed the ISA/IEC 62443 standards. They are purpose-built to address security issues unique to industrial automation and control systems (IACS) and operational technology (OT).

Unlike the more general NIST Cybersecurity Framework (CSF) or ISO 2700x guidelines, ISA/IEC 62443 (IEC 62443, for short) provides a series of requirements and methods to manage security challenges in IACS and industrial environments.

The ISA/IEC 62443 series of standards, developed by the ISA99 committee and adopted by the International Electrotechnical Commission (IEC), provides a flexible framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems (IACSs). The committee draws on the input and knowledge of IACS security experts from across the globe to develop consensus standards that are applicable to all industry sectors and critical infrastructure.

The IEC 62443 documents are structured into a multi-tier grouping of four layers.

IEC 62443 standards overview - courtesy of ISA

General: Introductory information, vocabularies, concepts, and example use cases.
Policies and Procedures: Program requirements, patching, implementation guidance, etc.
System: Assessment approaches, security requirements levels and technologies.
Component: Product lifecycle and technical requirements for components used within a system

The ISA/IEC 62443 standards do not directly supersede nor replace the ISA95 and Purdue models. Instead, they leverage previous concepts, and divide security and management of cyber risk into several areas. These cover not only cyber security reference architectures, but also guidance for security processes, requirements, technology, controls, security acceptance/factory testing, product development, security lifecycles, and a cybersecurity management system (CSMS).
The 62443 standards reach beyond ISA95 in terms of coverage, cybersecurity and modern concepts, but ISA95 and the Purdue models may still have value for organizations that have specific security requirements, for example when Industrial Internet of Things (IIoT) devices are connected directly to the Internet or the cloud.

Why ICS/OT Infrastructure is Insecure

Industrial control system (ICS)/operational technology (OT) infrastructure security is different in many ways from informational technology (IT) security, and one of the main reasons is the reverse confidentiality, integrity, availability (CIA) trade. In OT infrastructure, availability is the highest priority, and because of this implementing cybersecurity solutions to secure OT infrastructure is a very crucial task. It requires good command over proposed cybersecurity solutions, security standards/framework, ICS functions, and their operations. Here, we will cover the aspects that make ICS/OT infrastructure insecure.

ISA/IEC 62443 Cyber Security Expert Program

ISA offers flexibility with training to meet the needs and preferences of customers, by offering the same training in several formats.

These are the different formats:

  • Open Enrollment= (Virtual) instructor Led Training (remote during COVID-19)
  • Online = with Instructor Assistance
  • On-demand = Self study Modules
  • Blended Learning = On-demand courses incl. Practical Exercises
ISA Cybersecurity Certificates (V)ILT Online On-demand
Certificate 1: ISA/IEC 62443 Cybersecurity Fundamentals Specialist IC-32 IC-32E IC-32M
Certificate 2: ISA/IEC 62443 Cybersecurity Risk Assessment Specialist IC-33 IC-33E IC-33M
Certificate 3: ISA/IEC 62443 Cybersecurity Design Specialist IC-34 n.a. IC-34M
Certificate 4: ISA/IEC 62443 Cybersecurity Maintenance Specialist IC-37 n.a. IC-37M

Regardless of which Road you choose the result is the same
You get the same content needed to pass the related electronic exam as you continue down the Road to earning the designation of ISA/IEC 62443 Cybersecurity Expert.

To earn the ISA/IEC 62443 Cybersecurity Expert designation, individuals must successfully complete certificates 1-4

Differences in Learning Methods (V)ILT Online On-demand Blended (*)
ISA/IEC 62443 Content needed to pass related Cyber Security Exam X X X
Eligible for ISA/IEC62443 Certificate Program Exams X X X
Can be taken from your Home (X) X X
Led by Live (remote) Instructor X X
Instructor available for questions via Google group, email, and Conference Call X
Self-study Modular Content X X
Classroom Lab Exercises (remote) X X
Demo or Virtual labs (X) X
Homework Exercises X
Duration 2 – 3 days 7 – 8 weeks At your own pace plus 1 day

We also have an option for you to take the exams from your home.
For more details on this testing option see Online Proctoring for ISA Exams

Pricing of the modules (incl. exam with a value of € 200,-)

ISA Cybersecurity Certificates (V)ILT Online On-demand Blended (*)
Certificate 1: ISA/IEC 62443 Cybersecurity Fundamentals Specialist IC-32 € 1.875,00 IC-32E € 1.875,00 IC-32M € 1.875,00 N.A.
ISA member € 1.575,00 € 1.575,00 € 1.575,00 N.A.
Certificate 2: ISA/IEC 62443 Cybersecurity Risk Assessment Specialist IC-33 € 2.575,00 IC-33E € 2.575,00 IC-33M € 1.875,00 € 2.575,00
ISA member € 2.175,00 € 2.175,00 € 1.575,00 € 2.175,00
Certificate 3: ISA/IEC 62443 Cybersecurity Design Specialist IC-34 € 2.575,00 IC-34M € 1.875,00 € 2.575,00
ISA member € 2.175,00 € 1.575,00 € 2.175,00
Certificate 4: ISA/IEC 62443 Cybersecurity Maintenance Specialist IC-37 € 2.575,00 IC-37M € 1.875,00 € 2.575,00
ISA member € 2.175,00 € 1.575,00 € 2.175,00
Certificate 2,3,4: ISA/IEC 62443 Cybersecurity Fast Track (IC-33, IC-34, IC37 in one week) Fasttrack € 6.500,00
ISA member € 5.750,00

(V)ILT is (Virtual) instructor Led Training (remote during COVID-19)
IC-CPE offers Practical Exercises for _M course
(*)  IC-CPE is under developement
Blended learning combines on-demand (IC-33M, IC-34M or IC-37M)
with traditional place-based classroom methods (IC-CPE)