Cybersecurity cert programme launched!

19/12/2013
Programme based on its ISA99/IEC 62443 series of industrial automation and control systems security standards

Drawing on its internationally recognised leadership and expertise in industrial automation and control systems security, the International Society of Automation (ISA) has developed a knowledge-based industrial cybersecurity certificate program.

Through the work of its Committee on Security for Industrial Automation & Control Systems (ISA99), the Society has developed the ANSI/ISA99, Industrial Automation and Control Systems Security standards (known internationally as ISA99/IEC 62443).

ACFF741This new certificate program, the ISA99/IEC 62443 Cybersecurity Fundamentals Specialist Certificate, is designed to help professionals involved in IT and control systems security improve their understanding of ISA99/IEC 62443 principles and acquire a command of industrial cybersecurity terminology.

Developed by a cross-section of international cybersecurity subject-matter experts from industry, government and academia, the series of ISA99/IEC 62443 standards apply to all key industry sectors and critical infrastructure, providing the flexibility to address and mitigate current and future vulnerabilities in industrial automation and control systems.

The ISA99/IEC 62443 Cybersecurity Fundamentals Specialist Certificate will be awarded to those who successfully complete a designated, two-day ISA classroom training course, Using the ANSI/ISA99 (IEC 62443) Standards to Secure Your Industrial Control System (IC32), and pass a 75-question, multiple-choice exam.

While there are no required prerequisites to register for the certificate program and an application is not required to take the exam, it is helpful if interested professionals possess at least three to five years of experience in the IT cybersecurity field, with at least two of those years in a process control engineering environment in an industrial setting.

“Our new cybersecurity certificate program is another step forward in ISA’s development as a global leader in industrial cybersecurity standards, training and education, and in building on our commitment to meeting the needs of industrial control systems professionals throughout the world,” says Dalton Wilson, ISA’s Manager of Education Services.

Throughout 2013, both ISA and its sister organisation, the Automation Federation, have played prominent roles in helping the US government develop a national Cybersecurity Framework designed to thwart a potentially devastating cyberattack on critical infrastructure, such as a power plants, water treatment facilities and transportation grids.

The exam
The paper/pencil-formatted version of the ISA99/IEC 62443 Cybersecurity Fundamentals Certificate Program exam is available now. The electronic version will be available through the Prometric global network of testing centers during the first quarter of 2014.

In order to sit for the exam, applicants must register for both the aforementioned ISA course (IC32) and exam, and successfully complete the course.

The exam will cover the following areas:

  • Understanding the Current Industrial Security Environment
  • How Cyber Attacks Happen
  • Creating a Security Program
  • Risk Analysis
  • Addressing Risk with Security Policy, Organization, and Awareness
  • Addressing Risk with Selected Security Counter Measures
  • Addressing Risk with Implementation Measures
  • Monitoring and Improving the CSMS
  • Designing/Validating Secure Systems

Certificate renewal requirements
Because the ISA99/IEC 62443 Cybersecurity Fundamentals Certificate Program is a certificate and not a certification, certificate holders are not required to renew the ISA99/IEC 62443 Certificate.

However, once obtained, the certificate will only be considered current for three years. After the three-year expiration date, a certificate holder will no longer be able to claim that he or she holds a current/active ISA99/IEC 62443 certificate. In order to extend the current status of an expired certificate, a certificate holder must register for and take the related ISA99/IEC 62443 Certificate Knowledge Review. A score of 70% or higher is required to extend the current status of a certificate.

Advertisements

Triumph on Mobile Bay – ISA plays to strengths

24/10/2011

To mutilate the word’s of Stephen Foster “I went to Alabama with a banjo on my knee…” The words were in my head and though the instrument in which I was interested wasn’t a banjo, I was going to Alabama to the 2nd ISA Automation week which was held in the old town of Mobile on the shore of a shimmering bay. It was my first visit to the state and the city and I was impressed by several things. The city itself was old and manageable, the people were friendly and the conference facilities were worthy of a city three times the size. Indeed better than most.

Having had some misgivings after the 1st Automation Week in Houston (see our blog Debacle or basis for development? Oct 2010) it was with some anxiety that attendees and especially exhibitors braved the sometimes convoluted skyways to the small Mobile Regional Airport.

They needn’t have had any worries. A resurgent ISA rose to meet that challenge and turned a fairly large and influential band of critics to acknowledge the success of the effort.

Lessons learned
The event learned many lessons from the first Automation Week. The Exhibition Area was open all day for a start instead of the “better than my job’s worth” closing during the conference sessions. This facilitated casual visitors and indeed interactivity between the booth personnel. The site was WiFi enabled throughout and this connection was free with no fussy procedures like registering or passwords.

Mardi Gras Party at #ISAutowk (Pic Jon DiPietro)

A master stroke was the decision to provide a free lunch to all the attendees, and to hold that lunch inside the supplier showcase. This ensured an excellent attendance at the showcase and multiple opportunities to network and for interaction between conference attendees and exhibitors. In addition there were daily themes – Students on the Wednesday and Technicians on the Thursday – as well as other events such as the presentation of awards to Authors on the tuesday and the Mardi Gras party held in association with FIRST the organisation set up to encourage young people to engage in technology and engineering. (Every denizen of Mobile proudly informed us  that Mardi Gras was first celebrated in that city in 1703 which was 15 years before runners-in New Orleans was founded!)

E-News
A daily e-newsletter was published each day of the event!

Day One
Day Two
Day Three

Picture Highlights

More pics on ISA Facebook Page


Post Event Message from ISA President Staples (Nov’11)

Another departure was the provision of an electronic Automation Week Daily comprising reports and impressions for each day. This was largely the work of volunteers and InTech & Automation.com staff, who fed articles to the professionals for formating. Sterling work here by Emily Kovac who sat patiently over a hot computer in the press room receiving the work of the writers.

Quality Content
But of course the highlight of the event was the conference sessions, a series of talks and discussions organised under various themes. These followed a keynote address each morning. The Technical Conference Organising Committee headed by veteran Automation guru, Greg McMillan ably abetted by deputy Dean Ford produced an enviable programme which with the associated training sessions were described by Control’s Editor in Chief Walt Boyes, as “a classic ISA symposium– but on steroids!”

One of these was a Tribute to Greg Shinskey which consisted of a panel lead be Nick Sands comprising Greg McMillan and Terry Tolliver, ISA Fellows, who both gave examples of how their lives in automation were influenced by Shinskey. This tribute included the first screening of an exclusive interview by Greg McMillan of Greg Shinskey on his latest thoughts on how to make the most of the PID controller for improving process efficiency and capacity – Shinskey and the Best of Process Control.

Keynotes to die for
The keynotes had Charlie Cutler on the first morning talking on “The Status of Real-Time Optimization and Multivariable Predictive Control” and held a full hall enthralled for the duration of his talk. Though hardly an exciting speaker in terms of delivery the quality of the content  held everybody’s attention.

Charlie Cutler, Greg McMillan, Terry Tolliver, Ross Rhinehart and Béla Lipták has the floor (Pic Jon DiPietro)

On day two there was a formidable “all star” panel of experts representing a probable four or five hundred years of cumulative automation knowledge at the one table (see pic)!  This gave a fascination vision of each experts perceptions of the past and looking forward to the future of automation. They shared their knowledge which they considered essential for advancing the use of process automation and optimisation. We gained insights on the best existing practices and new possibilities for the use of process automation and optimization for improving individual unit operation performance and overall manufacturing efficiency and capacity.

The keynote for day three was the incomparable Béla Lipták. This was to include a description of the latest developments in industrial automation, covering sensors, valves, controllers, optimization of unit operations, safety, and displays. His explained how the control and modeling techniques developed for industry are also applicable to build models for non-industrial processes. A copy of his presentation was given to each attendee and as his talk could have lasted a number of hours he indicated in advance those “slides” he would be using and those which we could study ourselves later. Would that all presenters were as considerate!

Tracks and finding ’em
The sessions which followed were well organised and gave valuable information to attendees. The tracks and their organisers are listed here:

Advanced Process Control Techniques: Russ Rhinehardt
Analyzers: Jim Tatera
Automation & Control System Design: John Munro
Energy: Don Labbe
Human Asset Optimisation: Brian Bridgewater
Installation, Operations & Maintenance: Greg Lehmann
Safety & Security: Ed Marszal & Greg Speake
Wireless Technology and Applications: Brad Carlberg

More than one participant remarked on the professionalism and the quality of content. All in all it was in the strong ISA tradition of utilising the volunteers unique knowledge and experience to provide top-class and useful information and techniques for use in the application of modern automation in process and manufacturing.

As in the previous event there was the possibility of planning a visit to Automation Week before hand and on-line by using the Pathfinder system to act as a guide to selecting a unique combination of sessions—a
conference “path”—suited to individual job function and professional goals. Technical tracks were designed to provide in-depth knowledge of various subject areas through comprehensive presentations and tutorials. Each sesion was catagorised under one or more of the following headings: Engineer, Technician, Management, Marketing and Academia/R&D/ Scientist.

The only real complaint we have heard is the fact that the proceedings were not available and would not be available for some weeks.

Recognition
There were other peripheral events too like the Honours & Awards Gala on the Monday evening where the society honours the great and the good of the Automation world. This year the societies highest honour was bestowed on Andy Chatha, President and CEO of ARC Advisory Group who was made an Honorary Member.

The Industries and Sciences and the Automation and Technology Departments of ISA recognised
the efforts of ISA Technical Division Volunteers and Officers at the Joint A&T and I&S Awards Luncheon. That evening a short ceremony and buffet to honour authors in ISA publications including InTech, ISA Transactions, Papers and Standards. A further lunchon on the Wednesday recognised the ISA’s Analysis Division leaders and paper authors.

A view of the exhibition floor

Networking opportunities
There were two events on the show floor on Tuesday night. The Divisions Spotlight Showcase was one Membership in ISA Divisions connects members to a global network of professionals with their technical and/or industry interest. Vistors met new professional colleagues and reconnected with other industry professionals who share their interests, in a casual, fun environment.

A firm celebration at ISA events through the years has been the YAPFEST, where attendees—young automation professionals (YAPs) and college students interested in careers in automation meet and share positive experiences about being a part of a professional society like ISA.

As we mentioned above the Mardi Gras party was held on the Wednesday and a fun time was had by all. The celebrations ended with a draw for a muliplicity of prizes ranging from iPads, Fluke multimeters to tee-shirts and a free ride with NASCAR driver Jennifer Jo Cobb, and her truck on the race track. (She  had made a pit-stop with her slightly damaged vehicle, on Tuesday & Thursday to edify the small boy in many of the engineers visiting the event!)

Predatary tweeting! #ISAutowk
The ready availability of WiFi meant that people were able to share experiences with the the Automation Community unable for one reason or another. Attendees were encouraged to tweet their comments and experiences. Indeed it was an opportunity for inveterate tweeters, who had become firm friends though they had never met. Thus this correspondent while making his way to the first keynote received the following tweet on his phone, “Am at the back of the hall working on my presentation, where are you?” It was from @jimcahill, Emerson’s éminence grise of the internet and Emerson Process Experts Blogger. I was finally able to meet him and tell him how to pronounce his name properly! A flurry of tweets followed between us and many others in the hall and gradually a steady of tweets eminated from the various sessions and from other outside. These were relayed to all and sundry on a special tweet screen in the Conference Centre. In short to quote @greg_lehmann “Fun and Informative ‘real’ times were had tweeting at #ISAutowk see you next year in Orlando!” The term “Predatary Tweeter” was coined and a suggestion made for the design of a new tee-shirt bearing this epithet!

Look and see!
The intrepid work of Jon DiPietro, who also delivered one of the sessions in Using Social Media to your Advantage on Personal Inbound Marketing, ensured that some of the presentations were livestreamed or recorded on video for those not present or for looking at at a later stage. These may be found on the new ISA Interchange Livestream page.

Conclusion
The most pithy comments on the event may be left to the tweeters “Great job 4 #ISAutoWeek! ”
“Yes indeed! #isautowk. Let’s go back in 2013!” and “Fun and Informative ‘real’ times were had tweeting at #ISAutoWK. ” But perhaps the best accolade I’ve seen so far is this from Walt Boyes: “ISA has finally figured out what they do best, and what they can best leverage the strength and capabilites of the volunteers and ISA members to do. ISA does red hot symposia– with allied training and tabletop showcases for vendors.”

We look forward the Automation Week 3 next September in Orlando, Florida (USA, 24-27 September 2012). It has a lot to live up to and under the gifted programme chairmanship of Dr Peter Martin I am sure the Mobile event will be equalled if not exceeded.

Well done ISA!

Other Blogs/Releases
ISA Automation Week 2011 Features Knowledge and Networking (Inderpreet ShokerARC Advisory 27/10/2011)
ISA honors authors at awards ceremony (Susan Colwell ISA Interchange 30/10/2011)
ISA Automation Week Rebounds from Last Year’s Disaster (Walt Boyes Control 20/10/2010)
ISA Automation Week 2011 Wraps Up, Heads to Orlando for 2012 (ISA RElease 20/10/2010)
Other Releases etc on Automation Week (Various Dates)


Final control elements and other stories

12/05/2010


Advertisers
Douglas Control  & Automation

Loose Insert: Metrology Systems & Services

The April/May 2010 issue of Read-out, Ireland’s journal of instrumentation, control and automation, highlights final control elements.

Steriflo’s Mark 96 pressure regulator, marketed by Manotherm, is used in sanitary applications. Emersons Fieldvue digital valve controllers are used in an Australian chemical plant “saving us thousands of pounds,” according to the instrument technician on the site. Also featured is Festo’s range of ultra-fast jet valves and Tyco’s EBCO valves to provide full flow replenishment to storage tanks in, for example high-rise buildings.

The front page article gave details of the new marketing strategy of Irish company Biotector Analytical, who have appointed Hach as exclusive distributor in the US, Canada, Mexico, Brazil and Europe for their range of on-line liquid analysers. Another company with a presence on the North American continent, Qumas, has won the Deloite Best Managed Company Award. This company is a provider of compliance solutions.

There is a report on the Ireland Section of the International Society of Automation visit to the Blanchardstown Institute of Technology where a large assembly of first and second year students participated in a talk on combined heat and power. These students are hoping to qualify with a BSc in Sustainable Electrical and Control Technology. The purpose of this course is “to equip students with the skills and knowledge to embark upon a rewarding career in sustainable engineering within the construction and manufacturing sectors.”

The National Instruments scheme to support micro and SMEs in embedded development is discussed. This is in the form of training and grants of up to nearly €30,000 in software, support and training. “National Instruments…is committed to supporting innovation!”

John McAuliffe, in the InSide Front article, “Cracking the Safety Code“, discusses the poractical applications of the new European Machinery Directive (SI 407/08). that came into force in January. John is Managing Director of Pilz Ireland.

Among the new products highlightes in this issue is Yokogawa’s DXAdvanced DAQSTATION range, Phoenix Contact’s PSI-Bluetooth ProfiBus set, E+H’s Liquiphant M density meter and Blue-White’s new junction box and connector arrangement on their Flex-Pro A3 peri-pump.

Read-out is published every two months and distributed throughout Ireland. Advertising rates, which have maintained their 2004 levels are on the website in Euro, Pounds Sterling and US Dollars.

The next issue for June/July will concentrate on Flow measurement & Control.

The recently opened facebook “fan-page” lists most stories we receive even those not included in our printed publication. Click if you like us!


Are you paying attention?

06/04/2010

This blog has been on-line for twelve months now and we have been looking at the stats over that period.

"You pays your money...."

We have two blog presences one on the Blogger platform and this one on the WordPress system. We use the blogger presence for recording press releases as we get them with little editing other then some tidying up. This WordPress blog is used however, for material we write ourselves, or those written by guest authors. Reports on technologies, events, applications, company news and what we think are interesting topics to do with the automation field all find their way here.

Because it is a fairly new venture for us we were not sure what to expect. What sort of reaction we would get. Who, or how many would visit.

The Read-out Instrumentation Signpost is the principal and oldest presence of Read-out, Ireland’s journal of instrumentation, control and automation, on the world wide web. It is visited by between 4000 to 6000 unique visitors during each week. (When we started gathering statistics around ten years ago this figure was around 500!).

So what has happened in the last twelve months on this blog site?

The stats show that almost 4500 visitors visited the blog during the period, the bulk of which occured in the final six months. The first two months showed less that 70 visitors per month but then showed a steady rise up to the current average of 400 per month. Whether that is good or bad is difficult to say and it is also difficult to analyse these figures to decide why certain topics are more popular than others. One thing that is interesting is that visits occur to different pages through the period and not just at the time they go on-line.

There are also those people who are “followers” who visit each time there is a new posting (roughly once or twice a fortnight) and that is reflected in the large percentage (ca 20%) recorded as visiting the “home page.”

Perhaps surprisingly the most visited post visited was a piece about a presentation on Industrial Security which featured at the ISAExpo’09 with about 6%. The report on the actual show itself was way down in the ratings in 16th place. The next most frequented page was the report on a press event hosed by Emerson in the Netherlands in December. This report was narrowly pipped at the post by 4 visits by the Security feature. Other Emerson events also feature in the top ten, the User Group Meeting in October at fifth and Andrew Bond’s article on their CHARM launch also in October at seventh. This probably reflects the open attitude to social networking displayed by Emerson and their customers, when compared with some other automation entities.

A very close number three on our top-ten is the report on the splitting of GE Industrial Platforms and Fanuc (August’09). This was followed by a report on what Walt Boyes has identified as the “coming together” of Invensys in July’09, a report on the re-organisation of this giant in the automation world after a traumatic decade.

At number six is an item on Longwatch’s progress towards the “HMI revolution” with their integrated video into HMI systems (November 2009). We had reported the launch of this one our other blog in September’09.

Our personal favourite!

Number eight is our own particular favourite and was a critique on a book that we came across and which was recommended by Jon DiPietro of Bridge-Soft at ISAExpo’09. The book was called Meatball Sundae by a guy called Seth Godin. This easy to read book made an impression and this posting outlined some of his ideas.

Number nine was a surprise to us as it was the one item that last year attracted the most consistent viewings. Why? Because it talked about AN1H1 or “Swine flu”. It talked about an IR measuring system which could measure body temperature at a distance and thus be used in airports and other ports of entry and identify possible sufferers before they contaminated others. We suspect that this is so high because people googling for AN1H3 or Swine Flu would find this in their search.

Number ten is one that is fast moving up the list. This is John Saysell’sTop Ten Tips for the Industrial Trainer” which was posted in January of this year.

Most referrals not surprisingly came from our own website – read-out.net – but not a few came from Longwatch, MCP Europe and Emerson as well as various twitter and other social-networking referral sites.

Obviously many of our visitor clicked on the various links from the site. These do not we feel have great significence since there are too many variables like how many times they are mentioned in various blogs etc. But top of the list is ControlGlobal’s story of the split-up of GE & Fanuc, followed by Jim Pinto’s pages, Industrial Automation Insider and Jim Cahill’s Emerson Proicess Experts.

Top searches during the period were “GE Fanuc Split”, “AN1H3”, “INVENSYS”, and various Emerson personalities it would be too invidious to mention!

We posted 107 articles and we received 17,337 messages of which 75 were legitimate and 17262 were Spam Messages (protected by Akismet, the stop comment spam used by WordPress – phew!).

A graphical representation of twelve months viewing!


Top Ten Tips for the Industrial Trainer

21/01/2010

These notes are offered in the interest of better training outcomes.

By John Saysell , Senior Trainer, MCP

Trainers Please Note!


MCP’s technical training specialises in practical learning programmes for upskilling technicians and operators. British businesses now require a more flexible, multi-skilled workforce. In the past a mechanical fitter would need an electrician to disconnect a motor from a pump. Now with basic electrical skills, the fitter can recommission the motor and get the plant up and running quicker. MCP focuses on high frequency low risk tasks to make the most impact on the bottom line.

Whether you are a team leader, a manager or a trainer, you have an interest in ensuring that training delivered to employees is effective. So often, employees return from the latest training course and it’s back to “business as usual”. In many cases, the training is either irrelevant to the organisation’s real needs or there is too little connection made between the training and the workplace or even workstation!

In these instances, it does not matter whether the training is superbly and professionally presented. The disparity between the training and the workplace just wastes resources (certainly not Lean!), resulting in mounting frustration and a growing cynicism about the benefits of training. You can turn around the wastage and worsening morale by following these Top Ten Tips on getting maximum impact from your training.

1. Make sure that the initial training needs analysis focuses first on what the learners will be required to do differently back in the workplace, and base the training content and exercises on this end objective. Many training programs concentrate solely on telling learners what they need to know, trying vainly to fill their heads with unimportant and irrelevant theory.

2. Integrate the training with workplace practice by getting managers and supervisors to brief learners before the program starts and to debrief each learner at the conclusion of the program. The debriefing session should include a discussion about how the learner plans to use the learning in their day-to-day work and what resources the learner requires to be able to do this.

3. Ensure that the start of each training session lets learners know the behavioural objectives of the programme. i.e. what the learners are expected to be able to do at the end of the training. Many session objectives that trainers write simply state what the session will cover or what the learner is expected to know. Knowing or being able to describe how someone should safely isolate an electrical supply is not the same as being able to safely isolate an electrical supply.

4. Make the training very practical. Remember, the objective is for learners to behave differently in the workplace. With possibly years spent working the old way, the new way will not come easily. Learners will need generous amounts of time to discuss and practice the new skills and will need lots of encouragement. Many actual training programs concentrate solely on cramming the maximum amount of information into the shortest possible class time, creating programs that are “nine miles long and one inch deep”. The training environment is also a great place to embed the attitudes needed in the workplace. However, this requires time for the learners to raise and thrash out their concerns before the new skills are required. Give your learners the time to make the journey from the old way of thinking to the new.

5. With the pressure to have employees spend less time away from their workplace in training, it is just not possible to turn out fully equipped learners at the end of one hour or one day or one week, except for the most basic of skills. In some cases, work quality and efficiency will drop following training as learners stumble in their first applications of the newly learned skills. Ensure that you build back-in-the-workplace coaching into the training program and give employees the workplace support they need to practice the new skills. A cost-effective means of doing this is to resource and train internal employees as trainers/coaches/assessors. You can also encourage peer networking through, for example, setting up user groups and organising “tool box” talks.

6. Bring the training room into the workplace through developing and installing on-the-job aids. These include checklists, reminder cards, process and diagnostic flow charts, training rigs and software templates.

7. If you are serious about imparting new skills and not just planning a “talking shop”, assess your participants during or at the end of the program. Make sure your assessments are realistic and genuinely test for the skills being taught. Nothing concentrates participant’s minds more than them knowing that there are definite expectations around their level of performance following the training.

8. To avoid the back to “business as usual” syndrome, align the organisation’s reward systems with the expected behaviours. Planning to give positive encouragement is much more effective than planning sanctions if they don’t use the new skills back in the work place.

9. Conduct a post-course evaluation some time after the training to determine the extent to which participants are using the skills. This is typically done three to six months after the training has finished. You can have a vocationally qualified assessor observe the participants or survey participants’ managers on the application of each new skill. Let everyone know that you will be performing this evaluation from the start. This helps to engage team leaders and managers and avoids surprises later on.

10. Lastly, celebrate the success of the programme by getting senior managers to present certificates and awards for the initial training and later on for demonstration of skills back in the workplace. For people who actually use the new skills back on the job, give them a gift voucher, crate of beer, bonus or an employee of the month award. Or you could reward them with interesting and challenging projects or make sure they are next in line for a promotion.

Organisations waste a lot of scarce resources in conducting ineffective training programs. Employee morale also suffers when employees see managers not really serious about instilling the new behaviours. By following the ten pointers above, you will have actively engaged managers in the training process and provided those all-important links between the training and the participant’s workplace. You can then sit back and enjoy the results; happy and effective employees.