Embed Size (px)
Citation preview
ISASecure SSA Certification for DeltaV and DeltaV SIS
Frequently Asked Questions
This FAQ addresses questions around the scope and relevance of the ISASecure® System Security Assurance certification applied to DeltaV™ and DeltaV SIS products version 14.3
May 2018ISASecure SSA Certification for DeltaV and DeltaV SIS
www.emerson.com/deltav 2
1. When will the ISASecure System Security Assurance certificate be available for DeltaV and DeltaV SIS?
DeltaV v14.3 is the first release to be ISASecure System Security Assurance Level 1 certified. The certification includes DeltaV Live and Smart Commissioning features as well, therefore the final audits and tests will only happen when all DeltaV v14.3 features are available. This means the certificates will only be available after all the DeltaV v14.3 features are released to customers in the near future.
2. What is the scope of this certification and what does it really mean?
The ISASecure security certification has three programs available: System Security Assurance (SSA), Embedded Devices Security Assurance (EDSA) and Security Development Lifecycle Assurance (SDLA). The DeltaV and DeltaV SIS products are ISASecure SSA Level 1 certified in version 14.3, which includes ISASecure SDLA Level 1 for the processes used to develop all new code introduced in DeltaV v14.3 development as per the version of the ISASecure standards that match the ISA/IEC 62443-4-1 standard; and Functional Security Assessment (FSA) Level 1 as per the ISA/IEC 62443-3-3 standard (already published); as well as System Robustness Testing (SRT) as per the ISASecure own standards for testing a system.
The overall certification process involves the following:
a. Validation of revised development procedures, and the application of the new security development processes on the new code created in the targeted system release (DeltaV v14.3 in this case) – SDLA.
b. Verification of system security features and functions as per the Level 1 requirements listed in the ISA/IEC 62443-3-3 standard. A reference architecture was designed and considered for the generation of artifacts to prove the protections are implemented per the available documentation – FSA.
c. Test of the components in the reference architecture in different layers: asset discovery, vulnerability identification, network stress and communication robustness. Tests are performed and the success criteria is checked by making sure the documented essential functions are not affected during an attack – SRT.
The ISASecure SSA certification means the DeltaV v14.3 is an attested product that can be used to deploy a control system architecture that can be certified following the security best practices documented in the ISASecure standards.
3. Which certification body is responsible to issue the ISASecure certification for DeltaV v14.3?
exida® is the certification body Emerson is using to obtain the ISASecure SSA certification for DeltaV.
4. What is the correlation between the ISASecure standards and the ISA/IEC 62443 standards?
The ISASecure standards are based on the ISA/IEC 62443-3-3, 62443-4-1 and 62443-4-2 standards. Since the ISA/IEC 62443-4-1 and 62443-4-2 standards are not published yet, the versions of those standards used by the ISA Security Compliance Institute are based on drafts issued in 2016 which will need to be revised once the ISA/IEC 62443 standards are officially published.
May 2018ISASecure SSA Certification for DeltaV and DeltaV SIS
www.emerson.com/deltav 3
5. Is an ISASecure SSA Level 1 certified system fully compliant with the ISA/IEC 62443 series of standards?
No, but the ISASecure SSA certification covers important standards of the ISA/IEC 62443 series. The full ISA/IEC 62443 series of standards include basic principles of security applied to industrial control systems, guidelines for service organizations, instructions for users, patching recommendations as well as the already mentioned standards in this FAQ that relate to vendors, such as:
a. Security development lifecycle
b. Functional security
c. Embedded devices security
It is also important to emphasize that there are four levels of certification, and the ISASecure SSA Level 1 is the first level. The ISASecure SSA is a system certification and it is more comprehensive than the ISASecure SDLA or EDSA certifications alone.
6. Are DeltaV and DeltaV SIS products ISASecure EDSA certified?
No. In the DeltaV v14.3 release, Emerson has not opted to obtain individual product’s ISASecure EDSA certification. However, Emerson still provides products with the Achilles® certification, The ISASecure EDSA certification is based on the ISA/IEC 62443-4-2 standard and it is an adaptation of the functional security requirements described in the ISA/IEC 62443-3-3 standard, but applied to embedded devices.
7. Is Emerson ISASecure SDLA certified?
In the DeltaV v14.3 release, Emerson will also provide ISASecure SDLA certification as part of the all encompassing ISASecure SSA Level 1 certification.
8. What other steps should users follow to design, implement and maintain an ISASecure certified industrial control system?
The DeltaV and DeltaV SIS products certification is just one of the steps to have an ISASecure SSA Level 1 certified system – here called the preparation phase which is Emerson’s responsibility: provide products with components, features and functions that allow a fully deployed system to be certified against the ISASecure SSA standards.
Then you have the implementation phase where the services organization responsible to deploy the system using certified products shall follow the ISASecure standards to implement the system without affecting its overall security protections.
And finally, there is the maintenance phase where the user, or asset owner, needs to understand the ISASecure SSA standards and make sure any changes to the system are validated before implemented so that the security protections are maintained during the lifecycle of the DeltaV system.
9. How does the Achilles certification fit in the ISASecure SSA certification scheme?
There are different Achilles certifications: one dedicated to embedded and network devices (the Achilles Communication Certification) and one designed for services (the Achilles Practices Certification). The Achilles Communication Certification is an accepted test platform to validate system components in the System Robustness Testing phase of the ISASecure SSA certification – Achilles Level 2 or ISASecure EDSA Level 1 test platforms can be used. The Achilles Communications Certification does not require the vendor to enhance development processes mandatorily, therefore the ISASecure EDSA or SSA certifications (based on the ISA/IEC 62443-4-1 and 62443-4-2 standards) are more comprehensive than the Achilles Communications Certification.
May 2018ISASecure SSA Certification for DeltaV and DeltaV SIS
www.emerson.com/deltav 4
10. Can ISASecure SSA certified systems be re-configured / manipulated after they are deployed following the security best practices?
Yes. However, the user needs to validate the changes to make sure the attack surface has not increased, or any security protections have not been defeated. The security policies and procedures of an ISASecure SSA certified system need to be revisited so that exceptions are treated appropriately, and approved by a security team that is conscious about the ISASecure SSA standards.
11. What DeltaV system components are not included in the ISASecure SSA certification, if any?
The DeltaV system reference architecture considered in the ISASecure SSA certification includes most of the available components provided by Emerson for DeltaV systems. The architecture includes all new features added in the DeltaV v14.3 release as well as pre-existing components that can pass Achilles Level 2 certification. With that said, the following components are not included in the reference architecture for the ISASecure SSA certification of DeltaV:
a. DeltaV Virtual I/O Modules (VIM)
b. Any of the Migration Controllers
c. Any of the DeltaV Connect products
d. Standalone DeltaV PK Controllers (before they join the balance of the plant)
e. Standalone DeltaV SIS
f. DeltaV MD+ and SD+ Controllers (already in supported status)
g. Components in retired status
h. CHARM I/O Card version 1 (CIOCv1) – hardware released pre-v14.3 which is not Achilles Level 2 certified
i. WirelessHART™ Gateways (Rosemount 1410 and 1420, or Cisco 1552WU)
12. Are the Smart Logic Solvers SLS1508 included in the DeltaV and DeltaV SIS ISASecure SSA certification?
Yes. All DeltaV SIS components are part of the reference architecture subjected to the ISASecure SSA certification. This includes, but not limited to: Smart Logic Solvers SLS1508, SISNet Repeaters, CHARM Smart Logic Solvers (CSLS), Local Safety Network Bridges (LSNB), SZ Controllers, DeltaV Safety Switches, etc.
13. Does the ISASecure SSA certification apply to individual DeltaV hardware components?
The ISASecure SSA is a comprehensive certification scheme which is comprised of: functional security assurance, security development lifecycle assurance and system robustness testing – it is an industrial control system related security certification. Part of the certification process includes individual products testing, but the objective is an overall system certification rather than an individual components certification.
14. Does the ISASecure SSA certification apply to standalone DeltaV PK Controllers or standalone DeltaV SIS deployments?
No. The standalone implementation of the DeltaV PK Controllers and DeltaV SIS were not included in the attested reference architecture for ISASecure SSA certification. The standalone components still have Achilles Communications Level 2 certification, and they run the same software at the embedded devices level as when they are deployed integrated in a DeltaV system. The security boundaries for the standalone deployments and the protections associated to them are not the same as the ones used on a full-blown DeltaV system architecture.
May 2018ISASecure SSA Certification for DeltaV and DeltaV SIS
EmersonNorth America, Latin America:
+1 800 833 8314 or +1 512 832 3774
Asia Pacific: +65 6777 8211
Europe, Middle East:
+41 41 768 6111
www.emerson.com/deltav
©2018, Emerson. All rights reserved.
The Emerson logo is a trademark and service mark of Emerson Electric Co. The DeltaV logo is a mark of one of the Emerson family of companies. All other marks are the property of their respective owners.
The contents of this publication are presented for informational purposes only, and while diligent efforts were made to ensure their accuracy, they are not to be construed as warranties or guarantees, express or implied, regarding the products or services described herein or their use or applicability. All sales are governed by our terms and conditions, which are available on request. We reserve the right to modify or improve the designs or specifications of our products at any time without notice.
15. Do I need to deploy a system with the same components as the reference architecture used for the DeltaV ISASecure SSA certification to have a certifiable system?
No. The reference architecture is a sample of almost all components DeltaV systems can have so that variations of the architecture can still be considered by users in different applications. The final architecture will still need to be deployed by service teams and maintained by users that understand the ISASecure SSA standards.
16. If I upgrade to DeltaV v14.3, will my DeltaV system automatically be ISASecure SSA certified?
No. The DeltaV and DeltaV SIS products in version 14.3 are “certifiable”, meaning that they meet the pre-requisites to allow a full system to be deployed and certified against the ISASecure SSA certification. Architecture changes and additional components might still be required during or after the system upgrade to v14.3 to comply with the requirements listed in the ISASecure SSA standards.
Where to find more information
� ISASecure website - www.isasecure.org/en-US/
� exida website - www.exida.com/
� Wurldtech Achilles certification website - www.ge.com/digital/products/cyber-security-certification-services
This product and/or service is expected to provide an additional layer of protection to your DeltaV system to help avoid certain types of undesired actions. This product and/or service represents only one portion of an overall DeltaV system security solution. Emerson does not warrant that the product and/or service or the use of the product and/or service protects the DeltaV system from cyber-attacks, intrusion attempts, unauthorized access, or other malicious activity (“Cyber Attacks”). Emerson shall not be liable for damages, non-performance, or delay caused by Cyber Attacks. Users are solely and completely responsible for their control system security, practices and processes, and for the proper configuration and use of the security products.
