The International Society of Automation (ISA) has developed a knowledge-based industrial cybersecurity certificate program, the ISA99/IEC 62443 Cybersecurity Fundamentals Specialist Certificate , which is designed to help professionals involved in IT and control systems security improve their understanding of ISA99/IEC 62443 principles and acquire a command of industrial cybersecurity terminology.
Developed by a cross-section of international cybersecurity subject-matter experts from industry, government and academia, the series of ISA99/IEC 62443 standards apply to all key industry sectors and critical infrastructure, providing the flexibility to address and mitigate current and future vulnerabilities in industrial automation and control systems.
The ISA99/IEC 62443 Cybersecurity Fundamentals Specialist Certificate will be awarded to those who successfully complete a designated, two-day ISA classroom training course, Using the ANSI/ISA99 (IEC 62443) Standards to Secure Your Industrial Control System (IC32) , and pass a 75-question, multiple-choice exam.
While there are no required prerequisites to register for the certificate program and an application is not required to take the exam, it is helpful if interested professionals possess at least three to five years of experience in the IT cybersecurity field, with at least two of those years in a process control engineering environment in an industrial setting.
The paper/pencil-formatted version of the ISA99/IEC 62443 Cybersecurity Fundamentals Certificate Program exam is available now. The electronic version will be available through the Prometric global network of testing centers during the first quarter of 2014. In order to sit for the exam, applicants must register for both the aforementioned ISA course (IC32 ) and exam, and successfully complete the course.
The exam will cover the following areas:
- Understanding the Current Industrial Security Environment
- How Cyber Attacks Happen
- Creating a Security Program
- Risk Analysis
- Addressing Risk with Security Policy, Organization, and Awareness
- Addressing Risk with Selected Security Counter Measures
- Addressing Risk with Implementation Measures
- Monitoring and Improving the CSMS
- Designing/Validating Secure Systems
However, once obtained, the certificate will only be considered current for three years. After the three-year expiration date, a certificate holder will no longer be able to claim that he or she holds a current/active ISA99/IEC 62443 certificate. In order to extend the current status of an expired certificate, a certificate holder must register for and take the related ISA99/IEC 62443 Certificate Knowledge Review. A score of 70% or higher is required to extend the current status of a certificate.