The snappily-named Global Industrial Cyber Security Professional (GICSP) certification will be developed by a new industry collaborative, in conjunction with the Global Information Assurance Certification (GIAC).
Power utilities, the oil and gas industry, aeronautics and water management systems are just a few that are feeling increasing complexity in keeping the operational environment safe, secure and resilient against current and emerging cyber threats. And the threat is no myth: in 2012, US-CERT processed approximately 190,000 cyber incidents involving Federal agencies, critical infrastructure and the Department of Homeland Security’s industry partners – a staggering 68% increase from 2011.
The objective of the certification is to help organizations which design, deploy, operate and maintain industrial automation and control system infrastructure to ensure best practices, starting with individual skills and knowledge. The GICSP will be available to candidates in late November 2013.
"Protecting industrial control and automation systems from constantly evolving cybersecurity threats is a very challenging task shared by all involved stakeholders,” said Markus Braendle, group head of cybersecurity for ABB in Zurich, Switzerland, in a statement. “The foundation for any successful program is the people involved in developing, designing, operating and maintaining these systems. We are therefore proud to be part of the creation of the first professional certification program for industrial control system cyber security. The effort did not only result in a certification program that will advance workforce development, but it is also an industry commitment to improve the security of our critical infrastructure.”
The community initiative plans to establish an open body of knowledge for process control design and information technology security as well. When it comes to ICT security, system vendors, project engineering contractors, process operators, IT service providers and maintenance/support personnel all require a blended set of IT, engineering and cybersecurity competencies.
GIAC and industry leaders have worked to establish a panel of subject matter experts (SME) to identify the knowledge, skills and abilities necessary to develop the certification objectives for the GICSP. The SME panel met in Houston, Texas, in May 2013, to begin the process. A further outcome of the SME panel is to develop a Job Task Analysis survey, which is sent to a broad array of critical infrastructure participants to ensure the certification aligns to job duties. The GICSP expects adoption on a global basis as a gateway certification in the cyber security domain for industrial control systems.
“Managing cyber-risk is an issue effecting the entire energy industry ecosystem, and in order to effectively implement and sustain security controls on industrial infrastructure, we’re all reliant on a complex ecosystem of people [that require] a skill-pool which is unique and scarce in today’s marketplace,” said Tyler Williams, manager at PCD IT Security Solutions at Shell and chair of the new industry consortium. “Developing and maintaining this workforce can be a challenge for any one organization and that is why we support this collaborative effort to establish a community developed body of knowledge and certification program for industrial cybersecurity. “