ISA Automation Summit & Expo

NASA’s Johnson Space Center (JSC) in Houston, Texas, is a hub of human spaceflight activity and plays a pivotal role in many of NASA’s key programs. This presentation will delve into the critical role that digital transformation is playing within challenges and solutions of advanced lunar surface initiatives and Astronaut training at JSC, all central to NASA's vision for the future of space exploration and human presence beyond Earth.

In the face of continually evolving cyber threats, industrial organizations are compelled to adopt automated analysis, orchestration, and response technologies, including the capabilities brought by Machine Learning (ML) and Generative AI. Integrating AI into security operations reduces alert fatigue and enables more efficient analysis and response to incidents. Leveraging AI integrated into a security platform enhances threat detection, incident response, and compliance assurance while lowering the total cost of ownership for SecOps infrastructure.

The energy industry faces several cyber security threats, making it imperative for companies to adopt robust security measures. The ISA/IEC 62443 standard is designed specifically for the energy industry to protect critical infrastructure from cybersecurity risks such as cyber attacks. In this 30-minute technology demonstration, Carlos Buenano will showcase how the ISA/IEC 62443 implementation approach can be applied to secure systems and networks in the energy industry. This demonstration aims to help organizations in the energy industry understand and implement the ISA/IEC 62443 standard to strengthen their cyber security posture and protect their critical assets. 

Amidst the swift advancement of cyber threats, adopting Artificial Intelligence (AI) and Machine Learning (ML) within cybersecurity measures has transitioned from a mere advantage to an absolute necessity. This presentation will provide some of the current challenges and innovative solutions in the realm of industrial cybersecurity. Anchored on critical updates and insights from the latest industry trends and standards, this presentation emphasizes proactive defense mechanisms and effective incident response, with ISA/IEC 62443 as a foundational framework.

Explore how manufacturers can thrive in the era of industry 4.0 by capturing and harnessing the power of data to unlock innovation and deliver new revenue streams. This session will highlight the companies who are doing it best.

The Xphir4 project is a sophisticated cyber-physical simulator developed by TI Safe Lab, designed to replicate the operational and security aspects of a nuclear power plant. Based on a Pressurized Water Reactor (PWR) model, the Xphir4 simulator integrates various hardware components, including Siemens PLCs (S7-1200), Scalance switches (XC208), and Fortigate firewalls (F60), utilizing communication protocols such as S7-COMM and Profinet. The project adheres to the ISA/IEC 62443 standards for securing Industrial Automation and Control Systems (IACS), ensuring that all phases of the plant's lifecycle—from design to operation—are covered under stringent cybersecurity measures. 

Industrial AI is an important part of automation supporting operations production and maintenance, but also in the deployment of new automation systems. 

Industrial AI supports production operations. For instance, by way of a ‘chat’ an operator can ask a ‘copilot’ for the advanced process control software what controller setpoints to set to meet a certain target like feed rate, and it will give the operator a few options to choose from. Or a planner can ask the ‘copilot’ to explain rational of marginal values and constraints given by the planning and scheduling software model. A third example is dynamic optimization across multiple process units to achieve specific results by combining machine learning AI with causal (first principles) AI. This is just a few examples of AI solutions available today. But industrial AI runs on data, so plants need an underlying data fabric to achieve this. More on that later. 

Maintenance is another area where industrial AI supports operation. Examples include to predict equipment maintenance requirements to avoid failure such as of pumps, to pinpoint equipment fouling and losses to avoid overconsumption, to pinpoint emissions to control them, and to quantify corrosion rates to manage integrity. Again causal AI encoding subject matter expertise such as cause & effect is crucial. These are just a few examples of AI solutions available today. But, again, industrial AI runs on data, so plants need an underlying data fabric to achieve this. 

Industrial AI is also used to support configuration of the system itself. For instance, AI used when plants are migrated from a legacy DCS to explain the configuration in the old database and generate the equivalent database for their new DCS. A combination of rule-based AI, machine learning AI, and generative AI is used to achieve 70-80% automatic conversion. The AI has been trained on several legacy DCS. 

Sensors a key enabler for AI. The sensing approach is clear all around us. A modern phone has 5X (five times) as many sensors as the first-generation smart phones. A modern car has 100X the number of sensors of a car from not so long ago. Airplanes also have maybe 1000X more sensors than earlier planes. Connectivity, networking, for intelligent field instruments in turn is a key enabler for the additional sensors required for AI to be effective. There are 3 important areas of development in field connectivity: 

•              WirelessHART sensors where new gateways now have capacity for larger numbers of sensors, and more sensor types are becoming available. 

•              5G sensor; a radar level transmitter talking straight to the cloud. 

•              And Ethernet-APL instrumentation to take the place of 4-20 mA in the future. 

The crowdstrike event has significantly impacted businesses worldwide, highlighting the importance of robust cybersecurity measures and operational resilience. Our presenters will cover lessons learned from the breach and its implications for operational technology (OT). It will cover critical lessons learned, including the need for business continuity plans, testing and deployment within the OT environment and critical systems affected.

In this captivating session, Robert Barnes will discuss the transformative power of Generative AI and its potential to revolutionize organizations across various industries. Robert will discuss how ISA is successfully leveraging their new Large Language Model (LLM) — Mimo — for digital transformation, and will explore the key strategies, challenges, and opportunities that arise when introducing Generative AI to your organization. Discover the tangible benefits of LLMs in optimizing workflows, enhancing customer experiences, and unlocking new business opportunities.

Traditionally, manufacturing systems were integrated through point-to-point connections. This meant that as new systems were added, they would need to be integrated with all other systems. As manufacturers become data driven organizations, it became clear that traditional architectures would no longer suffice. This panel will discuss how manufacturing and business systems should be integrated through a common technology stack. The result is faster integration and short time to value.

The exigent threats posed by our adversaries across all domains – including cyber – could not be more concerning than they are today.  The United States is now in a race to find, identify, and expel malicious cyber actors we know reside in our critical infrastructure.   The Savannah River National Laboratory (SRNL) is aggressively pursuing these tough challenges in the national security and energy security spaces for the Department of Defense (DoD), Department of Energy (DOE), industry partners, and others.  Focused on unique values of our geographic location, meteorological and topographic environment, and tenancy on the Savannah River Site (SRS), SRNL is focused on repurposing Federal legacy infrastructure and leveraging strong regional government, academic, and industry partnerships to accelerate solutions.

Plant optimization through loop tuning is nothing new, but how can it be done efficiently and safely? Once optimization is achieved, how do you ensure that performance gains are sustained as process conditions change and equipment wears down? This presentation will guide you through initiating a plant-wide optimization project, highlighting the methodologies and digital tools used. It will also demonstrate, with data and real-world examples, how control loop performance monitoring tools can keep the plant operating at peak performance, while quickly identifying and resolving any new issues that arise. 

As the use of artificial intelligence (AI) in industry increases, technology and cybersecurity professionals must focus on engineering intrinsically safe and inherently secure AI systems—especially when used in operational technology (OT) environments, where a system failure or cybersecurity incident could result in serious injury and loss of life, environmental harm, or the interruption of critical infrastructure services. From this context, three core principles of AI safety engineering adapted to IEC 61508 and ISA/IEC 62443 standards will be presented to address the unique needs of OT processes—prioritizing both safety and reliability in operations—with use cases highlighting the ethical cybersecurity and risk management challenges of implementing AI within electric utilities’ OT networks.

Manufacturing has traditionally relied on business models that drive economies of scale, based on costly carbon-heavy supply chains, that as the COVID pandemic showed, often lack resilience. Every day manufacturers across the globe, execute demand decisions, based on lagging indicators, over long planning horizons, making products far from where they are to be consumed. In this dynamic session, learn how manufacturing will move towards making today what was sold yesterday, leveraging a dynamic ecosystem of flexible manufacturing nodes coupled with complete supply chain visibility. You will hear about the upcoming revolution and how it will foster automated collaboration between buyers of product, those who create it and those owning the IP on how to manufacture, and how it opens up new business models for manufacturing and exciting times ahead for the automation community to invent the infrastructure of the future.

This presentation will explore the key similarities, differences and lessons learned in applying the ISA/IEC 62443 standard within greenfield and brownfield industrial environments. In greenfield (new) projects, where systems can be designed from the ground up, there is a unique opportunity to integrate cybersecurity measures into the architecture from the earliest stages. Chris will discuss strategies for leveraging this opportunity, including best practices for designing a secure infrastructure, selecting compatible technologies, and ensuring seamless integration of security controls. Conversely, brownfield (existing) projects present distinct challenges, particularly when dealing with legacy systems that were not originally designed with cybersecurity in mind. The presentation will address these challenges, offering practical approaches to retrofitting existing systems with modern security measures, managing vulnerabilities inherent in outdated technologies, and balancing operational continuity with the need for enhanced security.

In this session, we will explore the critical importance of robust data governance and its impact on your organization’s data backend. As data becomes the lifeblood of businesses, understanding how to harness and manage it effectively can make or break your company's success in today's digital age.

Jamie will present a success story on delivering a secure solution allowing data to traverse OT to IT to gain central visibility across our entire portfolio of farms generating renewable energy.  It is a very challenging project designed from the ground up, emphasizing cyber security for safety and compliance.

Many businesses strive for improved OT process efficiency and reliability for their customers, which often results in increased connectivity to enterprise technologies and the Internet. This convergence has the potential to increase system vulnerabilities but can be addressed by adopting sound risk management principles, which are the same regardless of the underlying system type. 

A significant risk mitigation strategy is ensuring that the OT workforce has appropriate key cyber security skills and knowledge to perform roles and tasks effectively and competently. Many OT environments, including those within the downstream gas sector, form part of the UK’s CNI, so disruption to services that they control is potentially of concern. Thus, a report was commissioned to study concurrent training needs analysis (TNA), and exercise needs analysis (ENA) within the UK’s downstream energy sector.

This presentation will discuss the TNA and the outcomes including the recommendations.

The ACME Chemical Company tests 20,000 instruments annually. These instruments have been added to the testing program over the last 20 years and were deemed to be safety critical, production critical, environmentally critical, air permit critical, etc. Management has asked the maintenance/reliability team to reduce the cost of testing but still maintain the overall reliability and safety of the facility. So, how does one achieve what appears to be conflicting goals to extend testing from 12 months to 24 months or even longer while simultaneously maintaining instrumentation performance?

For leaders in the automation industry, the challenge of building robust teams and nurturing client relationships often poses a stumbling block. In today ' s technical world, possessing technical skills alone is no longer enough. To truly thrive, we must also cultivate our human skills—those qualities that connect us to our humanity, define our personalities, and enable us to communicate and interact effectively with others. By developing emotional intelligence, you will transition from being task-focused managers to empathetic and inspiring leaders. This transformation will not only improve team performance and project outcomes but also create a positive and thriving work environment, leading your organization toward greater success and growth.

Since announcing the Automation and Control Systems Security Assurance (ACSSA) initiative, the ISA Security Compliance Institute (ISCI) has engaged with certification bodies, industry experts, and asset owners to build a robust site assessment process that meets the growing cybersecurity demands of OT environments. 

Join us for this exclusive panel of SMEs working on the standard to hear firsthand what the industry can expect, including release dates, preparation documents, and upcoming training opportunities.

1. As technology advances, the demand for skilled professionals in automation continues to grow. In this discussion, we’ll explore how to inspire and equip the next generation with the tools and knowledge they need to excel in automation and drive successful digital transformation strategies for companies worldwide.
2. Our expert panelists will discuss:
3. - The importance of early exposure to automation concepts and technologies.
4. - Strategies for promoting automation education in schools and universities.
   1. - Building strong partnerships between industry leaders and educational       institutions.
   2.  - Reinforcing the pipeline from school to work via early career programs designed to attract, train, and retain automation talent.
5. - Real-world examples of successful initiatives that are preparing young talent for the future of work.

Our entire way of life is dependent on reliable  water and wastewater services. In the past few years a number of high-profile incidents in this sector has raised concerns about cybersecurity posture and incident readiness. Many nations have taken action to manage this risk, but how well prepared are our water and waste water systems today? This presentation will highlight some of the unique challenges in the sector and provide some recommendations to address this unshakable risk to our society. 

Technological developments in recent times have greatly increased our ability to address carbon emissions in a variety of processes and operations. Our capacity to address direct and indirect emissions sources more successfully than in the past has increased as a result of these developments. Massive datasets have been collected easier thanks to the spread of automation and instrumentation solutions, creating data lakes that may be used to proactively identify emission sources and the connections between them and primary carbon emission sources.

In this context, digitalization is essential because it makes it possible to identify the sources of emissions both within and between them, analyze the composition of emissions, and optimize processes—all of which lead to a more sustainable future.

In order to understand the fundamental building blocks of emission control, this presentation explains the transformative power of digital technologies and digitalization capabilities, such as the Industrial Internet of Things (IIoT), Artificial Intelligence and Machine Learning (AI/ML), Unmanned Aerial Vehicles (UAVs), and Digital Twin technologies among others in serving the nezero objective.

This study also suggests an integrated system and data model that may predict emissions related to energy consumption. The presentation also includes control strategies intended to lessen these negative effects on the environment. This research seeks to establish a comprehensive framework for tackling the urgent problem of carbon emissions in the contemporary industrial landscape by integrating these technological breakthroughs and techniques.

Cybersecurity is now a part of daily life for organizations who own, operate, or maintain industrial sites. As more asset owners focus on securing their industrial networks, many questions arise as to how to implement cybersecurity standards and technologies effectively in the plant environment. This discussion will cover pressing cybersecurity challenges, effective strategies for addressing these challenges, and the biggest lessons learned from our panel of cybersecurity experts.

Edge devices have a unique set of requirements. Whether they are on the constant move or even going in and out of communication coverage, edge devices need to be designed to be away from connectivity and the ability to acquire information from the back office. This panel will discuss the unique challenges presented by edge devices and different methods that can be used to enable and manage them.

Amazon has what many consider a peculiar culture and approach to inventing, and how this approach to innovation has remained consistent since the company first launched – start with the customer, and work backwards.

In this session, you’ll be introduced to Amazon culture where we obsess over customers, and how Amazon innovates through four distinct yet interdependent elements: Culture, Mechanisms, Architecture, and Organization. You’ll have the chance to dive deeper on each topic, and learn more about practical applications including Leadership Principles, our process for inventing known as "Working Backwards", and structuring working groups into "Two-Pizza Teams". You'll hear how mechanisms empower Amazon to Think Big yet move quickly to deliver products and services to invent on customers' behalf, and how to apply these within any organization to empower customer obsessed delivery.

Many organizations are struggling to find skilled cybersecurity workers to meet their business needs.  Part of this struggle for an organization, after years of research by Dr. Stailey in applied workforce, is the discovery that organizations don't know what they don't know about their current cyber workforce.  As such this makes it extremely difficult when hiring cyber personnel to really know what skills are needed.  Most often organizations are not considering operational technology to be part of cyber processes or initiatives.  This presentation will introduce the concept of a workforce inventory with an introduction to some tools and resources that will help an organization from the C-Suite, to HR, to line leaders and front line managers understand cyber competencies that exist across the organization.  The information shared in this presentation is being utilized as a backdrop for work in ISA/IEC WG's 10 and 15 to help uncover the professional roles that should be considered when implementing an IACS which will in the future be, potentially, additions to ISA/IEC 62443 standards.  Once an organization identifies the business need for these professional roles 62443 standards can help the realization of the premise for what a cyber ready team should consist of.  Then based on their unique business size, type, industry focus and business requirements an organization can appropriately and continually align and hire future cyber personnel.    

ISA-95 is likely the most well-known standards in manufacturing. It is also one of the least understood. It is often characterized as obsolete or out-of-date and not suitable for a modern manufacturing architecture technology stack. This session will provide a basic overview of the standard, covering Parts 2, 3 and 4. It will also demonstrate how to apply the standard to a basic manufacturing use case.

The Unified Namespace (UNS) is a popular approach for systems integration. It has been claimed that it is inherently secure due to its pub/sub technology. This claim has resulted in concerns over how secure the approach is. This session will have two parts. The first will provide an overview of the UNS and how to design one. The second is how to apply ISA/IEC 62443 to a UNS and present security considerations. 

ROI of Industry 4.0 has many facets. This session will look at how to identify immense potential of Industry 4.0 projects and realize the economic and sustainable ‘value’. The session will also delve upon soft returns for customers, employees and finally the society.

This presentation explores the journey of a lifelong learner with 44 years of experience in control systems engineering, whose educational path reflects a dynamic and adaptive approach to acquiring knowledge. With five degrees earned over decades, the presenter strategically timed each degree to align with emerging trends and technologies in automation. This circuitous route not only underscores the importance of flexible education but also highlights the integration of foundational theories with practical applications in real-world settings. Attendees will gain insights into the challenges and triumphs of pursuing diverse educational opportunities, as well as the value of continuous learning in staying at the forefront of a rapidly evolving field. By examining key milestones and technological advancements encountered along the way, this presentation aims to inspire engineers and educators to embrace lifelong learning as a pathway to innovation and success. 

ISA’s international standards play a vital role in promoting safety, cybersecurity and efficiency across global industry. This workshop will provide an overview of ISA’s international standards program and its relationship to and collaboration with the International Electrotechnical Commission (IEC). A panel of experts representing standards stakeholders will then answer questions from the audience.

This panel is an extension of the ISA Standards Overview and will have time for audience Q&A.

 By invitation only.

Western North America | Rutledge Room

Separate registration fee applies. To register, select this course on the event registration form.

• Onsite/in-person delivery
• Course Dates: 30 September - 1 October 2024 | 08:00-16:00
• CEU Credits: 1.4
• A certificate of completion indicating the total number of CEUs earned will be provided upon successful completion of the entire two-day course

Learning Objectives 

• Identify and document the scope of the IACS under assessment
• Specify, gather, or generate the cybersecurity information required to perform the assessment 
• Identify or discover cybersecurity vulnerabilities inherent in the IACS products or system design 
• Interpret the results of a Process Hazard Analysis (PHA) 
• Organize and facilitate a cybersecurity risk assessment for an IACS 
• Identify and evaluate realistic threat scenarios 
• Identify and assess the effectiveness of existing countermeasures 
• Identify gaps in existing policies, procedures, and standards 
• Evaluate the cost, complexity, and effectiveness of new countermeasures to make meaningful recommendations 
• Establish and document security zones and conduits 
• Develop a Cybersecurity Requirements Specification (CRS) 

Topics Covered 

Preparing for an Assessment 

• Security lifecycle 
• Scope 
• System architecture diagrams 
• Network diagrams 
• Asset inventory 
• Cyber criticality assessment 

Cybersecurity Vulnerability Assessment 

• Risk 
• Types of cybersecurity vulnerability assessments 
• High-level assessments 
• Passive and active assessments 
• Penetration testing 
• Conducting high-level assessments 
• Assessment tools 
• Cyber Security Evaluation Tool (CSET) 

Separate registration fee applies. To register, select this course on the event registration form.

• Onsite/in-person delivery
• Course Dates: 30 September - 1 October 2024 | 08:00-16:00
• CEU Credits: 1.4
• A certificate of completion indicating the total number of CEUs earned will be provided upon successful completion of the entire two-day course

Description:

The move to using Ethernet, TCP/IP, and web technologies in supervisory control and data acquisition (SCADA) and process control networks has exposed these systems to the same cyberattacks that have wreaked havoc on corporate information systems. This course provides a detailed look at how the ISA/IEC 62443 standards framework can be used to protect critical control systems. It also explores the procedural and technical differences between the security for traditional IT environments and those solutions appropriate for SCADA or plant floor environments.

You will be able to:

• Discuss the principles behind creating an effective long term program security
• Interpret the ISA/IEC 62443 industrial security framework and apply them to your operation
• Define the basics of risk and vulnerability analysis methodologies
• Describe the principles of security policy development
• Explain the concepts of defense in depth and zone/conduit models of security
• Analyze the current trends in industrial security incidents and methods hackers use to attack a system
• Define the principles behind the key risk mitigation techniques, including anti-virus and patch management, firewalls, and virtual private networks

You will cover:

• Understanding the Current Industrial Security Environment: What is Electronic Security for Industrial Automation and Control Systems? | How IT and the Plant Floor are Different and How They are the Same
• How Cyberattacks Happen: Understanding the Threat Sources | The Steps to Successful Cyberattacks
• Creating A Security Program:  Critical Factors for Success/Understanding the ANSI/ISA-62443-2-1 (ANSI/ISA-99.02.01-2009)- Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program
• Risk Analysis:  Business Rationale | Risk Identification, Classification, and Assessment 
• Addressing Risk with Security Policy, Organization, and Awareness: Cyber Security Management System Scope | Organizational Security | Staff Training and Security Awareness
• Addressing Risk with Selected Security Counter Measures: Personnel Security | Physical and Environmental Security | Network Segmentation | Access Control
• Addressing Risk with Implementation Measures: Risk Management and Implementation | System Development and Maintenance | Information and Document Management
• Monitoring and Improving the CSMS: Compliance and Review | Improve and Maintain the CSMS
• Validating or Verifying the Security of Systems: What is being done? | Developing Secure Products and Systems

Classroom/Laboratory Demo:

• PCAP Live Capture Analysis

Includes ISA Standards:

• ANSI/ISA-62443-1-1 (ANSI/ISA-99.00.01-2007), Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts & Models
• ANSI/ISA-62443-2-1 (ANSI/ISA-99.02.01-2009), Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program
• ANSI/ISA-62443-3-3, Security for industrial automation and control systems: System security requirements and security levels

By invitation only.

Meeting Days: 

• Day 1 | 30 September - 08:00 - 17:00
• Day 2 | 1 October - 08:00 - 11:00

Districts:

Eastern North America | Pinckney Room

Midwest North America | Gold Ballroom

Southern North America | Carolina Ballroom B

Closed Session | 9am-10am

Board Meeting | 10am-12pm

This custom-designed workshop crafts plans for mission-focused, vibrant and successful sections and divisions. Current and aspiring volunteers will leave this workshop with a plan, with energy, with knowledge and with an expanded network of other volunteers who believe in and want to shape ISA’s future.

Separate registration is required. Click here to register.

Join us for a warm welcome reception at the Automation Summit & Expo! Meet and network with fellow attendees and industry leaders while enjoying light refreshments and hors d'oeuvres. This is the perfect opportunity to connect with colleagues and make new connections in a relaxed, social setting. The reception will be held at the Francis Marion Hotel, offering stunning views of Charleston's historic district. Don't miss this chance to kick off your conference experience in style!