SANS ICS 410 course and corresponding GICSP certification have significantly expanded the ICS security training market and taken a sizable market share. Some of the growth is related to increased awareness and interest in the field, and a large part of the growth is due to SANS recognition in the IT Security space.

ISA has long been a leader in developing standards and guidelines for ICS security (or what they would call IACS security), but they have not had a significant presence in the ICS security training market. Even niche trainers and training teams like Joel Langill and Jonathan Pollet’s Red Tiger eclipsed what should have been a ICS security training juggernaut in the industrial / OT area.

Perhaps inspired by SANS success, ISA now is offering five ICS security certifications along with parallel training courses.

  • Certificate 1: ISA/IEC 62443 Cybersecurity Fundamentals Specialist
  • Certificate 2: ISA/IEC 62443 Cybersecurity Risk Assessment Specialist
  • Certificate 3: ISA/IEC 62443 Cybersecurity Design Specialist
  • Certificate 4: ISA/IEC 62443 Cybersecurity Maintenance Specialist
  • ISA/IEC 62443 Cybersecurity Expert: Individuals who achieve Certificates 1, 2, 3, and 4 are designed as ISA/IEC 62443 Cybersecurity Experts.

You can have some fun with the word mismatch of “Fundamentals Specialist”, but more interesting is the decision to break this up into four certifications and to require certificate applicants take the course. The Certificate 1 course is two-days and the other are three-days. So the desire to be a certified Cybersecurity Expert requires two-weeks of training and four tests/test fees.

Most of the ICS Cybersecurity Experts that I know wouldn’t bother with that level of investment to confirm a skill set. However if large owner/operators require this certification it would change the incentive to go through this process.

SANS and their sister organization that works the certification programs, GIAC, have a set of processes that purport to separate training from certification. More importantly you can get the certifications without taking the SANS training.

The key for this ISA training and certification will be the marketing and implementation at scale. ISA’s background doesn’t point to skill or success in these areas, as opposed to SANS that makes a business of this. Still the ISA99/IEC 62443 is well respected so the right team could change that for ICS Security Training and Certification without needing to solve the problem for all of ISA.

In the final analysis it’s a win for the ICS community to have more ICS cyber security training options. Both SANS, ISA and the independents all have strong trainers, and there are 100’s of thousands of people that need training.