• Overview
• Mu Community
• Professional Services
  • Mu Health Check
  • Mu Kickstart
  • ISASecure Testing
• Training
• Customer Care Portal
• Partner Portal

ISASecure Testing

• ISASecure Testing: The Evolution of MUSIC
• How is MUSIC Changing Now that ISA Security Compliance Institute (ISCI) Testing is Ramping Up?
• Two MUSIC Certification Levels
• Benefits of MUSIC Certification and of ISASecure Testing
• ISASecure and the Future of Industrial Control Systems Testing
• MUSIC News
• MUSIC-Certified Products
• Learn More

ISASecure Testing: The Evolution of MUSIC

Industrial control systems, including Smart Grid deployments, are quickly adopting Ethernet- and IP-based COTS technology. These same control systems are being connected to corporate networks (or the Internet…through firewalls or other security enforcement devices). The combination of COTS adoption and wider control system connectivity increases the likely compromise of these industrial control systems far higher than when they were isolated, homogeneous networks.

Critical infrastructure leveraging IP-based network architectures are often unknowingly exposed to more safety issues and ultimately, failures, in ways that were never possible before. Numerous process control and critical infrastructure products are deployed in the harsh real world, where they must incorporate protocol implementations that do more than simply comply with the letter of the standards.

As a response to market demand, Mu created the MUSIC certification to proactively ensure the absence of safety and reliability issues. Additional MUSIC certification information is available through an online request or by sending email to music -at- mudynamics -dot- com. The MUSIC program leverages the award-winning market-tested Mu Test Suite with its integrated Functional, Interoperability, Resilience and Security testing capabilities that build on its automated fault isolation engine and remediation and documentation tools.

MUSIC certification greatly reduces the risk of unknown or hidden implementation flaws compromising plant and product safety in industrial control systems, resulting in quantifiably fewer safety and security issues and control system outages. With the emergence of ISCI's ISASecure program, MUSIC is being phased out in favor of testing based on industry consensus and best practices. In order to understand what ISASecure is becoming, it's illustrative to examine what MUSIC was, since it was part of the input to the ISCI's ISASecure testing requirements.

How is MUSIC Changing Now that ISA Security Compliance Institute (ISCI) Testing is Ramping Up?

Mu has been actively participating in the ISCI efforts because Mu firmly believes that a vendor-neutral industry-driven Embedded Controller Security Assurance (ECSA) standard has a longer life span and higher credibility than any proprietary test regime. In the transition period, MUSIC will continue to be available and has been grandfathered in to the ISCI process. Starting as soon as ISCI testing begins, MUSIC certification will include ISCI test cases so that customers will get the best of both worlds. Eventually, ISCI's test regimen will be developed sufficiently such that the MUSIC certification will be phased out.

Two MUSIC Certification Levels

Current certification options available from Mu include Foundation- and Advanced-level certifications based upon the required protocol coverage of the product under review. Both certification levels are validated by Mu Dynamics or authorized MUSIC Consulting Partners.

• MUSIC Foundation-level certification details network infrastructure protocol analysis:
  • ARP, DHCP, ICMP, IEEE 802.1p/Q, IPv4, TCP, TFTP, UDP
• MUSIC Advanced-level certification, which requires initial Foundation-level certification as a prerequisite, focuses on application protocol analysis for:
  • DNP3, FTP, HTTP, LLDP, MMS, MODBUS/TCP, SNMP

Benefits of MUSIC Certification and of ISASecure Testing

The MUSIC program was always envisioned as a placeholder until a testing regime based on industry consensus appeared. From its inception, MUSIC was portrayed as an interim program with an embedded migration path to open industrial control systems security specifications currently under development by Government and Industry groups including ISA Security Compliance Institute (ISCI) and ISA99 WG4. Mu is actively working with these and other standards bodies to formalize the concepts of security testing both comprehensively and within key application areas (such as industrial control systems).

ISCI and ISA99 WG4 are planning to address the security concerns of industrial control systems. Through MUSIC certification, industrial control systems, critical infrastructure and Smart Grid-focused product vendors and their diverse users are now proactively verifying a diverse range of network products and application protocols to meet industry-defined best practices for security, robustness and resiliency.

ISASecure: The Future of Industrial Control Systems Testing

ISASecure testing will, beginning in 2010, pick up where MUSIC left off. Mu's continued support for test labs will enable third-party content to drive the ISASecure certification process via Studio Fx, Studio Zx, Protocol Fuzzing and DoS modules, complemented by Mu's Digital I/O Monitor.

MUSIC News

• ABB’s AC 800M Controller Achieves Mu's Secure Industrial Control Certification
• New Security Certification Launched for Industrial Controls
• Honeywell Announces MUSIC Certification
• Control Journal: What's Important about MUSIC?
• Hack Report: Mu offers MUSIC certification program

MUSIC Certified Products

• ABB AC 800M Controller - MUSIC Foundation Certification
• Honeywell Experion PKS C300 Process Controller - MUSIC Foundation Certification
• MTL and Byres Security Tofino Firewall - MUSIC Foundation Certification

Learn More

Click here to download the MUSIC Solution Brief

Additional ISASecure testing information is available through an online request or by sending email to music -at- mudynamics -dot- com.

Back to top ^