While digital technologies, the Internet of Things (IoT), and connected and embedded devices can offer additional capabilities and efficiencies, they also pose new cyber and privacy risks to end-users. Canadian companies spent $7 billion on cybersecurity in 2019. In the same year, about one-fifth of businesses reported being impacted by cyber incidents¹. These numbers highlight the need for a holistic solution to help improve cybersecurity and resiliency of industrial and commercial systems and infrastructure.
To support organizations in adopting a comprehensive approach toward cybersecurity of their systems and products, CSA Group published a new bi-national (Canada and USA) standard CSA/ANSI T200:22, Evaluation of software development and cybersecurity programs. The Standard outlines a maturity model approach to help evaluate the organization’s software development and cybersecurity practices related to IoT, operational technology, and connected and embedded devices and supports effective executive business decisions related to cybersecurity.
CSA/ANSI T200 can be used across all technology sectors and is applicable to all IoT and related products and solutions. It covers the entire product life cycle from conception through full commissioning to the end-of-life stage. The standard includes a supplement focused on electric utilities that provides specific controls for addressing supply chain cybersecurity risks outlined in the North American Electric Reliability Corporation Critical Infrastructure plan (NERC CIP-013-1).
It complements various international cybersecurity standards and regulations and is aligned with NIST Cybersecurity Framework.
¹Statistics Canada, www150.statcan.gc.ca/n1/daily-quotidien/201020/dg201020a-eng.htm