exida explains Blog

Entries tagged with: Cybersecurity

(Almost) FREE Security Training

The Department of Homeland Security (DHS) is tasked with many things. One area of focus is Industrial Control Systems (ICS). The Industrial Control Systems Joint Working Group (ICSJWG) was formed to facilitate this focus. This group holds semi-annual conferences (Spring and Fall) in various US cities. These meetings…

Read More...

  • by Dr. William Goble, CFSE
  • Thursday, January 12, 2012
  • News

2011…A Year in Review

2012 - Good Progress for Cybersecurity and Functional Safety

I think it is wise for individuals to periodically review things. I like to do my professional review at the end of the year. 2012 was a good year.

Product Certification

Over 60 new products received functional safety or cybersecurity certification this year. Those products and more…

Read More...

A False Sense of Security

About 5 years ago I was sitting around a big table in a conference room at a major LNG terminal.  Outside the window I could see a big city harbor filled with boats, bridges, sky scrapers and approximately 5 million people.  I could also see two huge LNG storage…

Read More...

A Year in Review: Functional Safety and Cybersecurity in 2015
  • by Dr. William Goble, CFSE
  • Tuesday, January 26, 2016
  • Certification

A Year in Review: Functional Safety and Cybersecurity in 2015

Good things happened in the fields of functional safety and control system cybersecurity in 2015.  I am not going to include the exciting new Star Wars movie as an event in the list as it does not really fit into the topic. But keeping focused, my highlights is 2015…

Read More...

Are Cybersecurity Servers Making Your ICS Less Cyber Secure?

ICS cybersecurity standards such as ISA 62443 (formerly ISA 99) and NERC CIP require operators to have policies and procedures in place to monitor and maintain their critical ICS cyber assets.  For anything other than very small systems, the obvious choice is to implement systems…

Read More...

Contractor Cybersecurity Training - Why Do You Need It?

Contractor Cybersecurity Training - Why Do You Need It?

Today, we are going to talk a little bit about Contractor Cyber Training.  What's in a good contractor cyber training course?  Why do you need one?  Why aren't policies, practices, and contract language enough?

Today's operators of industrial production facilities frequently utilize contract…

Read More...

Cyber Security, Beyond the Internet: An Automation Engineer’s View

The world of automation has changed significantly over the past 30 years.  I have fond memories of starting my career by calibrating, adjusting, and tuning pneumatic control loops while working my way through the electronic age right up to the present digital and cyber generation of automation.  If you…

Read More...

exida Cyber Blog Series 03 - Process Safety and Cybersecurity, Related or Still Distant Cousins?

exida Cyber Blog Series 03 - Process Safety and Cybersecurity, Related or Still Distant Cousins?

To be clear, the above title is meant to capture your attention. We all understand and know that it is unusual for a Process Safety engineer and the IT architect to possess detailed knowledge of both safety and security. In today’s world, the operators, engineers, design and support personnel of…

Read More...

exida Cyber Blog Series 04 - Cybersecurity Metrics, Diagnostics, and Alarms: What’s What?

exida Cyber Blog Series 04 - Cybersecurity Metrics, Diagnostics, and Alarms: What’s What?

Co-written by Todd Stauffer, Director of Alarm Management Services at exida

A wise man once said, “You can’t manage what you don’t measure.” Let's apply this to the world of cybersecurity to discuss the importance of cybersecurity metrics and how they are different from a cyber diagnostic and a…

Read More...

Functional Safety, Cybersecurity, and Alarm Management in 2013
  • by Dr. William Goble, CFSE
  • Friday, January 10, 2014
  • Certification

Functional Safety, Cybersecurity, and Alarm Management in 2013

2013 was a good year for functional safety progress.  exida Certification issued a record number of new product functional safety certifications in mostly every product category - valves, actuators, solenoid valves, PLCs, fire and gas sensors, process sensors, and components.  The component category is one of the most…

Read More...

How Cybersecurity is like a Goldfish

How Cybersecurity is like a Goldfish

Oh look! Squirrel!

I am not much of a blogger. I should be but I’m not. This is strange, because I always have plenty to say.

This subject just gets me going so I am writing about it. I welcome feedback and opinions.

I have been in cybersecurity in…

Read More...

Industrial automation is in the cross hairs of the hacker

As the details of STUXNET’s design unfolded last fall, like many, I was truly impressed by the pin-point precision that the malware authors used to ensure that their target, and only their target, was impacted by the virus.  In this regard, STUXNET may be one of the…

Read More...

Industrial Control System Cyber Security – Legislation and Standards

There is a lot of concern around cyber security in Industrial Control Systems.  With new threats like Stuxnet and Flame, the perceived risk to critical infrastructure has increased dramatically.  There are increased calls for legislation and new methods for dealing with these threats.  The history of how we have…

Read More...

Introduction to ICS Security - Pt. 1 - What is ICS Security and Why it Is Important

Introduction to ICS Security - Pt. 1 - What is ICS Security and Why it Is Important

Over the next couple of blogs, I plan to map out the importance of  ISA/IEC-62443/ISA-99 based cybersecurity and how it applies to your work environment.  I'll also explain some of our services so that you can see what might pertain to you.

For part 1, I will start from the beginnning…

Read More...

Introduction to ICS Security - Pt. 4 - Control System Assessments

Introduction to ICS Security - Pt. 4 - Control System Assessments

Over the last couple of blogs, I mapped out the importance of ISA/IEC-62443/ISA-99 based cybersecurity and how it applies to your work environment. 

For part 1, I started from the beginning and outlined what exactly ICS cybersecurity is and why it is important. 

For part 2, I explained the difference between…

Read More...

Keeping “Dancing Monkeys” out of your PLC

Last week a security researcher, Dillon Beresford of NSS Labs, presented at the Blackhat conference on the security vulnerabilities he found in Siemens PLC firmware.  One of many stories on Dillon’s findings can be found here.  Among other things, Dillon found “dancing monkeys” in the code!  Actually,…

Read More...

Network Segmentation and the Fragile PLC

Network Segmentation and the Fragile PLC

One of the best parts of my job is I get to walk around and look over what has been implemented in the way of physical and cyber security. Most of the time I am very impressed by what has been done as more and more companies are realizing…

Read More...

Outrage! Panic! Indifference?

How should you react to news of PLC security vulnerabilities? 

Project Basecamp was an exercise conducted at the S4 Security Conference that was held last month in Miami, Florida.  At the event, six security researchers reported their findings on the…

Read More...

Pen Testing a Live Control System – Are You Mad?

A recent, disturbing trend I’ve seen in industrial control system (ICS) security is that, in response to concerns about the security of their ICS & SCADA systems, companies are performing penetration (pen) testing on operational systems.  Often times they request these services as one of the first steps in…

Read More...