exida explains Blog

Entries tagged with: Mike Medoff

A False Sense of Security

About 5 years ago I was sitting around a big table in a conference room at a major LNG terminal.  Outside the window I could see a big city harbor filled with boats, bridges, sky scrapers and approximately 5 million people.  I could also see two huge LNG storage…

Read More...

Are Cybersecurity Servers Making Your ICS Less Cyber Secure?

ICS cybersecurity standards such as ISA 62443 (formerly ISA 99) and NERC CIP require operators to have policies and procedures in place to monitor and maintain their critical ICS cyber assets.  For anything other than very small systems, the obvious choice is to implement systems…

Read More...

Cyber Security, Beyond the Internet: An Automation Engineer’s View

The world of automation has changed significantly over the past 30 years.  I have fond memories of starting my career by calibrating, adjusting, and tuning pneumatic control loops while working my way through the electronic age right up to the present digital and cyber generation of automation.  If you…

Read More...

IEC 62443 : The Road to More Secure Products

IEC 62443 : The Road to More Secure Products

As the incidence of cybersecurity threats in automation systems continue to rise, the automation world continues to grapple with how to address these issues.  There are many good practices published in the IEC 62443 series of standards available to end users such as creating demilitarized zones between the business…

Read More...

IEC 62443: Levels, Levels and More Levels

IEC 62443: Levels, Levels and More Levels

By now we’ve all become familiar with safety integrity levels (SIL), as they have become part of our everyday lives. However, with the recent release of several cybersecurity standards in the IEC 62443 series, things are getting more complicated. This series of standards introduces two more levels…

Read More...

Industrial Control System Cyber Security – Legislation and Standards

There is a lot of concern around cyber security in Industrial Control Systems.  With new threats like Stuxnet and Flame, the perceived risk to critical infrastructure has increased dramatically.  There are increased calls for legislation and new methods for dealing with these threats.  The history of how we have…

Read More...

Keeping “Dancing Monkeys” out of your PLC

Last week a security researcher, Dillon Beresford of NSS Labs, presented at the Blackhat conference on the security vulnerabilities he found in Siemens PLC firmware.  One of many stories on Dillon’s findings can be found here.  Among other things, Dillon found “dancing monkeys” in the code!  Actually,…

Read More...

Outrage! Panic! Indifference?

How should you react to news of PLC security vulnerabilities? 

Project Basecamp was an exercise conducted at the S4 Security Conference that was held last month in Miami, Florida.  At the event, six security researchers reported their findings on the…

Read More...

Pen Testing a Live Control System – Are You Mad?

A recent, disturbing trend I’ve seen in industrial control system (ICS) security is that, in response to concerns about the security of their ICS & SCADA systems, companies are performing penetration (pen) testing on operational systems.  Often times they request these services as one of the first steps in…

Read More...

The Evolution of Coding Standards

The Evolution of Coding Standards

Sometimes it seems that things change slowly in the world of functional safety.  If you look at many of the technical references in IEC 61508 you will find that most come from the 1980s and 1990s.  There is even one reference that dates back to 1950!  With the rate…

Read More...

The Real Impact of Stuxnet

Stuxnet has, rightly, generated a significant amount of discussion and concern with the industrial automation community.  Fortunately, unless you operate a uranium enrichment facility using Siemens S7 PLC’s and some very specific variable frequency drives (VFDs) you probably haven’t been directly impacted by the Stuxnet…

Read More...

“Building Security In”

Cybersecurity continues to be a big problem for the world at large and for control systems specifically.  The amount of time and effort that it can take to simply keep all of the security patches up to date on a large control system can be mind boggling.  No…

Read More...