exida explains Blog

What can OT learn from IT data breaches?

What can OT learn from IT data breaches?

Does your organization even have a CISO position?

Cybersecurity continues to be an overlooked aspect in organizations—including those owning ICS (Industrial Control System) production facilities. Anyone following the news has most assuredly heard of the plethora of…

Read More...

Setting Goals for 2019: Are You Thinking About Functional Safety?

Setting Goals for 2019: Are You Thinking About Functional Safety?

When I went to set my goals for 2019, I set both personal and professional goals. One of my professional goals is to clean off my desk, but another is to get more people to think about functional safety…

Read More...

Who gives exida the authority to publish SILSafeData?

Who gives exida the authority to publish SILSafeData?

SILSafe Data

SILSafeData contains upper and lower bound ranges of dangerous undetected failure rates for many automation devices. It was created by exida using statistical analysis of FMEDA failure rate predictions. The component…

Read More...

Cyberattacks Succeed Where Humans and Systems Are Weak

Cyberattacks Succeed Where Humans and Systems Are Weak

Have you noticed that over the last several years, cybersecurity seems to be “trending?” 

Companies of all sizes are starting to learn how to prevent, or at least minimize, these attacks. They hire third-party experts and attend trainings to…

Read More...

Does Your ICS Service Provider Need Training?

Does Your ICS Service Provider Need Training?

Today’s owner operators and lease operators of industrial production facilities frequently employ service providers for projects and upgrades, as well as operations and maintenance. These contractors often travel to many sites, carry their own copies of source code and…

Read More...

Bridging the OT / IT Cybersecurity Gap

Bridging the OT / IT Cybersecurity Gap

Personnel responsible for protecting organizational assets within Operations Technology (OT) groups would seem to have the same mission as those responsible for protecting organizational assets within Information Technology (IT) groups, and be tightly aligned. Spending any amount of time…

Read More...

Cyber Risk Assessments and Security Level Verification: Security Level Verification (Part 3 of 3)

Cyber Risk Assessments and Security Level Verification: Security Level Verification (Part 3 of 3)

The exposure of industrial facilities to cybersecurity threats has never been higher. An analysis performed by IBM security found that the number of attacks on SCADA systems increased 636% from 2012 to 2014, with 675,816 cybersecurity incidents in January…

Read More...

Who needs sliced bread?  We’ve got ARCHx!

Who needs sliced bread?  We’ve got ARCHx!

I’ve heard this phrase so many times in my life… “<Something> is the best thing since sliced bread.” I personally can’t remember a time when sliced bread was not available, but I certainly remember going to the deli and having…

Read More...

Comparing the IEC 62443 Software Engineering Process to IEC 61508: Where Do They Overlap?

Comparing the IEC 62443 Software Engineering Process to IEC 61508: Where Do They Overlap?

With the appearance of malware and nation state attacks on Industrial Control Systems (ICS), such as the Stuxnet (2010), Industroyer (2016) and TRITON (2017) attacks, the IEC 62433 standards are gaining wider attention.  

While the potential targets to attack…

Read More...

Functional Safety Certification Started with Logic Solvers

Functional Safety Certification Started with Logic Solvers

IEC 61508 functional safety certification began in the 1990s. As I recall, the only organizations doing this work in those days were TÜV Rheinland and TÜV Product Services (now TÜV Sud). These two companies remain competitors. 

Functional safety certification…

Read More...

Cyber Risk Assessments and Security Level Verification: Detailed Risk Assessments (Part 2 of 3)

Cyber Risk Assessments and Security Level Verification: Detailed Risk Assessments (Part 2 of 3)

The exposure of industrial facilities to cybersecurity threats has never been higher. An analysis performed by IBM security found that the number of attacks on SCADA systems increased 636% from 2012 to 2014, with 675,816 cybersecurity incidents in January…

Read More...

Are You Undertaking Periodic Personnel Performance Assessments?

Are You Undertaking Periodic Personnel Performance Assessments?

One of the changes that was made in 2016 to the IEC 61511 standard was the inclusion of periodic personnel assessments (clause 5.2.2.3), whereby a procedure is required to manage the competence of all those involved in the SIS…

Read More...

Preventing Cyberattacks by Following Practical Guidance in IEC 62443

Preventing Cyberattacks by Following Practical Guidance in IEC 62443

Isn’t it frustrating when you experience an event that disrupts operations and then discover it could have been prevented? Very often a detailed analysis will reveal that a combination of (preventable) mistakes and unknown factors caused the incident. Training can help…

Read More...

IACS Cybersecurity IEC 62443: Agile Lifecycle and Documentation

IACS Cybersecurity IEC 62443: Agile Lifecycle and Documentation

Industrial Automation Control Systems (IACS) Cybersecurity based on IEC 62443 was created to be compatible with agile development methodology. The standard deliberately talks about processes and not phases, such as those in the waterfall model. The processes defined can…

Read More...

Using SILSafeData to Check Your Failure Data Source

Using SILSafeData to Check Your Failure Data Source

www.SILSafeData.com is a complimentary resource that contains the upper and lower bounds failure rates for many categories of automation equipment, as well as the methodology used by exida to…

Read More...