exida

exida explains Blog

The Non-Hackable System – Wait a Minute, What?

The Non-Hackable System – Wait a Minute, What?

I had the privilege to attend the CDS-forum in Trondheim, Norway on October 15, 2019. The CDS-forum is a Norwegian Industry Forum for Cybersecurity of Industrial Automation and Control Systems. The forum is a co-operation between oil companies, engineering oil companies, consultants, vendors and researchers, with a…

Read More...

How Much Testing Is Enough?

How Much Testing Is Enough?

Have you ever wondered if you tested your product enough? Either in enough ways or for a long enough time?  This assumes that you’d prefer to discover all the problems before your customers do. If you follow a 61508 compliant development process, you should be able to…

Read More...

Back to Basics 15 - Architectural Constraints

Back to Basics 15 - Architectural Constraints

Architectural constraints are limitations that are imposed on the hardware selected to implement a safety-instrumented function, regardless of the performance calculated for a subsystem. Architectural constraints are specified (in) according to the required of the subsystem, type of components used, and of the subsystem’s components. (Type A components are simple devices…

Read More...

My Final Element Field Failure Data says 150 FITS and OREDA is 2000 FITS

My Final Element Field Failure Data says 150 FITS and OREDA is 2000 FITS

I got an email saying that the exida's www.SILSafeData.com minimum failure rates were way too high.  The email went on to say that his REAL field failure data showed a result of 150 FITS for a remote actuated valve assembly.  The lowest SILSafeData limits for clean service, Class IV leakage,…

Read More...

Personnel Certification Concerns? We are Here to Help.
  • by Ted Stewart, CFSP, exidaCSP
  • Tuesday, September 17, 2019
  • Certification

Personnel Certification Concerns? We are Here to Help.

A few weeks ago, we were asked to help a fellow colleague who received a message regarding their FS Engineer (TÜV Rheinland) certificate :

We are aware, that the validity of your FS Expert (TÜV Rheinland) certificate is expiring this month. Kindly be informed that we have had a…

Read More...

Are Your Control Systems Really Protected?

Are Your Control Systems Really Protected?

I don’t know whether you’ve noticed recently, but the number of cybersecurity alerts issued by CISA (Cybersecurity and Infrastructure Security Agency) seems to be increasing at an alarming rate.  The latest alert I’ve seen now relates to GPS tracking systems for children.  A device which is supposed to keep…

Read More...

Back to Basics 14 - Systematic Capability

Back to Basics 14 - Systematic Capability

Systematic Capability is achieved when the equipment used to implement any safety function is designed using procedures intended to prevent systematic design errors.  The rigor of the required procedure is a function of a Safety Integrity Level (SIL). This is evaluated through an assessment of the quality management system…

Read More...

Let’s Talk About Configuration Management and ISO 26262

Let’s Talk About Configuration Management and ISO 26262

Most software developers are familiar with the need for and benefits of change control. Usually change control means one thing to a software developer and that is 'commits' to a source code revision control system. Not only do small and regular commits provide significant advantages to large teams of…

Read More...

Do You Really Know What You Know (When it Comes to Functional Safety)?

Do You Really Know What You Know (When it Comes to Functional Safety)?

You don’t’ really know what you know until you have to explain it (or teach it) to someone else. 

When I’m asked about some of the technical aspects of functional safety, I have to stop and ask myself “What Do I Know About This?”  I’m not the kind…

Read More...

Back to Basics 13 - How Do I Start IEC 61508 Certification?

Back to Basics 13 - How Do I Start IEC 61508 Certification?

Do you want to know more about IEC 61508 certification, but you’re not sure if you are ready to jump in? Don’t worry, we will make this process as painless as possible.

Here is what to expect:

  1. Introduce Scope
  2. Kickoff Meeting
  3. Perform FMEDA on Product
  4. Creation of…

    Read More...

Building Cybersecurity into Software Applications

Building Cybersecurity into Software Applications

An April 2019 report from the Institute of Critical Infrastructure Technology (ICIT) makes the point that even though software ‘runs the world’, software security is an afterthought across virtually all industries. 

The report states that this lack of software security is actually a National Threat given that this…

Read More...

Back to Basics 12 –  What is IEC 61508 Certification?

Back to Basics 12 –  What is IEC 61508 Certification?

IEC 61508 Certification is a Third-Party Validation against the standard’s requirements, comprising of:

  • Detailed Analysis of engineering processes to determine Systematic Capability and Cybersecurity Strength 
  • Detailed Analysis of hardware design / design margins resulting in Random Failure Rate in all failure modes
  • Analysis/Testing to show safe, correct operation and Cybersecurity Susceptibility

To achieve an…

Read More...

When is an Alarm not an Alarm?

When is an Alarm not an Alarm?

The ISA-18.2 and IEC 62682 standards define an alarm as an “audible and/or visible means of indicating to the operator an equipment malfunction, process deviation, or abnormal condition requiring a timely response”.  One of the reasons why alarm systems are out of control (alarm overload, nuisance alarms)…

Read More...

Back to Basics 11 – How is SIL Used by an End User?

Back to Basics 11 – How is SIL Used by an End User?

IEC62443 - Learning Cybersecurity (Prevention Techniques)

IEC62443 - Learning Cybersecurity (Prevention Techniques)

Last Saturday, I read an article about hackers who were behind at least two potentially fatal intrusions on oil and gas industrial facilities (Yes I read cyber articles on the weekend wink). Besides the fact that I enjoy learning about cybersecurity on my…

Read More...