Written By: Mike Medoff, Co-chair of JT 62443-4-1
The clock is ticking for manufacturers selling products with digital elements into the European Union. By December 2027, compliance with the Cyber Resilience Act (CRA) becomes mandatory—meaning if your product doesn't meet these strict security laws, you won't…
Under the EU Cyber Resilience Act (CRA), product classification drives the compliance path—including the depth of required evidence and whether conformity can be supplier-led or requires third-party involvement. This post explains why programmable logic controllers (PLCs) used in operational technology (OT) environments are generally not “Hardware Security Boxes”…
As the cybersecurity landscape continually evolves, engineers here at exida are working with organizations looking to achieve and maintain cybersecurity compliance. Tools like exSILentia® Cyber help end users comply with the standards and improve the traceability and documentation of cybersecurity tasks throughout their company.
exSILentia Cyber is a great…
The European Union’s Cyber Resilience Act (CRA) is set to introduce mandatory cybersecurity requirements for “products with digital elements”, including those used in Industrial Control Systems (ICS) and Operational Technology (OT) environments. This regulation, slated for enforcement beginning December 2027, aims to enhance cybersecurity across supply chains by…
The European Union Cyber Resilience Act (CRA) is a landmark regulation designed to enhance cybersecurity across hardware and software with digital elements that are offered for sale within the EU. As cyber threats continue to evolve, the CRA introduces mandatory security requirements for manufacturers to ensure that products…
Threat Modeling (TM) is a process for identifying and prioritizing potential cybersecurity threats to software, hardware or a system. Contributing to the high value of TM is:
When it comes to developing secure products, the IEC 62443 series of standards provide a lot of guidance and best practices which can be applied while developing the product. This is essentially an approach to designing security into the product rather than trying to add it on at the…
Now that we have a little bit of context on what's driving our current cybersecurity landscape. The next question is, “where does this pragmatic approach come in? What is a pragmatic approach? What does the word pragmatic mean? The dictionary definition is dealing with things sensibly and realistically in a…
When we look at some of the challenges that are facing control systems, we also have to think about what forces are influencing how asset owners adopt cybersecurity. We'll talk about four of those main drivers that play a role in cybersecurity implementation.
One of the things that automation companies are beginning to do is to plan for cyber hygiene. More and more companies are implementing automation specific awareness training for their employees. They conduct periodic exercises which like sending phishing emails to see who if you respond. They might leave USB…
In today’s automation systems environment, certain myths continue to persist. For example, "cyber attacks are only a concern for big companies". Although it may be less likely to be targeted by, say, a nation state attack, we’ve seen that malware can cause a shutdown of a system or trigger a…
Cybersecurity incidents have shown that there can be major consequences for automation systems. There have been incidences where attackers have been able to manipulate the human resource interface console directly. It was only by chance that an operator in one particular instance happened to notice that his mouse pointer…
Before you can dive in and look at the core concept of automation cybersecurity, it's helpful to first define it. Automation cybersecurity is the prevention of intentional or unintentional interference with proper operation of automation systems including industrial controls, smart manufacturing, and IIOT systems through the use of computers,…
Let me be the first to say that I don’t normally do book reviews. Frankly, I thought I left them behind years ago when they were required assignments for my undergraduate classes. Nevertheless, I find myself writing one today, not because I must, but because there are so many cybersecurity professionals…
The New Year is a great time to make resolutions, but often as the weeks pass, these resolutions fall to the back burner. A study completed in 2016 showed that less than 25% of those who set a resolution successfully followed that resolution for a year.1 When we think about…