exida explains Blog

Bridging the OT / IT Cybersecurity Gap

Bridging the OT / IT Cybersecurity Gap

Personnel responsible for protecting organizational assets within Operations Technology (OT) groups would seem to have the same mission as those responsible for protecting organizational assets within Information Technology (IT) groups, and be tightly aligned. Spending any amount of time with Industrial Control System (ICS) clients, however, shows that is…

Read More...

Cyber Risk Assessments and Security Level Verification: Security Level Verification (Part 3 of 3)

Cyber Risk Assessments and Security Level Verification: Security Level Verification (Part 3 of 3)

The exposure of industrial facilities to cybersecurity threats has never been higher. An analysis performed by IBM security found that the number of attacks on SCADA systems increased 636% from 2012 to 2014, with 675,816 cybersecurity incidents in January 2014 [1]. Finding an effective method for evaluating the current…

Read More...

Cyber Risk Assessments and Security Level Verification: Detailed Risk Assessments (Part 2 of 3)

Cyber Risk Assessments and Security Level Verification: Detailed Risk Assessments (Part 2 of 3)

The exposure of industrial facilities to cybersecurity threats has never been higher. An analysis performed by IBM security found that the number of attacks on SCADA systems increased 636% from 2012 to 2014, with 675,816 cybersecurity incidents in January 20141. Finding an effective method for evaluating the current level…

Read More...

Preventing Cyberattacks by Following Practical Guidance in IEC 62443

Preventing Cyberattacks by Following Practical Guidance in IEC 62443

Isn’t it frustrating when you experience an event that disrupts operations and then discover it could have been prevented? Very often a detailed analysis will reveal that a combination of (preventable) mistakes and unknown factors caused the incident. Training can help the mistakes, but dealing with the unknowns is a little…

Read More...

IACS Cybersecurity IEC 62443: Agile Lifecycle and Documentation

IACS Cybersecurity IEC 62443: Agile Lifecycle and Documentation

Industrial Automation Control Systems (IACS) Cybersecurity based on IEC 62443 was created to be compatible with agile development methodology. The standard deliberately talks about processes and not phases, such as those in the waterfall model. The processes defined can be met simultaneously and are, most likely, already being followed…

Read More...

Managing Unconfirmed Cybersecurity Vulnerabilities like Supermicro

Managing Unconfirmed Cybersecurity Vulnerabilities like Supermicro

Unconfirmed vulnerabilities are not usually a big issue, but when one occurs like Supermicro, plant management will ask a simple question: “Do we have an issue or not?” 

Having been on the receiving end of this blunt exchange, I realize it can be painful and embarrassing to communicate,…

Read More...

Cyber Risk Assessments and Security Level Verification: High-Level Risk Assessments (Part 1 of 3)

Cyber Risk Assessments and Security Level Verification: High-Level Risk Assessments (Part 1 of 3)

As the number, scale, and connectivity of industrial automation systems continues to grow, it becomes increasingly crucial to fundamentally understand, evaluate, and manage cybersecurity risks. The objective of an effective cybersecurity management program should be to maintain the industrial automation system consistent with corporate risk criteria. 

Ownership for industrial…

Read More...

How Much Cybersecurity Do I Need?

How Much Cybersecurity Do I Need?

During an IACS cybersecurity risk analysis, each zone of a network is given a target security level. The levels are one to four, with one being the least amount of protection and four giving the most protection. For each zone we ask, “How much cybersecurity protection do we…

Read More...

Managing Risk: How Cybersecurity Differs for Facility Managers

Managing Risk: How Cybersecurity Differs for Facility Managers

Operations and facility managers have a level of responsibility that requires a great deal of judgment, technical understanding, and the ability to make the right call when managing risk. 

Safe, secure, and profitable plant operations are the cornerstones of how a plant manager is judged. The plant manager relies…

Read More...

An Integrator’s Guide to Managing the Cybersecurity Risks of Remote Access

An Integrator’s Guide to Managing the Cybersecurity Risks of Remote Access

Last week I attended the ISA Water/Wastewater and Automatic Controls Symposium in Bethesda, Maryland. The conference was attended by equipment manufacturers and municipalities, but system integrators composed the largest group. The technical sessions mainly discussed new opportunities for implementing the industrial internet of things (IoT) and cybersecurity…

Read More...

IEC 62443 : The Road to More Secure Products

IEC 62443 : The Road to More Secure Products

As the incidence of cybersecurity threats in automation systems continue to rise, the automation world continues to grapple with how to address these issues.  There are many good practices published in the IEC 62443 series of standards available to end users such as creating demilitarized zones between the business…

Read More...

IEC 62443: Levels, Levels and More Levels

IEC 62443: Levels, Levels and More Levels

By now we’ve all become familiar with safety integrity levels (SIL), as they have become part of our everyday lives. However, with the recent release of several cybersecurity standards in the IEC 62443 series, things are getting more complicated. This series of standards introduces two more levels…

Read More...

How Does the IEC 62443 Cybersecurity Standard Apply to Integrators?

How Does the IEC 62443 Cybersecurity Standard Apply to Integrators?

The IEC 62443 series of cybersecurity standards include over ten documents covering various subjects. Buying a full set is a bit expensive, but for me the real cost is the time needed to read and understand them. So I often ask one of the experts at exida…

Read More...

Contractor Cybersecurity Training - Why Do You Need It?

Contractor Cybersecurity Training - Why Do You Need It?

Today, we are going to talk a little bit about Contractor Cyber Training.  What's in a good contractor cyber training course?  Why do you need one?  Why aren't policies, practices, and contract language enough?

Today's operators of industrial production facilities frequently utilize contract…

Read More...

exida Cyber Blog Series 04 - Cybersecurity Metrics, Diagnostics, and Alarms: What’s What?

exida Cyber Blog Series 04 - Cybersecurity Metrics, Diagnostics, and Alarms: What’s What?

Co-written by Todd Stauffer, Director of Alarm Management Services at exida

A wise man once said, “You can’t manage what you don’t measure.” Let's apply this to the world of cybersecurity to discuss the importance of cybersecurity metrics and how they are different from a cyber diagnostic and a…

Read More...