exida

exida explains Blog

What is a Pragmatic Approach to Cybersecurity?

What is a Pragmatic Approach to Cybersecurity?

Now that we have a little bit of context on what's driving our current cybersecurity landscape. The next question is, “where does this pragmatic approach come in?  What is a pragmatic approach? What does the word pragmatic mean? The dictionary definition is dealing with things sensibly and realistically in a…

Read More...

Many Different Forces are Influencing ICS Cybersecurity Adoption

Many Different Forces are Influencing ICS Cybersecurity Adoption

When we look at some of the challenges that are facing  control systems, we also have to think about what forces are influencing how asset owners adopt cybersecurity. We'll talk about four of those main drivers that play a role in cybersecurity implementation. 

National Standards…

Read More...

Creating a Cyber Hygiene Plan

Creating a Cyber Hygiene Plan

One of the things that automation companies are beginning to do is to plan for cyber hygiene. More and more companies are implementing automation specific awareness training for their employees. They conduct periodic exercises which like sending phishing emails to see who if you respond. They might leave USB…

Read More...

Automation Cybersecurity - Myths vs. Reality

Automation Cybersecurity - Myths vs. Reality

In today’s automation systems environment, certain myths continue to persist. For example, "cyber attacks are only a concern for big companies".  Although it may be less likely to be targeted by, say, a nation state attack, we’ve seen that malware can cause a shutdown of a system or trigger a…

Read More...

Why is Cybersecurity Hygiene Important for Automation Systems?

Why is Cybersecurity Hygiene Important for Automation Systems?

Cybersecurity incidents have shown that there can be major consequences for automation systems. There have been incidences where attackers have been able to manipulate the human resource interface console directly. It was only by chance that an operator in one particular instance happened to notice that his mouse pointer…

Read More...

Automation Cybersecurity: IT vs OT - Differing Priorities

Automation Cybersecurity: IT vs OT - Differing Priorities

Before you can dive in and look at the core concept of automation cybersecurity, it's helpful to first define it. Automation cybersecurity is the prevention of intentional or unintentional interference with proper operation of automation systems including industrial controls, smart manufacturing,  and IIOT systems through the use of computers,…

Read More...

The Cuckoo’s Egg & How it Relates to Cybersecurity

The Cuckoo’s Egg & How it Relates to Cybersecurity

Let me be the first to say that I don’t normally do book reviews.  Frankly, I thought I left them behind years ago when they were required assignments for my undergraduate classes.  Nevertheless, I find myself writing one today, not because I must, but because there are so many cybersecurity professionals…

Read More...

New Year’s Resolution: Plan for OT Cybersecurity

New Year’s Resolution: Plan for OT Cybersecurity

The New Year is a great time to make resolutions, but often as the weeks pass, these resolutions fall to the back burner. A study completed in 2016 showed that less than 25% of those who set a resolution successfully followed that resolution for a year.1 When we think about…

Read More...

The Perfect Match of Lockpicking and Cybersecurity

The Perfect Match of Lockpicking and Cybersecurity

First off, an introduction is in order. My name is Greg Houser, and I’m one of the new fish here at exida (no, that’s not a typo – the ‘e’ is lowercase in “exida”).  And…

Read More...

Being Prepared in Cyberspace via Threat Modelling

Being Prepared in Cyberspace via Threat Modelling

Preparedness is defined as being in a state of readiness (Webster, 2022).  This can take many different forms but when it comes to cybersecurity, a big part is knowing what threats lie in wait within the cyber landscape.  It’s difficult to prepare against threats or vulnerabilities you don’t know exist.  Being able…

Read More...

Demystifying the Threat Modeling Process

Demystifying the Threat Modeling Process

The thought of tackling a threat model (TM) might not be the most appetizing to some people.   Doing a quick Internet search, someone could get stuck under a mountain of acronyms and terms.  I mean, what is a CVSS anyway?  And then there are the diagrams, attack trees and feedback loops that…

Read More...

Block that attack!  Getting IEC 62443 Cyber Certified (Part 4)

Block that attack!  Getting IEC 62443 Cyber Certified (Part 4)

This is the next in a series of blogs and papers on the benefits of cyber certification. You can read part 1 here , part 2 here, and part 3 here . Certification provides you with the opportunity to work with an experienced cyber team here at exida, and…

Read More...

Block that attack!  Getting IEC 62443 Cyber Certified (Part 3)

Block that attack!  Getting IEC 62443 Cyber Certified (Part 3)

This is the next in a series of blogs and papers on the benefits of cyber certification. You can read part 1 here and part 2 here.  Certification provides you with the opportunity to work with an experienced cyber team here at exida, and the vast knowledge of cyber…

Read More...

Pipeline Safety and Security – Why are we still not prepared?

Pipeline Safety and Security – Why are we still not prepared?

It’s interesting that I had been preparing a webinar on pipeline safety and security since there have already been numerous incidents reported regarding pipeline accidents and leakage.  Now the latest incident concerning Colonial Pipeline and the ransomware attack by Darkside, a so-called extortion group,…

Read More...

Attack on Florida Water System Highlights Weak Security Protections for Critical Infrastructure

Attack on Florida Water System Highlights Weak Security Protections for Critical Infrastructure

The Oldsmar Water Treatment Facility in Pinellas County Florida was compromised by hackers on February 5th. Hackers took advantage of the TeamViewer application that was still installed on the water facilities network to gain remote access1. The TeamViewer was originally installed to allow for status checks and troubleshooting of…

Read More...