exida explains Blog

Attack on Florida Water System Highlights Weak Security Protections for Critical Infrastructure

Attack on Florida Water System Highlights Weak Security Protections for Critical Infrastructure

The Oldsmar Water Treatment Facility in Pinellas County Florida was compromised by hackers on February 5th. Hackers took advantage of the TeamViewer application that was still installed on the water facilities network to gain remote access1. The TeamViewer was originally installed to allow for status checks and troubleshooting of…

Read More...

IEC 62443 - The Evolution of IACS Cybersecurity

When we were doing safety system designs in the 1980s, there was no Windows, there was no TCP/IP, there was no in Ethernet. We had to write our own protocols to transmit data to our I/O and our controllers.

Fault-finding was always a challenge . What we ended up…

Read More...

Block that attack!  Getting IEC 62443 Cyber Certified (Part 2)

Block that attack!  Getting IEC 62443 Cyber Certified (Part 2)

This is the next in a series of blogs and papers on the benefits of cyber certification. You can read part 1 here.  Certification provides you with the opportunity to work with an experienced cyber team here at exida, and the vast knowledge of cyber experts worldwide codified in…

Read More...

IEC 62443 Cybersecurity Certification for Medical Devices

IEC 62443 Cybersecurity Certification for Medical Devices

Block that attack!  Getting IEC 62443 Cyber Certified (Part 1)

Block that attack!  Getting IEC 62443 Cyber Certified (Part 1)

This is the next in a series of blogs and papers on the benefits of cyber certification.  Certification provides you with the opportunity to work with an experienced cyber team here at exida, and the vast knowledge of cyber experts worldwide codified in the IEC 62443 family of…

Read More...

Block that attack!  Get Certified!

Block that attack!  Get Certified!

This is the first in a series of blogs and papers on the benefits of cyber certification.  Certification provides you with the opportunity to work with an experienced cyber team here at exida,.  It also allows you to gain access to our network of cyber experts worldwide codified…

Read More...

Grasping the Power of the (Stuxnet) Virus (or What I did during the COVID-19 Pandemic)

Grasping the Power of the (Stuxnet) Virus (or What I did during the COVID-19 Pandemic)

The travel and group meeting restrictions from COVID-19 have allowed me to catch up on some reading about viruses; not the type that get transmitted to humans. This article is about the Stuxnet virus and what I learned from the book “Countdown to Zero Day: Stuxnet and the Launch of…

Read More...

With Many Automation Professionals Working From Home Cybersecurity Exposure is Rising

With Many Automation Professionals Working From Home Cybersecurity Exposure is Rising

One of the commonly targeted pathways into an Industrial Automation and Control System (IACS) is through compromised remote access such as Virtual Private Networks (VPNs) and Remote Desktop Protocol (RDP). During the Stay at Home Orders and other self-quarantining measures around the globe to combat the COVID-19 pandemic, many…

Read More...

The Non-Hackable System – Wait a Minute, What?

The Non-Hackable System – Wait a Minute, What?

I had the privilege to attend the CDS-forum in Trondheim, Norway on October 15, 2019. The CDS-forum is a Norwegian Industry Forum for Cybersecurity of Industrial Automation and Control Systems. The forum is a co-operation between oil companies, engineering oil companies, consultants, vendors and researchers, with a…

Read More...

Are Your Control Systems Really Protected?

Are Your Control Systems Really Protected?

I don’t know whether you’ve noticed recently, but the number of cybersecurity alerts issued by CISA (Cybersecurity and Infrastructure Security Agency) seems to be increasing at an alarming rate.  The latest alert I’ve seen now relates to GPS tracking systems for children.  A device which is supposed to keep…

Read More...

Building Cybersecurity into Software Applications

Building Cybersecurity into Software Applications

An April 2019 report from the Institute of Critical Infrastructure Technology (ICIT) makes the point that even though software ‘runs the world’, software security is an afterthought across virtually all industries. 

The report states that this lack of software security is actually a National Threat given that this…

Read More...

IEC62443 - Learning Cybersecurity (Prevention Techniques)

IEC62443 - Learning Cybersecurity (Prevention Techniques)

Last Saturday, I read an article about hackers who were behind at least two potentially fatal intrusions on oil and gas industrial facilities (Yes I read cyber articles on the weekend wink). Besides the fact that I enjoy learning about cybersecurity on my…

Read More...

SCRUM and IEC 62443

SCRUM and IEC 62443

Information Technology (IT) is the personnel, hardware, and software that controls non-physical devices and/or processes such as websites, financial data, personal information, etc. 

Operation Technology (OT) is the personnel, hardware, and software that controls physical devices and/or processes such as manufacturing, oil & gas, power, etc.  Today, OT has many…

Read More...

Why the Docker Breach is Noteworthy

Why the Docker Breach is Noteworthy

All data breaches expose some type of IT (Information Technology) or OT (Operating Technology) system vulnerability. Cybersecurity professionals then need to evaluate and determine appropriate responses for themselves and their clients. It might be patching software, revising work processes or altering incident response techniques.

Docker

Read More...

CACE Specialties, Now That’s New!

CACE Specialties, Now That’s New!

Cyberattacks have become the new norm for industrial control systems. A recent study found that 54% (more than half) of companies surveyed had experienced a cyber-attack on their Industrial control system within the last two years[1]. 

The need for well-trained, competent individuals to address cybersecurity for industrial control systems…

Read More...