Threat Modeling (TM) is a process for identifying and prioritizing potential cybersecurity threats to software, hardware or a system. Contributing to the high value of TM is:
Has your FMEA entered the realm of the paperwork exercise that we force ourselves to do for no real reason than someone says we must do it?
I have enjoyed analysis using FMEA. I first learned it existed when I was working for Ford. FMEA was the first Ford…
I have been asked this question many times by various clients over the years. This comes down to whether a perfect proof test is assumed or not. Let us remember that Mission Time is defined as the amount of time we expect a set of SIF equipment to run until a…
I find YouTube to be a good source of information on many subjects. Want to know how to fix a widget? There are probably a few videos on that exact subject. Technical subjects are also there. I was searching on “FMEA” and found an interesting looking video on the “Read More...
When it comes to developing secure products, the IEC 62443 series of standards provide a lot of guidance and best practices which can be applied while developing the product. This is essentially an approach to designing security into the product rather than trying to add it on at the…
I learned about the Failure Modes and Effects Analysis (FMEA) process for designs some decades ago. I was Supervisor of an Embedded System development group. There seemed to be a lot of evidence that an FMEA on a design was a really good way to identify issues (problems) early…
Good component failure rate data is a cornerstone of good quality reliability metric analysis. As mentioned in a previous exida whitepaper, one of the shortcomings of reliability databases has been the inability to handle variations in the operating environment. A sensor monitoring a flame and the processor interpreting the signal…
Memory mapping is a technique used in computer systems to manage memory resources safely, it involves creating a virtual address space that corresponds directly to the physical memory or to a portion of it, this allows programs to access memory in a way that is…
I had an engineer from a European Certification Body ask me why exida would bother paying any attention to these failure rate numbers, especially on mechanical devices? He said that he does not know anyone who actually uses them! To answer why exida pays attention to failure rates, we…
The C programming language has undoubtably extremely successful. It consistently ranks highly in the various rankings of most popular programming languages however these studies seem to be measured. C is not a language that is naturally suited to having safety requirements given to it. So, unsuited is it to…
This is an intriguing question. One that I often ask my classes when I’m teaching our FSE100 Functional Safety course. Very often, they do not know or do not fully understand what this means and why it is important.
The IEC61511 standard requires that any failures that occur within the…
Now that we have a little bit of context on what's driving our current cybersecurity landscape. The next question is, “where does this pragmatic approach come in? What is a pragmatic approach? What does the word pragmatic mean? The dictionary definition is dealing with things sensibly and realistically in a…
When we look at some of the challenges that are facing control systems, we also have to think about what forces are influencing how asset owners adopt cybersecurity. We'll talk about four of those main drivers that play a role in cybersecurity implementation.
From a machine safety management perspective, what goals are you looking to establish? Building a company safety culture, building awareness of the hazards, building the "buy in" to do things right and do things consistently is very important. It can't be done by a single person. It takes the…
What is driving machine safety adoption? What are some of the key questions that companies are trying to answer when it comes to machine safety? For industrial facilities, whether it's a chemical plant, or a machine application, it ultimately comes down to facility risk management. Companies want to provide…