exida

exida explains Blog

Entries tagged with: Cybersecurity

(Almost) FREE Security Training

The Department of Homeland Security (DHS) is tasked with many things. One area of focus is Industrial Control Systems (ICS). The Industrial Control Systems Joint Working Group (ICSJWG) was formed to facilitate this focus. This group holds semi-annual conferences (Spring and Fall) in various US cities. These meetings…

Read More...

  • by Dr. William Goble, CFSE
  • Thursday, January 12, 2012
  • News

2011…A Year in Review

2012 - Good Progress for Cybersecurity and Functional Safety

I think it is wise for individuals to periodically review things. I like to do my professional review at the end of the year. 2012 was a good year.

Product Certification

Over 60 new products received functional safety or cybersecurity certification this year. Those products and more…

Read More...

A False Sense of Security

About 5 years ago I was sitting around a big table in a conference room at a major LNG terminal.  Outside the window I could see a big city harbor filled with boats, bridges, sky scrapers and approximately 5 million people.  I could also see two huge LNG storage…

Read More...

A Year in Review: Functional Safety and Cybersecurity in 2015
  • by Dr. William Goble, CFSE
  • Tuesday, January 26, 2016
  • Certification

A Year in Review: Functional Safety and Cybersecurity in 2015

Good things happened in the fields of functional safety and control system cybersecurity in 2015.  I am not going to include the exciting new Star Wars movie as an event in the list as it does not really fit into the topic. But keeping focused, my highlights is 2015…

Read More...

Are Cybersecurity Servers Making Your ICS Less Cyber Secure?

ICS cybersecurity standards such as ISA 62443 (formerly ISA 99) and NERC CIP require operators to have policies and procedures in place to monitor and maintain their critical ICS cyber assets.  For anything other than very small systems, the obvious choice is to implement systems…

Read More...

Attack on Florida Water System Highlights Weak Security Protections for Critical Infrastructure

Attack on Florida Water System Highlights Weak Security Protections for Critical Infrastructure

The Oldsmar Water Treatment Facility in Pinellas County Florida was compromised by hackers on February 5th. Hackers took advantage of the TeamViewer application that was still installed on the water facilities network to gain remote access1. The TeamViewer was originally installed to allow for status checks and troubleshooting of…

Read More...

Automation Cybersecurity - Myths vs. Reality

Automation Cybersecurity - Myths vs. Reality

In today’s automation systems environment, certain myths continue to persist. For example, "cyber attacks are only a concern for big companies".  Although it may be less likely to be targeted by, say, a nation state attack, we’ve seen that malware can cause a shutdown of a system or trigger a…

Read More...

Automation Cybersecurity: IT vs OT - Differing Priorities

Automation Cybersecurity: IT vs OT - Differing Priorities

Before you can dive in and look at the core concept of automation cybersecurity, it's helpful to first define it. Automation cybersecurity is the prevention of intentional or unintentional interference with proper operation of automation systems including industrial controls, smart manufacturing,  and IIOT systems through the use of computers,…

Read More...

Contractor Cybersecurity Training - Why Do You Need It?

Contractor Cybersecurity Training - Why Do You Need It?

Today, we are going to talk a little bit about Contractor Cyber Training.  What's in a good contractor cyber training course?  Why do you need one?  Why aren't policies, practices, and contract language enough?

Today's operators of industrial production facilities frequently utilize contract…

Read More...

Cyber Risk Assessments and Security Level Verification: Detailed Risk Assessments (Part 2 of 3)

Cyber Risk Assessments and Security Level Verification: Detailed Risk Assessments (Part 2 of 3)

The exposure of industrial facilities to cybersecurity threats has never been higher. An analysis performed by IBM security found that the number of attacks on SCADA systems increased 636% from 2012 to 2014, with 675,816 cybersecurity incidents in January 20141. Finding an effective method for evaluating the current level…

Read More...

Cyber Security, Beyond the Internet: An Automation Engineer’s View

The world of automation has changed significantly over the past 30 years.  I have fond memories of starting my career by calibrating, adjusting, and tuning pneumatic control loops while working my way through the electronic age right up to the present digital and cyber generation of automation.  If you…

Read More...

exida Cyber Blog Series 03 - Process Safety and Cybersecurity, Related or Still Distant Cousins?

exida Cyber Blog Series 03 - Process Safety and Cybersecurity, Related or Still Distant Cousins?

To be clear, the above title is meant to capture your attention. We all understand and know that it is unusual for a Process Safety engineer and the IT architect to possess detailed knowledge of both safety and security. In today’s world, the operators, engineers, design and support personnel of…

Read More...

exida Cyber Blog Series 04 - Cybersecurity Metrics, Diagnostics, and Alarms: What’s What?

exida Cyber Blog Series 04 - Cybersecurity Metrics, Diagnostics, and Alarms: What’s What?

Co-written by Todd Stauffer, Director of Alarm Management Services at exida

A wise man once said, “You can’t manage what you don’t measure.” Let's apply this to the world of cybersecurity to discuss the importance of cybersecurity metrics and how they are different from a cyber diagnostic and a…

Read More...

Functional Safety, Cybersecurity, and Alarm Management in 2013
  • by Dr. William Goble, CFSE
  • Friday, January 10, 2014
  • Certification

Functional Safety, Cybersecurity, and Alarm Management in 2013

2013 was a good year for functional safety progress.  exida Certification issued a record number of new product functional safety certifications in mostly every product category - valves, actuators, solenoid valves, PLCs, fire and gas sensors, process sensors, and components.  The component category is one of the most…

Read More...

How Cybersecurity is like a Goldfish

How Cybersecurity is like a Goldfish

Oh look! Squirrel!

I am not much of a blogger. I should be but I’m not. This is strange, because I always have plenty to say.

This subject just gets me going so I am writing about it. I welcome feedback and opinions.

I have been in cybersecurity in…

Read More...

IEC 62443 : The Road to More Secure Products

IEC 62443 : The Road to More Secure Products

As the incidence of cybersecurity threats in automation systems continue to rise, the automation world continues to grapple with how to address these issues.  There are many good practices published in the IEC 62443 series of standards available to end users such as creating demilitarized zones between the business…

Read More...

Industrial automation is in the cross hairs of the hacker

As the details of STUXNET’s design unfolded last fall, like many, I was truly impressed by the pin-point precision that the malware authors used to ensure that their target, and only their target, was impacted by the virus.  In this regard, STUXNET may be one of the…

Read More...

Industrial Control System Cyber Security – Legislation and Standards

There is a lot of concern around cyber security in Industrial Control Systems.  With new threats like Stuxnet and Flame, the perceived risk to critical infrastructure has increased dramatically.  There are increased calls for legislation and new methods for dealing with these threats.  The history of how we have…

Read More...

Introduction to ICS Security - Pt. 1 - What is ICS Security and Why it Is Important

Introduction to ICS Security - Pt. 1 - What is ICS Security and Why it Is Important

Over the next couple of blogs, I plan to map out the importance of  ISA/IEC-62443/ISA-99 based cybersecurity and how it applies to your work environment.  I'll also explain some of our services so that you can see what might pertain to you.

For part 1, I will start from the beginnning…

Read More...