exida

exida explains Blog

Entries tagged with: Cybersecurity

“Building Security In”

Cybersecurity continues to be a big problem for the world at large and for control systems specifically.  The amount of time and effort that it can take to simply keep all of the security patches up to date on a large control system can be mind boggling.  No…

Read More...

(Almost) FREE Security Training

The Department of Homeland Security (DHS) is tasked with many things. One area of focus is Industrial Control Systems (ICS). The Industrial Control Systems Joint Working Group (ICSJWG) was formed to facilitate this focus. This group holds semi-annual conferences (Spring and Fall) in various US cities. These meetings…

Read More...

  • by Dr. William Goble, CFSE
  • Thursday, January 12, 2012
  • News

2011…A Year in Review

2012 - Good Progress for Cybersecurity and Functional Safety

I think it is wise for individuals to periodically review things. I like to do my professional review at the end of the year. 2012 was a good year.

Product Certification

Over 60 new products received functional safety or cybersecurity certification this year. Those products and more…

Read More...

A False Sense of Security

About 5 years ago I was sitting around a big table in a conference room at a major LNG terminal.  Outside the window I could see a big city harbor filled with boats, bridges, sky scrapers and approximately 5 million people.  I could also see two huge LNG storage…

Read More...

A Year in Review: Functional Safety and Cybersecurity in 2015
  • by Dr. William Goble, CFSE
  • Tuesday, January 26, 2016
  • Certification

A Year in Review: Functional Safety and Cybersecurity in 2015

Good things happened in the fields of functional safety and control system cybersecurity in 2015.  I am not going to include the exciting new Star Wars movie as an event in the list as it does not really fit into the topic. But keeping focused, my highlights is 2015…

Read More...

An Integrator’s Guide to Managing the Cybersecurity Risks of Remote Access

An Integrator’s Guide to Managing the Cybersecurity Risks of Remote Access

Last week I attended the ISA Water/Wastewater and Automatic Controls Symposium in Bethesda, Maryland. The conference was attended by equipment manufacturers and municipalities, but system integrators composed the largest group. The technical sessions mainly discussed new opportunities for implementing the industrial internet of things (IoT) and cybersecurity…

Read More...

Are Cybersecurity Servers Making Your ICS Less Cyber Secure?

ICS cybersecurity standards such as ISA 62443 (formerly ISA 99) and NERC CIP require operators to have policies and procedures in place to monitor and maintain their critical ICS cyber assets.  For anything other than very small systems, the obvious choice is to implement systems…

Read More...

Are Your Control Systems Really Protected?

Are Your Control Systems Really Protected?

I don’t know whether you’ve noticed recently, but the number of cybersecurity alerts issued by CISA (Cybersecurity and Infrastructure Security Agency) seems to be increasing at an alarming rate.  The latest alert I’ve seen now relates to GPS tracking systems for children.  A device which is supposed to keep…

Read More...

Attack on Florida Water System Highlights Weak Security Protections for Critical Infrastructure

Attack on Florida Water System Highlights Weak Security Protections for Critical Infrastructure

The Oldsmar Water Treatment Facility in Pinellas County Florida was compromised by hackers on February 5th. Hackers took advantage of the TeamViewer application that was still installed on the water facilities network to gain remote access1. The TeamViewer was originally installed to allow for status checks and troubleshooting of…

Read More...

Automation Cybersecurity - Myths vs. Reality

Automation Cybersecurity - Myths vs. Reality

In today’s automation systems environment, certain myths continue to persist. For example, "cyber attacks are only a concern for big companies".  Although it may be less likely to be targeted by, say, a nation state attack, we’ve seen that malware can cause a shutdown of a system or trigger a…

Read More...

Automation Cybersecurity: IT vs OT - Differing Priorities

Automation Cybersecurity: IT vs OT - Differing Priorities

Before you can dive in and look at the core concept of automation cybersecurity, it's helpful to first define it. Automation cybersecurity is the prevention of intentional or unintentional interference with proper operation of automation systems including industrial controls, smart manufacturing,  and IIOT systems through the use of computers,…

Read More...

Being Prepared in Cyberspace via Threat Modelling

Being Prepared in Cyberspace via Threat Modelling

Preparedness is defined as being in a state of readiness (Webster, 2022).  This can take many different forms but when it comes to cybersecurity, a big part is knowing what threats lie in wait within the cyber landscape.  It’s difficult to prepare against threats or vulnerabilities you don’t know exist.  Being able…

Read More...

Bridging the OT / IT Cybersecurity Gap

Bridging the OT / IT Cybersecurity Gap

Personnel responsible for protecting organizational assets within Operations Technology (OT) groups would seem to have the same mission as those responsible for protecting organizational assets within Information Technology (IT) groups, and be tightly aligned. Spending any amount of time with Industrial Control System (ICS) clients, however, shows that is…

Read More...

Building Cybersecurity into Software Applications

Building Cybersecurity into Software Applications

An April 2019 report from the Institute of Critical Infrastructure Technology (ICIT) makes the point that even though software ‘runs the world’, software security is an afterthought across virtually all industries. 

The report states that this lack of software security is actually a National Threat given that this…

Read More...

CACE Specialties, Now That’s New!

CACE Specialties, Now That’s New!

Cyberattacks have become the new norm for industrial control systems. A recent study found that 54% (more than half) of companies surveyed had experienced a cyber-attack on their Industrial control system within the last two years[1]. 

The need for well-trained, competent individuals to address cybersecurity for industrial control systems…

Read More...

Contractor Cybersecurity Training - Why Do You Need It?

Contractor Cybersecurity Training - Why Do You Need It?

Today, we are going to talk a little bit about Contractor Cyber Training.  What's in a good contractor cyber training course?  Why do you need one?  Why aren't policies, practices, and contract language enough?

Today's operators of industrial production facilities frequently utilize contract…

Read More...

Creating a Cyber Hygiene Plan

Creating a Cyber Hygiene Plan

One of the things that automation companies are beginning to do is to plan for cyber hygiene. More and more companies are implementing automation specific awareness training for their employees. They conduct periodic exercises which like sending phishing emails to see who if you respond. They might leave USB…

Read More...

Cyber Risk Assessments and Security Level Verification: Detailed Risk Assessments (Part 2 of 3)

Cyber Risk Assessments and Security Level Verification: Detailed Risk Assessments (Part 2 of 3)

The exposure of industrial facilities to cybersecurity threats has never been higher. An analysis performed by IBM security found that the number of attacks on SCADA systems increased 636% from 2012 to 2014, with 675,816 cybersecurity incidents in January 20141. Finding an effective method for evaluating the current level…

Read More...

Cyber Risk Assessments and Security Level Verification: High-Level Risk Assessments (Part 1 of 3)

Cyber Risk Assessments and Security Level Verification: High-Level Risk Assessments (Part 1 of 3)

As the number, scale, and connectivity of industrial automation systems continues to grow, it becomes increasingly crucial to fundamentally understand, evaluate, and manage cybersecurity risks. The objective of an effective cybersecurity management program should be to maintain the industrial automation system consistent with corporate risk criteria. 

Ownership for industrial…

Read More...

Page 1 of 4 pages  1 2 3 >  Last ›