exida explains Blog

Cybersecurity continues to be a big problem for the world at large and for control systems specifically.  The amount of time and effort that it can take to simply keep all of the security patches up to date on a large control system can be mind boggling.  No…

Read More...

The Department of Homeland Security (DHS) is tasked with many things. One area of focus is Industrial Control Systems (ICS). The Industrial Control Systems Joint Working Group (ICSJWG) was formed to facilitate this focus. This group holds semi-annual conferences (Spring and Fall) in various US cities. These meetings…

Read More...

2011 was a good year in many ways for Functional Safety and Cyber Security. Several instrumentation products achieved IEC 61508 certification. exida Certification alone issued 64 product certifications (http://www.sael-onine.com).  With most certification projects, improvements to the design and quality are made.  Some manufacturers…

Read More...

Product Certification

Over 60 new products received functional safety or cybersecurity certification this year. Those products and more…

Read More...

About 5 years ago I was sitting around a big table in a conference room at a major LNG terminal.  Outside the window I could see a big city harbor filled with boats, bridges, sky scrapers and approximately 5 million people.  I could also see two huge LNG storage…

Read More...

Good things happened in the fields of functional safety and control system cybersecurity in 2015.  I am not going to include the exciting new Star Wars movie as an event in the list as it does not really fit into the topic. But keeping focused, my highlights is 2015…

Read More...

Last week I attended the ISA Water/Wastewater and Automatic Controls Symposium in Bethesda, Maryland. The conference was attended by equipment manufacturers and municipalities, but system integrators composed the largest group. The technical sessions mainly discussed new opportunities for implementing the industrial internet of things (IoT) and cybersecurity…

Read More...

ICS cybersecurity standards such as ISA 62443 (formerly ISA 99) and NERC CIP require operators to have policies and procedures in place to monitor and maintain their critical ICS cyber assets.  For anything other than very small systems, the obvious choice is to implement systems…

Read More...

I don’t know whether you’ve noticed recently, but the number of cybersecurity alerts issued by CISA (Cybersecurity and Infrastructure Security Agency) seems to be increasing at an alarming rate.  The latest alert I’ve seen now relates to GPS tracking systems for children.  A device which is supposed to keep…

Read More...

The Oldsmar Water Treatment Facility in Pinellas County Florida was compromised by hackers on February 5th. Hackers took advantage of the TeamViewer application that was still installed on the water facilities network to gain remote access¹. The TeamViewer was originally installed to allow for status checks and troubleshooting of…

Read More...

In today’s automation systems environment, certain myths continue to persist. For example, "cyber attacks are only a concern for big companies".  Although it may be less likely to be targeted by, say, a nation state attack, we’ve seen that malware can cause a shutdown of a system or trigger a…

Read More...

Before you can dive in and look at the core concept of automation cybersecurity, it's helpful to first define it. Automation cybersecurity is the prevention of intentional or unintentional interference with proper operation of automation systems including industrial controls, smart manufacturing,  and IIOT systems through the use of computers,…

Read More...

Preparedness is defined as being in a state of readiness (Webster, 2022).  This can take many different forms but when it comes to cybersecurity, a big part is knowing what threats lie in wait within the cyber landscape.  It’s difficult to prepare against threats or vulnerabilities you don’t know exist.  Being able…

Read More...

Personnel responsible for protecting organizational assets within Operations Technology (OT) groups would seem to have the same mission as those responsible for protecting organizational assets within Information Technology (IT) groups, and be tightly aligned. Spending any amount of time with Industrial Control System (ICS) clients, however, shows that is…

Read More...

An April 2019 report from the Institute of Critical Infrastructure Technology (ICIT) makes the point that even though software ‘runs the world’, software security is an afterthought across virtually all industries. 

The report states that this lack of software security is actually a National Threat given that this…

Read More...

Cyberattacks have become the new norm for industrial control systems. A recent study found that 54% (more than half) of companies surveyed had experienced a cyber-attack on their Industrial control system within the last two years[1]. 

The need for well-trained, competent individuals to address cybersecurity for industrial control systems…

Read More...

Today, we are going to talk a little bit about Contractor Cyber Training.  What's in a good contractor cyber training course?  Why do you need one?  Why aren't policies, practices, and contract language enough?

Today's operators of industrial production facilities frequently utilize contract…

Read More...

One of the things that automation companies are beginning to do is to plan for cyber hygiene. More and more companies are implementing automation specific awareness training for their employees. They conduct periodic exercises which like sending phishing emails to see who if you respond. They might leave USB…

Read More...

The exposure of industrial facilities to cybersecurity threats has never been higher. An analysis performed by IBM security found that the number of attacks on SCADA systems increased 636% from 2012 to 2014, with 675,816 cybersecurity incidents in January 20141. Finding an effective method for evaluating the current level…

Read More...

As the number, scale, and connectivity of industrial automation systems continues to grow, it becomes increasingly crucial to fundamentally understand, evaluate, and manage cybersecurity risks. The objective of an effective cybersecurity management program should be to maintain the industrial automation system consistent with corporate risk criteria. 

Ownership for industrial…

Read More...