exida explains Blog

Entries tagged with: Cybersecurity

Managing Unconfirmed Cybersecurity Vulnerabilities like Supermicro

Managing Unconfirmed Cybersecurity Vulnerabilities like Supermicro

Unconfirmed vulnerabilities are not usually a big issue, but when one occurs like Supermicro, plant management will ask a simple question: “Do we have an issue or not?” 

Having been on the receiving end of this blunt exchange, I realize it can be painful and embarrassing to communicate,…

Read More...

Network Segmentation and the Fragile PLC

Network Segmentation and the Fragile PLC

One of the best parts of my job is I get to walk around and look over what has been implemented in the way of physical and cyber security. Most of the time I am very impressed by what has been done as more and more companies are realizing…

Read More...

Outrage! Panic! Indifference?

How should you react to news of PLC security vulnerabilities? 

Project Basecamp was an exercise conducted at the S4 Security Conference that was held last month in Miami, Florida.  At the event, six security researchers reported their findings on the…

Read More...

Pen Testing a Live Control System – Are You Mad?

A recent, disturbing trend I’ve seen in industrial control system (ICS) security is that, in response to concerns about the security of their ICS & SCADA systems, companies are performing penetration (pen) testing on operational systems.  Often times they request these services as one of the first steps in…

Read More...

Pipeline Safety and Security – Why are we still not prepared?

Pipeline Safety and Security – Why are we still not prepared?

It’s interesting that I had been preparing a webinar on pipeline safety and security since there have already been numerous incidents reported regarding pipeline accidents and leakage.  Now the latest incident concerning Colonial Pipeline and the ransomware attack by Darkside, a so-called extortion group,…

Read More...

Preventing Cyberattacks by Following Practical Guidance in IEC 62443

Preventing Cyberattacks by Following Practical Guidance in IEC 62443

Isn’t it frustrating when you experience an event that disrupts operations and then discover it could have been prevented? Very often a detailed analysis will reveal that a combination of (preventable) mistakes and unknown factors caused the incident. Training can help the mistakes, but dealing with the unknowns is a little…

Read More...

The Non-Hackable System – Wait a Minute, What?

The Non-Hackable System – Wait a Minute, What?

I had the privilege to attend the CDS-forum in Trondheim, Norway on October 15, 2019. The CDS-forum is a Norwegian Industry Forum for Cybersecurity of Industrial Automation and Control Systems. The forum is a co-operation between oil companies, engineering oil companies, consultants, vendors and researchers, with a…

Read More...

The Real Impact of Stuxnet

Stuxnet has, rightly, generated a significant amount of discussion and concern with the industrial automation community.  Fortunately, unless you operate a uranium enrichment facility using Siemens S7 PLC’s and some very specific variable frequency drives (VFDs) you probably haven’t been directly impacted by the Stuxnet…

Read More...

Train Wrecks Waiting to Happen?

Train Wrecks Waiting to Happen?

Hacking public transportation systems is always depicted on TV and movies.  And they make it seem so easy… it only takes seconds for these fictional experts.  Is it a reality?

Well, the Amtrak train derailment that occurred earlier this year in Philadelphia got me thinking about “hacking” as a…

Read More...

What can OT learn from IT data breaches?

What can OT learn from IT data breaches?

Does your organization even have a CISO position?

Cybersecurity continues to be an overlooked aspect in organizations—including those owning ICS (Industrial Control System) production facilities. Anyone following the news has most assuredly heard of the plethora of massive data breaches that organizations have endured over the last…

Read More...

  • by Iwan van Beurden, CFSE
  • Tuesday, January 17, 2012
  • Certification

Why am I not on “the list?”

“Building Security In”

Cybersecurity continues to be a big problem for the world at large and for control systems specifically.  The amount of time and effort that it can take to simply keep all of the security patches up to date on a large control system can be mind boggling.  No…

Read More...