exida explains Blog

As the details of STUXNET’s design unfolded last fall, like many, I was truly impressed by the pin-point precision that the malware authors used to ensure that their target, and only their target, was impacted by the virus.  In this regard, STUXNET may be one of the…

Read More...

There is a lot of concern around cyber security in Industrial Control Systems.  With new threats like Stuxnet and Flame, the perceived risk to critical infrastructure has increased dramatically.  There are increased calls for legislation and new methods for dealing with these threats.  The history of how we have…

Read More...

Over the next couple of blogs, I plan to map out the importance of  ISA/IEC-62443/ISA-99 based cybersecurity and how it applies to your work environment.  I'll also explain some of our services so that you can see what might pertain to you.

For part 1, I will start from the beginnning…

Read More...

Over the last couple of blogs, I mapped out the importance of ISA/IEC-62443/ISA-99 based cybersecurity and how it applies to your work environment. 

For part 1, I started from the beginning and outlined what exactly ICS cybersecurity is and why it is important. 

For part 2, I explained the difference between…

Read More...

Last week a security researcher, Dillon Beresford of NSS Labs, presented at the Blackhat conference on the security vulnerabilities he found in Siemens PLC firmware.  One of many stories on Dillon’s findings can be found here.  Among other things, Dillon found “dancing monkeys” in the code!  Actually,…

Read More...

Operations and facility managers have a level of responsibility that requires a great deal of judgment, technical understanding, and the ability to make the right call when managing risk. 

Safe, secure, and profitable plant operations are the cornerstones of how a plant manager is judged. The plant manager relies…

Read More...

Unconfirmed vulnerabilities are not usually a big issue, but when one occurs like Supermicro, plant management will ask a simple question: “Do we have an issue or not?” 

Having been on the receiving end of this blunt exchange, I realize it can be painful and embarrassing to communicate,…

Read More...

When we look at some of the challenges that are facing  control systems, we also have to think about what forces are influencing how asset owners adopt cybersecurity. We'll talk about four of those main drivers that play a role in cybersecurity implementation. 

National Standards…

Read More...

One of the best parts of my job is I get to walk around and look over what has been implemented in the way of physical and cyber security. Most of the time I am very impressed by what has been done as more and more companies are realizing…

Read More...

The New Year is a great time to make resolutions, but often as the weeks pass, these resolutions fall to the back burner. A study completed in 2016 showed that less than 25% of those who set a resolution successfully followed that resolution for a year.¹ When we think about…

Read More...

How should you react to news of PLC security vulnerabilities? 

Project Basecamp was an exercise conducted at the S4 Security Conference that was held last month in Miami, Florida.  At the event, six security researchers reported their findings on the…

Read More...

A recent, disturbing trend I’ve seen in industrial control system (ICS) security is that, in response to concerns about the security of their ICS & SCADA systems, companies are performing penetration (pen) testing on operational systems.  Often times they request these services as one of the first steps in…

Read More...

It’s interesting that I had been preparing a webinar on pipeline safety and security since there have already been numerous incidents reported regarding pipeline accidents and leakage.  Now the latest incident concerning Colonial Pipeline and the ransomware attack by Darkside, a so-called extortion group,…

Read More...

Isn’t it frustrating when you experience an event that disrupts operations and then discover it could have been prevented? Very often a detailed analysis will reveal that a combination of (preventable) mistakes and unknown factors caused the incident. Training can help the mistakes, but dealing with the unknowns is a little…

Read More...

Information Technology (IT) is the personnel, hardware, and software that controls non-physical devices and/or processes such as websites, financial data, personal information, etc. 

Operation Technology (OT) is the personnel, hardware, and software that controls physical devices and/or processes such as manufacturing, oil & gas, power, etc.  Today, OT has many…

Read More...

Let me be the first to say that I don’t normally do book reviews.  Frankly, I thought I left them behind years ago when they were required assignments for my undergraduate classes.  Nevertheless, I find myself writing one today, not because I must, but because there are so many cybersecurity professionals…

Read More...

I had the privilege to attend the CDS-forum in Trondheim, Norway on October 15, 2019. The CDS-forum is a Norwegian Industry Forum for Cybersecurity of Industrial Automation and Control Systems. The forum is a co-operation between oil companies, engineering oil companies, consultants, vendors and researchers, with a…

Read More...

First off, an introduction is in order. My name is Greg Houser, and I’m one of the new fish here at exida (no, that’s not a typo – the ‘e’ is lowercase in “exida”).  And…

Read More...

Stuxnet has, rightly, generated a significant amount of discussion and concern with the industrial automation community.  Fortunately, unless you operate a uranium enrichment facility using Siemens S7 PLC’s and some very specific variable frequency drives (VFDs) you probably haven’t been directly impacted by the Stuxnet…

Read More...

Hacking public transportation systems is always depicted on TV and movies.  And they make it seem so easy… it only takes seconds for these fictional experts.  Is it a reality?

Well, the Amtrak train derailment that occurred earlier this year in Philadelphia got me thinking about “hacking” as a…

Read More...