- by Patrick O'Brien
- Thursday, August 16, 2018
- Industrial Cybersecurity
An Integrator’s Guide to Managing the Cybersecurity Risks of Remote Access
Last week I attended the ISA Water/Wastewater and Automatic Controls Symposium in Bethesda, Maryland. The conference was attended by equipment manufacturers and municipalities, but system integrators composed the largest group. The technical sessions mainly discussed new opportunities for implementing the industrial internet of things (IoT) and cybersecurity…
Read More...
- by Steve Gandy, CFSP
- Thursday, September 12, 2019
- Industrial Cybersecurity
Are Your Control Systems Really Protected?
I don’t know whether you’ve noticed recently, but the number of cybersecurity alerts issued by CISA (Cybersecurity and Infrastructure Security Agency) seems to be increasing at an alarming rate. The latest alert I’ve seen now relates to GPS tracking systems for children. A device which is supposed to keep…
Read More...
- by Robert J. Michalsky
- Thursday, December 13, 2018
- Industrial Cybersecurity
Bridging the OT / IT Cybersecurity Gap
Personnel responsible for protecting organizational assets within Operations Technology (OT) groups would seem to have the same mission as those responsible for protecting organizational assets within Information Technology (IT) groups, and be tightly aligned. Spending any amount of time with Industrial Control System (ICS) clients, however, shows that is…
Read More...
- by Robert J. Michalsky
- Thursday, August 08, 2019
- Industrial Cybersecurity
Building Cybersecurity into Software Applications
An April 2019 report from the Institute of Critical Infrastructure Technology (ICIT) makes the point that even though software ‘runs the world’, software security is an afterthought across virtually all industries.
The report states that this lack of software security is actually a National Threat given that this…
Read More...
- by Patrick O'Brien
- Monday, April 15, 2019
- Industrial Cybersecurity
CACE Specialties, Now That’s New!
Cyberattacks have become the new norm for industrial control systems. A recent study found that 54% (more than half) of companies surveyed had experienced a cyber-attack on their Industrial control system within the last two years[1].
The need for well-trained, competent individuals to address cybersecurity for industrial control systems…
Read More...
- by Patrick O'Brien
- Tuesday, September 18, 2018
- Industrial Cybersecurity
Cyber Risk Assessments and Security Level Verification: High-Level Risk Assessments (Part 1 of 3)
As the number, scale, and connectivity of industrial automation systems continues to grow, it becomes increasingly crucial to fundamentally understand, evaluate, and manage cybersecurity risks. The objective of an effective cybersecurity management program should be to maintain the industrial automation system consistent with corporate risk criteria.
Ownership for industrial…
Read More...
- by Patrick O'Brien
- Thursday, December 06, 2018
- Industrial Cybersecurity
Cyber Risk Assessments and Security Level Verification: Security Level Verification (Part 3 of 3)
The exposure of industrial facilities to cybersecurity threats has never been higher. An analysis performed by IBM security found that the number of attacks on SCADA systems increased 636% from 2012 to 2014, with 675,816 cybersecurity incidents in January 2014 [1]. Finding an effective method for evaluating the current…
Read More...
- by Ted Stewart, CFSP, exidaCSP
- Thursday, January 17, 2019
- Industrial Cybersecurity
Cyberattacks Succeed Where Humans and Systems Are Weak
Have you noticed that over the last several years, cybersecurity seems to be “trending?”
Companies of all sizes are starting to learn how to prevent, or at least minimize, these attacks. They hire third-party experts and attend trainings to learn more about the human and system weaknesses that are…
Read More...
- by Dave Gunter
- Tuesday, January 08, 2019
- Industrial Cybersecurity
Does Your ICS Service Provider Need Training?
Today’s owner operators and lease operators of industrial production facilities frequently employ service providers for projects and upgrades, as well as operations and maintenance. These contractors often travel to many sites, carry their own copies of source code and files, and use multiple PCs with multiple engineering tools for…
Read More...
- by Dave Gunter
- Friday, May 12, 2017
- Industrial Cybersecurity
exida Cyber Blog Series: 01 - What is Cyber Hygiene?
exida would like to welcome our new director of cybersecurity services Dave Gunter. Dave will be taking us through a multi part blog series based on general cybersecurity evolving into how it pertains to your industrial work environment and what you should do to protect your company…
Read More...
- by Dave Gunter
- Wednesday, May 24, 2017
- Industrial Cybersecurity
exida Cyber Blog Series: 02 - Does your position qualify as a Cyber Sensitive position?
That’s a great question.
What is a Cyber sensitive position?
A cyber sensitive position is a subset of a job position description that can be graded as Ultra, High, Medium or Low sensitivity with respect to cybersecurity assets and associated potential consequences that may impact an operating company.
What…
Read More...
- by Dr. William Goble, CFSE
- Thursday, January 09, 2020
- Certification
Getting the Best IEC 62443 Cybersecurity Certification?
After careful planning and development of your system, the last thing you want to worry about is the credibility of your certification. Although it may seem like a given for your certification to be well accepted by your customers, it is never a bad idea to dig a little…
Read More...
- by Todd Stauffer
- Tuesday, May 19, 2020
- Industrial Cybersecurity
Grasping the Power of the (Stuxnet) Virus (or What I did during the COVID-19 Pandemic)
The travel and group meeting restrictions from COVID-19 have allowed me to catch up on some reading about viruses; not the type that get transmitted to humans. This article is about the Stuxnet virus and what I learned from the book “Countdown to Zero Day: Stuxnet and the Launch of…
Read More...
- by Dr. William Goble, CFSE
- Thursday, June 21, 2018
- Industrial Cybersecurity
How Does the IEC 62443 Cybersecurity Standard Apply to Integrators?
The IEC 62443 series of cybersecurity standards include over ten documents covering various subjects. Buying a full set is a bit expensive, but for me the real cost is the time needed to read and understand them. So I often ask one of the experts at exida…
Read More...
- by Dr. William Goble, CFSE
- Thursday, August 30, 2018
- Industrial Cybersecurity
How Much Cybersecurity Do I Need?
During an IACS cybersecurity risk analysis, each zone of a network is given a target security level. The levels are one to four, with one being the least amount of protection and four giving the most protection. For each zone we ask, “How much cybersecurity protection do we…
Read More...
- by Jeff Davis
- Thursday, November 08, 2018
- Industrial Cybersecurity
IACS Cybersecurity IEC 62443: Agile Lifecycle and Documentation
Industrial Automation Control Systems (IACS) Cybersecurity based on IEC 62443 was created to be compatible with agile development methodology. The standard deliberately talks about processes and not phases, such as those in the waterfall model. The processes defined can be met simultaneously and are, most likely, already being followed…
Read More...
- by Steve Gandy, CFSP
- Monday, February 08, 2021
- Industrial Cybersecurity
IEC 62443 - The Evolution of IACS Cybersecurity
When we were doing safety system designs in the 1980s, there was no Windows, there was no TCP/IP, there was no in Ethernet. We had to write our own protocols to transmit data to our I/O and our controllers.
Fault-finding was always a challenge . What we ended up…
Read More...
- by Michael Medoff , CFSE, CISA
- Thursday, July 12, 2018
- Industrial Cybersecurity
IEC 62443: Levels, Levels and More Levels
By now we’ve all become familiar with safety integrity levels (SIL), as they have become part of our everyday lives. However, with the recent release of several cybersecurity standards in the IEC 62443 series, things are getting more complicated. This series of standards introduces two more levels…
Read More...
- by Ted Stewart, CFSP, exidaCSP
- Wednesday, June 19, 2019
- Industrial Cybersecurity
IEC62443 - Learning Cybersecurity (Prevention Techniques)
Last Saturday, I read an article about hackers who were behind at least two potentially fatal intrusions on oil and gas industrial facilities (Yes I read cyber articles on the weekend
). Besides the fact that I enjoy learning about cybersecurity on my…
Read More...
- by Dave Gunter
- Friday, August 24, 2018
- Industrial Cybersecurity
Managing Risk: How Cybersecurity Differs for Facility Managers
Operations and facility managers have a level of responsibility that requires a great deal of judgment, technical understanding, and the ability to make the right call when managing risk.
Safe, secure, and profitable plant operations are the cornerstones of how a plant manager is judged. The plant manager relies…
Read More...