News & Events.

exida Presenting at 2015 ICS Cyber Security Conference

  October 26, 2015

---

Mike Medoff, exida Senior Safety Engineer will be presenting at the 2015 ICS Cyber Security Conference to be held October 26-29, 2015 in Atlanta, GA.

Learn more about the presentation below:

Is Your Equipment Security Certified?

Certification is a term thrown around that means many things in many contexts.  In the context of product certification, it means that an accredited Certification Body does an assessment and with positive result issues a certificate.

The assessment is most often done to one or more standards, and in this case the standard is IEC62443, which is the predominant security standard when working with automation systems. Manufacturers achieving certification to IEC62443 demonstrate good internal processes and organization, but above all an acute awareness of the dangers of cyber-attacks.  Users should use this certification as a differentiator when purchasing equipment.  One thing not clearly understood is that when a certification is achieved it comes with a manual that outlines the required conditions – the certification is only valid within a specified operational environment.

As has been discovered in the public arena, large public facing enterprises that have supposedly protected their systems by hardening the environment, have still been embarrassed by hackers.  So the layers of protection put in place are good for the casual even somewhat determined intruder. The greater the threat, the more the effort needs to be applied to the specific products themselves, rather than the protection surrounding the equipment.  This paper will explore alterations to products as identified in IEC62443 that will provide these higher levels of protection, specifically where vendors tend to have challenges meeting the specifications.

Examples are:

• Clear identification of Security Requirements
• Dealing with legacy and/or third party code
• Integrity checking of internal data stores
• Threat Modeling
• Proactive Threat Analysis

These and other hurdles will be explored to provide insight on the value of product certification.

When: Thursday, October 29, 2015
Time: 2:30pm – 3:15pm

More News

• April 10, 2024
  exida Exhibiting at Transport Research Arena (TRA) in Dublin
• April 09, 2024
  Qualcomm Receives ISO 26262 Certification for Semiconductor Components
• March 12, 2024
  Three YORK® Chiller Solutions Earn ISASecure® Certifications for Embedded Cybersecurity
• March 04, 2024
  2024 exida PAMR Symposium to be held in Germany
• January 18, 2024
  exida Authored Article in December 2023 Process Safety Progress
• January 17, 2024
  Green Hills Software Is First Embedded Software Company to Receive ISO/SAE 21434 Certificate
• January 16, 2024
  Qualcomm Receives ISO 26262 Certification for Semiconductor Components