News & Events.

exida Presenting at 3rd Safety Control Systems Conference

  October 19, 2012

exida’s John Cusimano, Director of Security Services will be a keynote speaker and presenter at the 3rd Safety Control Systems Conference in Edmonton, Alberta, Canada. The conference will be held November 27-29, 2012.

Mr. Cusimano’s presentations include:

“A Semi-Quantitative Risk Assessment Technique for Cyber Security Threats”

Cyber threats are increasing in frequency and sophistication.  The associated risks to operating companies can no longer be ignored.  Cyber security incidents can include loss of IP, production upsets or out of control scenarios.  This presentation describes an important step forward in the measurement of risk associated with cyber security hazards.  This presentation will discuss the threat type methodologies, their potential causes and possible countermeasures which can be effective to protect against the ultimate occurrence of the consequences.

“Lessons Learned from Real Life Control System Security Incidents and Assessments”

Hundreds of industrial control system security incidents have been studied by the Security Incidents Organization and documented in the Repository of Industrial Security Incidents.  This presentation will study several actual control system security incidents and review the common vulnerabilities that were exploited, the impact of the incidents, the actions taken to prevent future incidents and the lessons learned.  It will review the findings from several preemptive control system security assessments and discuss how numerous facilities have reduced their risk of unplanned downtime and safety incidents by improving the cyber security of their control and SCADA systems.

“Assessing the Security of Industrial Control Systems Using Threat Modeling”

Threat Modeling is a technique that has long been used by software developers to assess the security risks in their code.  It is a significant part of the Microsoft Security Development Life Cycle.  Threat Modeling can also be applied to systems and can be a very good tool for assessing the security of industrial control systems.  This presentation will describe the threat modeling process and explain how it can be applied to an industrial control system.  Real world examples will be used to help demonstrate how this can be applied.