exida explains Blog

The exposure of industrial facilities to cybersecurity threats has never been higher. An analysis performed by IBM security found that the number of attacks on SCADA systems increased 636% from 2012 to 2014, with 675,816 cybersecurity incidents in January 2014 [1]. Finding an effective method for evaluating the current…

Read More...

I’ve heard this phrase so many times in my life… “<Something> is the best thing since sliced bread.” I personally can’t remember a time when sliced bread was not available, but I certainly remember going to the deli and having them use the slicing machine before handing me a bag…

Read More...

With the appearance of malware and nation state attacks on Industrial Control Systems (ICS), such as the Stuxnet (2010), Industroyer (2016) and TRITON (2017) attacks, the IEC 62433 standards are gaining wider attention.  

While the potential targets to attack in an ICS system are many-fold, one plant asset that…

Read More...

IEC 61508 functional safety certification began in the 1990s. As I recall, the only organizations doing this work in those days were TÜV Rheinland and TÜV Product Services (now TÜV Sud). These two companies remain competitors. 

Functional safety certification started with logic solvers. Some engineers and regulators at the…

Read More...

The exposure of industrial facilities to cybersecurity threats has never been higher. An analysis performed by IBM security found that the number of attacks on SCADA systems increased 636% from 2012 to 2014, with 675,816 cybersecurity incidents in January 20141. Finding an effective method for evaluating the current level…

Read More...

One of the changes that was made in 2016 to the IEC 61511 standard was the inclusion of periodic personnel assessments (clause 5.2.2.3), whereby a procedure is required to manage the competence of all those involved in the SIS lifecycle; “periodic” assessments are to be carried out to document…

Read More...

Isn’t it frustrating when you experience an event that disrupts operations and then discover it could have been prevented? Very often a detailed analysis will reveal that a combination of (preventable) mistakes and unknown factors caused the incident. Training can help the mistakes, but dealing with the unknowns is a little…

Read More...

Industrial Automation Control Systems (IACS) Cybersecurity based on IEC 62443 was created to be compatible with agile development methodology. The standard deliberately talks about processes and not phases, such as those in the waterfall model. The processes defined can be met simultaneously and are, most likely, already being followed…

Read More...

www.SILSafeData.com is a complimentary resource that contains the upper and lower bounds failure rates for many categories of automation equipment, as well as the methodology used by exida to derive the numbers.  

Many of you have asked how to…

Read More...

As discussed in What do Nuisance Alarms, the 80-20 Rule, and Mental Models Have in Common?, there are typically a handful of alarm points (10 to 20) that create the majority of notifications (50-80%) to the operator (referencing the 80-20 rule). These nuisance alarms are affectionately called “bad…

Read More...

My previous blog mentioned the fact that a Burner Management System (BMS) is unique, in that this instrumented layer is the last line of defense and may be the only protection layer in the case of a BPCS failure.

Have you ever performed an analysis to determine…

Read More...

Unconfirmed vulnerabilities are not usually a big issue, but when one occurs like Supermicro, plant management will ask a simple question: “Do we have an issue or not?” 

Having been on the receiving end of this blunt exchange, I realize it can be painful and embarrassing to communicate,…

Read More...

The world of collaborative robots, or cobots, is making headway. According to a recent report by the International Federation of Robots (IFR), along with Loup Ventures, global robotics spending will reach $13 billion in 2025. Currently, collaborative robots only make up about 3% of all robot sales. This number…

Read More...

I heard about a “safety certified” PLC in the late 1980s at an ISA SP84 standard committee meeting. The “logic solver” (as they later called it) was the focus of attention in the field of functional safety back then. Many engineers even said, “My system is safe because I…

Read More...

As the number, scale, and connectivity of industrial automation systems continues to grow, it becomes increasingly crucial to fundamentally understand, evaluate, and manage cybersecurity risks. The objective of an effective cybersecurity management program should be to maintain the industrial automation system consistent with corporate risk criteria. 

Ownership for industrial…

Read More...