exida

exida explains Blog

Entries tagged with: IEC 62443

A Year in Review: Functional Safety and Cybersecurity in 2015
  • by Dr. William Goble, CFSE
  • Tuesday, January 26, 2016
  • Certification

A Year in Review: Functional Safety and Cybersecurity in 2015

Good things happened in the fields of functional safety and control system cybersecurity in 2015.  I am not going to include the exciting new Star Wars movie as an event in the list as it does not really fit into the topic. But keeping focused, my highlights is 2015…

Read More...

Being Prepared in Cyberspace via Threat Modelling

Being Prepared in Cyberspace via Threat Modelling

Preparedness is defined as being in a state of readiness (Webster, 2022).  This can take many different forms but when it comes to cybersecurity, a big part is knowing what threats lie in wait within the cyber landscape.  It’s difficult to prepare against threats or vulnerabilities you don’t know exist.  Being able…

Read More...

Block that attack!  Get Certified!

Block that attack!  Get Certified!

This is the first in a series of blogs and papers on the benefits of cyber certification.  Certification provides you with the opportunity to work with an experienced cyber team here at exida,.  It also allows you to gain access to our network of cyber experts worldwide codified…

Read More...

Block that attack!  Getting IEC 62443 Cyber Certified (Part 1)

Block that attack!  Getting IEC 62443 Cyber Certified (Part 1)

This is the next in a series of blogs and papers on the benefits of cyber certification.  Certification provides you with the opportunity to work with an experienced cyber team here at exida, and the vast knowledge of cyber experts worldwide codified in the IEC 62443 family of…

Read More...

Block that attack!  Getting IEC 62443 Cyber Certified (Part 2)

Block that attack!  Getting IEC 62443 Cyber Certified (Part 2)

This is the next in a series of blogs and papers on the benefits of cyber certification. You can read part 1 here.  Certification provides you with the opportunity to work with an experienced cyber team here at exida, and the vast knowledge of cyber experts worldwide codified in…

Read More...

Block that attack!  Getting IEC 62443 Cyber Certified (Part 3)

Block that attack!  Getting IEC 62443 Cyber Certified (Part 3)

This is the next in a series of blogs and papers on the benefits of cyber certification. You can read part 1 here and part 2 here.  Certification provides you with the opportunity to work with an experienced cyber team here at exida, and the vast knowledge of cyber…

Read More...

Block that attack!  Getting IEC 62443 Cyber Certified (Part 4)

Block that attack!  Getting IEC 62443 Cyber Certified (Part 4)

This is the next in a series of blogs and papers on the benefits of cyber certification. You can read part 1 here , part 2 here, and part 3 here . Certification provides you with the opportunity to work with an experienced cyber team here at exida, and…

Read More...

CACE Specialties, Now That’s New!

CACE Specialties, Now That’s New!

Cyberattacks have become the new norm for industrial control systems. A recent study found that 54% (more than half) of companies surveyed had experienced a cyber-attack on their Industrial control system within the last two years[1]. 

The need for well-trained, competent individuals to address cybersecurity for industrial control systems…

Read More...

Closing Two Common IEC 62443 Compliance Gaps

Closing Two Common IEC 62443 Compliance Gaps

Two common gaps exida encounters when evaluating vendor compliance against the IEC 62443-4-1, IEC 62443-4-2 and IEC 62443-3-3 standards are:

  1. Inadequate or unclear Security Guidelines.    
  2. A lack of documentation on the security audit records (AKA logs).   

Improving compliance in these areas is also a very cost-effective…

Read More...

Cyber Risk Assessments and Security Level Verification: High-Level Risk Assessments (Part 1 of 3)

Cyber Risk Assessments and Security Level Verification: High-Level Risk Assessments (Part 1 of 3)

As the number, scale, and connectivity of industrial automation systems continues to grow, it becomes increasingly crucial to fundamentally understand, evaluate, and manage cybersecurity risks. The objective of an effective cybersecurity management program should be to maintain the industrial automation system consistent with corporate risk criteria. 

Ownership for industrial…

Read More...

Dreaming of a Better Tomorrow?

Dreaming of a Better Tomorrow?

When I was a kid, I liked watching the Jetsons.  I felt certain that by the year 2000 we’d all be enjoying those flying saucers and futuristic homes.  Imagine my disappointment that in 2018 we still drive on 4 wheels… and my home cannot elevate itself above bad weather……

Read More...

How Does the IEC 62443 Cybersecurity Standard Apply to Integrators?

How Does the IEC 62443 Cybersecurity Standard Apply to Integrators?

The IEC 62443 series of cybersecurity standards include over ten documents covering various subjects. Buying a full set is a bit expensive, but for me the real cost is the time needed to read and understand them. So I often ask one of the experts at exida…

Read More...

I Did Not Lock the Car Door

I Did Not Lock the Car Door

I was driving one of exida’s top risk experts from Europe to a business meeting. We parked and I locked the car door.  He commented “I noticed you did not lock the car door when you parked at the exida office.” He was right. In an area I do…

Read More...

IEC 62443 : The Road to More Secure Products

IEC 62443 : The Road to More Secure Products

As the incidence of cybersecurity threats in automation systems continue to rise, the automation world continues to grapple with how to address these issues.  There are many good practices published in the IEC 62443 series of standards available to end users such as creating demilitarized zones between the business…

Read More...

IEC 62443 Cybersecurity Certification for Medical Devices

IEC 62443 Cybersecurity Certification for Medical Devices

IEC62443 - Learning Cybersecurity (Prevention Techniques)

IEC62443 - Learning Cybersecurity (Prevention Techniques)

Last Saturday, I read an article about hackers who were behind at least two potentially fatal intrusions on oil and gas industrial facilities (Yes I read cyber articles on the weekend wink). Besides the fact that I enjoy learning about cybersecurity on my…

Read More...

Introduction to ICS Security - Pt. 1 - What is ICS Security and Why it Is Important

Introduction to ICS Security - Pt. 1 - What is ICS Security and Why it Is Important

Over the next couple of blogs, I plan to map out the importance of  ISA/IEC-62443/ISA-99 based cybersecurity and how it applies to your work environment.  I'll also explain some of our services so that you can see what might pertain to you.

For part 1, I will start from the beginnning…

Read More...

Is IEC 62443 a Good Solution for IIoT Security?
  • by Hrishit Joshi
  • Thursday, March 23, 2023

Is IEC 62443 a Good Solution for IIoT Security?

Internet of things or IoT can be defined as the interconnection via the internet of computing devices embedded in everyday objects enabling them to send and receive data. The Internet of Things is revolutionizing the way we operate our systems today. As IIoT (Industrial IoT) devices and gateways populate the industrial…

Read More...

Managing Risk: How Cybersecurity Differs for Facility Managers

Managing Risk: How Cybersecurity Differs for Facility Managers

Operations and facility managers have a level of responsibility that requires a great deal of judgment, technical understanding, and the ability to make the right call when managing risk. 

Safe, secure, and profitable plant operations are the cornerstones of how a plant manager is judged. The plant manager relies…

Read More...

Pipeline Safety and Security – Why are we still not prepared?

Pipeline Safety and Security – Why are we still not prepared?

It’s interesting that I had been preparing a webinar on pipeline safety and security since there have already been numerous incidents reported regarding pipeline accidents and leakage.  Now the latest incident concerning Colonial Pipeline and the ransomware attack by Darkside, a so-called extortion group,…

Read More...