exida explains Blog

Good things happened in the fields of functional safety and control system cybersecurity in 2015.  I am not going to include the exciting new Star Wars movie as an event in the list as it does not really fit into the topic. But keeping focused, my highlights is 2015…

Read More...

Preparedness is defined as being in a state of readiness (Webster, 2022).  This can take many different forms but when it comes to cybersecurity, a big part is knowing what threats lie in wait within the cyber landscape.  It’s difficult to prepare against threats or vulnerabilities you don’t know exist.  Being able…

Read More...

This is the first in a series of blogs and papers on the benefits of cyber certification.  Certification provides you with the opportunity to work with an experienced cyber team here at exida,.  It also allows you to gain access to our network of cyber experts worldwide codified…

Read More...

This is the next in a series of blogs and papers on the benefits of cyber certification.  Certification provides you with the opportunity to work with an experienced cyber team here at exida, and the vast knowledge of cyber experts worldwide codified in the IEC 62443 family of…

Read More...

This is the next in a series of blogs and papers on the benefits of cyber certification. You can read part 1 here.  Certification provides you with the opportunity to work with an experienced cyber team here at exida, and the vast knowledge of cyber experts worldwide codified in…

Read More...

This is the next in a series of blogs and papers on the benefits of cyber certification. You can read part 1 here and part 2 here.  Certification provides you with the opportunity to work with an experienced cyber team here at exida, and the vast knowledge of cyber…

Read More...

This is the next in a series of blogs and papers on the benefits of cyber certification. You can read part 1 here , part 2 here, and part 3 here . Certification provides you with the opportunity to work with an experienced cyber team here at exida, and…

Read More...

Cyberattacks have become the new norm for industrial control systems. A recent study found that 54% (more than half) of companies surveyed had experienced a cyber-attack on their Industrial control system within the last two years[1]. 

The need for well-trained, competent individuals to address cybersecurity for industrial control systems…

Read More...

Two common gaps exida encounters when evaluating vendor compliance against the IEC 62443-4-1, IEC 62443-4-2 and IEC 62443-3-3 standards are:

1. Inadequate or unclear Security Guidelines.    
2. A lack of documentation on the security audit records (AKA logs).   

Improving compliance in these areas is also a very cost-effective…

Read More...

As the number, scale, and connectivity of industrial automation systems continues to grow, it becomes increasingly crucial to fundamentally understand, evaluate, and manage cybersecurity risks. The objective of an effective cybersecurity management program should be to maintain the industrial automation system consistent with corporate risk criteria. 

Ownership for industrial…

Read More...

When I was a kid, I liked watching the Jetsons.  I felt certain that by the year 2000 we’d all be enjoying those flying saucers and futuristic homes.  Imagine my disappointment that in 2018 we still drive on 4 wheels… and my home cannot elevate itself above bad weather……

Read More...

The IEC 62443 series of cybersecurity standards include over ten documents covering various subjects. Buying a full set is a bit expensive, but for me the real cost is the time needed to read and understand them. So I often ask one of the experts at exida…

Read More...

I was driving one of exida’s top risk experts from Europe to a business meeting. We parked and I locked the car door.  He commented “I noticed you did not lock the car door when you parked at the exida office.” He was right. In an area I do…

Read More...

As the incidence of cybersecurity threats in automation systems continue to rise, the automation world continues to grapple with how to address these issues.  There are many good practices published in the IEC 62443 series of standards available to end users such as creating demilitarized zones between the business…

Read More...

exida has traditionally been involved in industries such as oil and gas, chemicals, power generation and automotive.  While these are a diverse set of industries, many of the techniques that we use such as FMEDA (Failure Modes Effects and Diagnostic Analysis), Risk Assessment, Threat Modelling, etc.…

Read More...

Last Saturday, I read an article about hackers who were behind at least two potentially fatal intrusions on oil and gas industrial facilities (Yes I read cyber articles on the weekend ). Besides the fact that I enjoy learning about cybersecurity on my…

Read More...

Over the next couple of blogs, I plan to map out the importance of  ISA/IEC-62443/ISA-99 based cybersecurity and how it applies to your work environment.  I'll also explain some of our services so that you can see what might pertain to you.

For part 1, I will start from the beginnning…

Read More...

Internet of things or IoT can be defined as the interconnection via the internet of computing devices embedded in everyday objects enabling them to send and receive data. The Internet of Things is revolutionizing the way we operate our systems today. As IIoT (Industrial IoT) devices and gateways populate the industrial…

Read More...

Operations and facility managers have a level of responsibility that requires a great deal of judgment, technical understanding, and the ability to make the right call when managing risk. 

Safe, secure, and profitable plant operations are the cornerstones of how a plant manager is judged. The plant manager relies…

Read More...

It’s interesting that I had been preparing a webinar on pipeline safety and security since there have already been numerous incidents reported regarding pipeline accidents and leakage.  Now the latest incident concerning Colonial Pipeline and the ransomware attack by Darkside, a so-called extortion group,…

Read More...