- by Michael Medoff , CFSE, CISA
- Thursday, June 21, 2012
- Industrial Cybersecurity
A False Sense of Security
About 5 years ago I was sitting around a big table in a conference room at a major LNG terminal. Outside the window I could see a big city harbor filled with boats, bridges, sky scrapers and approximately 5 million people. I could also see two huge LNG storage…
Read More...
- by Michael Medoff , CFSE, CISA
- Friday, July 19, 2013
- Industrial Cybersecurity
Are Cybersecurity Servers Making Your ICS Less Cyber Secure?
ICS cybersecurity standards such as ISA 62443 (formerly ISA 99) and NERC CIP require operators to have policies and procedures in place to monitor and maintain their critical ICS cyber assets. For anything other than very small systems, the obvious choice is to implement systems…
Read More...
- by Michael Medoff , CFSE, CISA
- Tuesday, July 16, 2013
- Industrial Cybersecurity
Cyber Security, Beyond the Internet: An Automation Engineer’s View
The world of automation has changed significantly over the past 30 years. I have fond memories of starting my career by calibrating, adjusting, and tuning pneumatic control loops while working my way through the electronic age right up to the present digital and cyber generation of automation. If you…
Read More...
- by Michael Medoff , CFSE, CISA
- Monday, July 23, 2018
- Industrial Cybersecurity
IEC 62443 : The Road to More Secure Products
As the incidence of cybersecurity threats in automation systems continue to rise, the automation world continues to grapple with how to address these issues. There are many good practices published in the IEC 62443 series of standards available to end users such as creating demilitarized zones between the business…
Read More...
- by Michael Medoff , CFSE, CISA
- Thursday, October 29, 2020
- Industrial Cybersecurity
IEC 62443 Cybersecurity Certification for Medical Devices
exida has traditionally been involved in industries such as oil and gas, chemicals, power generation and automotive. While these are a diverse set of industries, many of the techniques that we use such as FMEDA (Failure Modes Effects and Diagnostic Analysis), Risk Assessment, Threat Modelling, etc.…
Read More...
- by Michael Medoff , CFSE, CISA
- Thursday, July 12, 2018
- Industrial Cybersecurity
IEC 62443: Levels, Levels and More Levels
By now we’ve all become familiar with safety integrity levels (SIL), as they have become part of our everyday lives. However, with the recent release of several cybersecurity standards in the IEC 62443 series, things are getting more complicated. This series of standards introduces two more levels…
Read More...
- by Michael Medoff , CFSE, CISA
- Tuesday, October 30, 2012
- Industrial Cybersecurity
Industrial Control System Cyber Security – Legislation and Standards
There is a lot of concern around cyber security in Industrial Control Systems. With new threats like Stuxnet and Flame, the perceived risk to critical infrastructure has increased dramatically. There are increased calls for legislation and new methods for dealing with these threats. The history of how we have…
Read More...
- by Michael Medoff , CFSE, CISA
- Wednesday, August 10, 2011
- Industrial Cybersecurity
Keeping “Dancing Monkeys” out of your PLC
Last week a security researcher, Dillon Beresford of NSS Labs, presented at the Blackhat conference on the security vulnerabilities he found in Siemens PLC firmware. One of many stories on Dillon’s findings can be found here. Among other things, Dillon found “dancing monkeys” in the code! Actually,…
Read More...
- by Michael Medoff , CFSE, CISA
- Thursday, February 09, 2012
- Industrial Cybersecurity
Outrage! Panic! Indifference?
How should you react to news of PLC security vulnerabilities?
Project Basecamp was an exercise conducted at the S4 Security Conference that was held last month in Miami, Florida. At the event, six security researchers reported their findings on the…
Read More...
- by Michael Medoff , CFSE, CISA
- Tuesday, October 16, 2012
- Industrial Cybersecurity
Pen Testing a Live Control System – Are You Mad?
A recent, disturbing trend I’ve seen in industrial control system (ICS) security is that, in response to concerns about the security of their ICS & SCADA systems, companies are performing penetration (pen) testing on operational systems. Often times they request these services as one of the first steps in…
Read More...
- by Michael Medoff , CFSE, CISA
- Thursday, August 22, 2024
- Industrial Cybersecurity
Risky Business: IEC 62443 and Legacy Products
When it comes to developing secure products, the IEC 62443 series of standards provide a lot of guidance and best practices which can be applied while developing the product. This is essentially an approach to designing security into the product rather than trying to add it on at the…
Read More...
- by Michael Medoff , CFSE, CISA
- Monday, June 08, 2015
- Functional Safety
The Evolution of Coding Standards
Sometimes it seems that things change slowly in the world of functional safety. If you look at many of the technical references in IEC 61508 you will find that most come from the 1980s and 1990s. There is even one reference that dates back to 1950! With the rate…
Read More...
- by Michael Medoff , CFSE, CISA
- Tuesday, March 15, 2011
- Industrial Cybersecurity
The Real Impact of Stuxnet
Stuxnet has, rightly, generated a significant amount of discussion and concern with the industrial automation community. Fortunately, unless you operate a uranium enrichment facility using Siemens S7 PLC’s and some very specific variable frequency drives (VFDs) you probably haven’t been directly impacted by the Stuxnet…
Read More...
- by Michael Medoff , CFSE, CISA
- Thursday, May 24, 2012
- Industrial Cybersecurity
“Building Security In”
Cybersecurity continues to be a big problem for the world at large and for control systems specifically. The amount of time and effort that it can take to simply keep all of the security patches up to date on a large control system can be mind boggling. No…
Read More...