exida Presenting at 2015 ICS Cyber Security Conference | exida

News & Events.

exida Presenting at 2015 ICS Cyber Security Conference


  October 26, 2015

 2015 ICS Cyber Security Conference

Mike Medoff, exida Senior Safety Engineer will be presenting at the 2015 ICS Cyber Security Conference to be held October 26-29, 2015 in Atlanta, GA.

Learn more about the presentation below:

Is Your Equipment Security Certified?

Certification is a term thrown around that means many things in many contexts.  In the context of product certification, it means that an accredited Certification Body does an assessment and with positive result issues a certificate.

The assessment is most often done to one or more standards, and in this case the standard is IEC62443, which is the predominant security standard when working with automation systems. Manufacturers achieving certification to IEC62443 demonstrate good internal processes and organization, but above all an acute awareness of the dangers of cyber-attacks.  Users should use this certification as a differentiator when purchasing equipment.  One thing not clearly understood is that when a certification is achieved it comes with a manual that outlines the required conditions – the certification is only valid within a specified operational environment.

As has been discovered in the public arena, large public facing enterprises that have supposedly protected their systems by hardening the environment, have still been embarrassed by hackers.  So the layers of protection put in place are good for the casual even somewhat determined intruder. The greater the threat, the more the effort needs to be applied to the specific products themselves, rather than the protection surrounding the equipment.  This paper will explore alterations to products as identified in IEC62443 that will provide these higher levels of protection, specifically where vendors tend to have challenges meeting the specifications.

Examples are:

  • Clear identification of Security Requirements
  • Dealing with legacy and/or third party code
  • Integrity checking of internal data stores
  • Threat Modeling
  • Proactive Threat Analysis

These and other hurdles will be explored to provide insight on the value of product certification.

When: Thursday, October 29, 2015
Time: 2:30pm – 3:15pm