aeCyberSolutions Articles:

E&E News : Battle lines form over pipeline cyberthreat

Marco Ayala of aeSolutions, was featured today in an E&E News article about possible cyberattacks on U.S. oil and gas pipelines.  The following is a short excerpt :

“It’s a political football,” said Marco Ayala, senior life-cycle solutions manager at aeSolutions in Houston, who often works with pipeline companies on their cybersecurity practices. “DOE’s point is that they’re moving the ball forward with cybersecurity. Yet TSA and PHMSA are the law of the land for pipelines.”

Many pipeline companies already deal with DOE across various other parts of their businesses, he pointed out. “For them, it’s just, ‘Tell us who to talk to.’“  Read the entire article

Alaska Business Magazine :Cybersecurity Risk Assessment Provides a Rational Strategy for Protecting Technology Assets 

Organizations of all types and sizes have been rocked by security breaches and other cyber attacks, including large corporations (Merck, Maersk, and
FedEx), government agencies, and even a credit reporting bureau (Equifax). And given the growing threat from botnets, malware, ransomware, worms, and nefarious hackers, companies need an organized method for assessing and addressing cybersecurity risks.

Cybersecurity is the technologies, processes, and practices designed to protect networks, computers, programs, and data from attack, damage, or unauthorized access. A cybersecurity risk assessment identifies the gaps in an organization’s critical risk areas and determines actions to close them. The evaluation typically involves considering the primary types of information being handled—whether Social Security numbers, credit or debit card numbers, patient records, industrial control system data, designs, or human resources data—and then making a
priority list of what needs to be protected…. read the entire article

S4: Getting a Handle on Consequences

February 6, 2019

John Cusimano, vice president of cybersecurity at aeSolutions, was recently featured in a panel at the S4X19 conference exploring the strengths and benefits of conducting a Cyber Process Hazard Analysis (CyberPHA) or Consequence-driven Cyber-informed Engineering (CCE) process.  A recent article on isssource.com highlighted some takeaways from that panel:   “In a CyberPHA we leverage processes […]

You Do Leak Detection, but Do You have Breach Detection?

December 17, 2018

Pipeline leaks are bad for everyone.  They can have catastrophic effects on the environment, on communities, and a company’s bottom line. Given a bad enough leak, you could lose your license to operate, lose a fortune in revenue, even face jail time.  No one wants leaks. […]

Using the cloud to secure the cloud – Control Magazine

Excerpts from Control Magazine:

“Remote access enables technical support and increased worker productivity to counter the exponential growth of automation, but it comes with security risks,” said Peter Eliya, safety and control systems automation specialist at aeSolutions, system integrator and consulting engineering firm in Greenville, SC. “This is especially true when users engage in dangerous methods for achieving remote access, such as connecting control systems to company networks, connecting directly to the Internet, and/or working around IT security policies.”

Read the entire article at controlglobal.com

Control Engineering : Safety requires cybersecurity

March 2017

Functional safety assessments are a well-established practice in machine and process automation. These assessments focus on random
hardware failures or systematic software failures (such as bugs). However, cybersecurity threats and vulnerabilities represent additional failure modes that may lead to incidents that are unaccounted for in traditional safety assessments. A business justification can be developed for discussing
cyber risk assessments. . . Entire Article