aeCyberSolutions Articles:

Remote security working in world of coronavirus

With a large influx of people working remotely due to COVID-19, cybersecurity is becoming a topic of concern for employers and their employees.

“Having companies looking to go to more remote operations, more remote maintenance is not a new trend,” said John Cusimano, vice president of cybersecurity at aeSolutions. “In recent years it may have slowed down a bit, but overall the movement toward cost savings and efficiency benefits have been there. Some, however, are addressing security concerns better than others.”” 

Read the entire article in Control Engineering

E&E News : Battle lines form over pipeline cyberthreat

Address factors that undermine awareness and training

“A key element of every industrial control system (ICS) cybersecurity program is awareness and training.  However the materials now used mostly target the information technology (IT) security community and to a lesser extent, automation and control engineers.  Hardly any content is relevant for people such as process and instrumentation engineers and operators who deal with operational technology (OT).” 

Read the entire article

Bolster Your OT Cybersecurity Program – Chemical Processing

Marco Ayala of aeSolutions, was featured today in an E&E News article about possible cyberattacks on U.S. oil and gas pipelines.  The following is a short excerpt :

“It’s a political football,” said Marco Ayala, senior life-cycle solutions manager at aeSolutions in Houston, who often works with pipeline companies on their cybersecurity practices. “DOE’s point is that they’re moving the ball forward with cybersecurity. Yet TSA and PHMSA are the law of the land for pipelines.”

Many pipeline companies already deal with DOE across various other parts of their businesses, he pointed out. “For them, it’s just, ‘Tell us who to talk to.’“  Read the entire article

Alaska Business Magazine :Cybersecurity Risk Assessment Provides a Rational Strategy for Protecting Technology Assets 

Organizations of all types and sizes have been rocked by security breaches and other cyber attacks, including large corporations (Merck, Maersk, and
FedEx), government agencies, and even a credit reporting bureau (Equifax). And given the growing threat from botnets, malware, ransomware, worms, and nefarious hackers, companies need an organized method for assessing and addressing cybersecurity risks.

Cybersecurity is the technologies, processes, and practices designed to protect networks, computers, programs, and data from attack, damage, or unauthorized access. A cybersecurity risk assessment identifies the gaps in an organization’s critical risk areas and determines actions to close them. The evaluation typically involves considering the primary types of information being handled—whether Social Security numbers, credit or debit card numbers, patient records, industrial control system data, designs, or human resources data—and then making a
priority list of what needs to be protected…. read the entire article

S4: Getting a Handle on Consequences

February 6, 2019

John Cusimano, vice president of cybersecurity at aeSolutions, was recently featured in a panel at the S4X19 conference exploring the strengths and benefits of conducting a Cyber Process Hazard Analysis (CyberPHA) or Consequence-driven Cyber-informed Engineering (CCE) process.  A recent article on isssource.com highlighted some takeaways from that panel:   “In a CyberPHA we leverage processes […]

You Do Leak Detection, but Do You have Breach Detection?

December 17, 2018

Pipeline leaks are bad for everyone.  They can have catastrophic effects on the environment, on communities, and a company’s bottom line. Given a bad enough leak, you could lose your license to operate, lose a fortune in revenue, even face jail time.  No one wants leaks. […]

Using the cloud to secure the cloud – Control Magazine

Excerpts from Control Magazine:

“Remote access enables technical support and increased worker productivity to counter the exponential growth of automation, but it comes with security risks,” said Peter Eliya, safety and control systems automation specialist at aeSolutions, system integrator and consulting engineering firm in Greenville, SC. “This is especially true when users engage in dangerous methods for achieving remote access, such as connecting control systems to company networks, connecting directly to the Internet, and/or working around IT security policies.”

Read the entire article at controlglobal.com

Control Engineering : Safety requires cybersecurity

March 2017

Functional safety assessments are a well-established practice in machine and process automation. These assessments focus on random
hardware failures or systematic software failures (such as bugs). However, cybersecurity threats and vulnerabilities represent additional failure modes that may lead to incidents that are unaccounted for in traditional safety assessments. A business justification can be developed for discussing
cyber risk assessments. . . Entire Article