John Cusimano, CISSP, GICSP, CFSE, is the Director of Industrial Cybersecurity for aeSolutions. John is an industrial control systems cybersecurity and functional safety expert with more than twenty years of experience. He leads the cybersecurity group for aeSolutions, a process safety consulting, engineering and automation company that provides process safety lifecycle solutions and tools.
John has performed countless control system cybersecurity vulnerability and cyber risk assessments in the Oil & Gas, Chemical, Water/Wastewater, and Power industries per ISA/IEC 62443 and NERC CIP standards. He has also overseen and participated in the security testing and certification of several control and safety systems per the ISASecure™ and Achilles™ security certification programs. A leader in the development of ICS cybersecurity standards and best practices, John is Chairman of ISA 99 WG4 TG2 Zones & Conduits committee and co-chair of ISA 99 WG4 TG6 Product Development committee. He was instrumental in the development of the ISASecure certification scheme and was recently appointed as US Expert to the IEC TC65 WG10 committee. John is also the lead course developer and instructor for the ISA IC32 training course, “Using the ANSI / ISA 62443 Standards to Secure Your Industrial Control System.”
By Gregory Hale, Writer | John Cusimano, aeSolutions Contributor | Published: September 6, 2017 ISSSource.com In what should be a surprise to no one: A series of attacks compromised energy companies in the United States and Europe which led to bad guys gaining access to grid operations to the point where they could flip the switch on power. A […]
WannaCry hit over 200,000 computers, from manufacturing to medical, in at least 174 countries starting Friday and through the beginning of this week and this ransomware attack could easily be prevented if manufacturers just follow some basic steps. The malicious code relied on victims opening a zip file emailed to them and from there the […]
Technology Update: If it isn’t secure, it isn’t safe. Cybersecurity vulnerabilities represent additional failure modes and safety incidents not factored into traditional safety assessments. Consider safety when creating a business justification for cybersecurity risk assessments. Functional safety assessments are a well-established practice in machine and process automation. These assessments focus on random hardware failures or […]
I recently volunteered to teach a TechGirlz workshop in Philadelphia as part of National Cybersecurity Month. TechGirlz is a nonprofit organization that is focused on encouraging middle-school age girls to become interested in technology and tech careers. The topic was “How Computers Talk”. In about three hours the girls were introduced to the basics of computer […]
Numerous cybersecurity incidents, especially those targeting the energy sector, have raised concerns among oil, gas and petrochemical corporations. Such a cyber breach could compromise industrial control and safety systems, leading to health, safety or environmental incidents or financial loss. “Are our plant controls systems secure?”; “Do we have adequate protection measures in place?”; “Would we […]
The majority of process plants today are controlled and operated by automation systems built on Ethernet TCP/IP networks and legacy Microsoft operating systems. These systems are vulnerable to cybersecurity breaches resulting in potentially significant risks. Standards have been developed on how to assess and mitigate cyber risks to these systems. This paper provides an introductory summary of these topics.