John Cusimano

 Connect

John Cusimano, CISSP, GICSP, CFSE, is the Director of Industrial Cybersecurity for aeSolutions. John is an industrial control systems cybersecurity and functional safety expert with more than twenty years of experience. He leads the cybersecurity group for aeSolutions, a process safety consulting, engineering and automation company that provides process safety lifecycle solutions and tools. John has performed countless control system cybersecurity vulnerability and cyber risk assessments in the Oil & Gas, Chemical, Water/Wastewater, and Power industries per ISA/IEC 62443 and NERC CIP standards. He has also overseen and participated in the security testing and certification of several control and safety systems per the ISASecure™ and Achilles™ security certification programs. A leader in the development of ICS cybersecurity standards and best practices, John is Chairman of ISA 99 WG4 TG2 Zones & Conduits committee and co-chair of ISA 99 WG4 TG6 Product Development committee. He was instrumental in the development of the ISASecure certification scheme and was recently appointed as US Expert to the IEC TC65 WG10 committee. John is also the lead course developer and instructor for the ISA IC32 training course, “Using the ANSI / ISA 62443 Standards to Secure Your Industrial Control System.”

Posts by John Cusimano:

February 1, 2018

Cybersecurity Risk Assessment Provides a Rational Strategy for Protecting Technology Assets

By Tracy Barbour, Writer | John Cusimano, aeSolutions Contributor | Published: February 1, 2018 Alaska Business Monthly Large or small and in every industry, cybersecurity is critical. Organizations of all types and sizes have been rocked by security breaches and other cyber attacks, including large corporations (Merck, Maersk, and FedEx), government agencies, and even a credit reporting bureau […]

Read More
December 19, 2017

Control – You can be a cybersecurity badass – part 2

By Jim Montague, Writer | John Cusimano, aeSolutions Contributor | Published: December 19, 2017 Control.com Users, system integrators and suppliers are striking back on cybersecurity intrusions and attacks by sharing best practices, tools and services Traffic cops keep watch Of course, the ultimate aim of any cybersecurity effort is the same as any other plant-floor initiative from basic […]

Read More
September 6, 2017

ISSSource – Power Grid Compromise

By Gregory Hale, Writer | John Cusimano, aeSolutions Contributor | Published: September 6, 2017 ISSSource.com In what should be a surprise to no one: A series of attacks compromised energy companies in the United States and Europe which led to bad guys gaining access to grid operations to the point where they could flip the switch on power. A […]

Read More
May 15, 2017

How to Protect Against ‘WannaCry’

WannaCry hit over 200,000 computers, from manufacturing to medical, in at least 174 countries starting Friday and through the beginning of this week and this ransomware attack could easily be prevented if manufacturers just follow some basic steps. The malicious code relied on victims opening a zip file emailed to them and from there the […]

Read More
March 9, 2017

Control Engineering – Safety requires cybersecurity

Technology Update: If it isn’t secure, it isn’t safe™. Cybersecurity vulnerabilities represent additional failure modes and safety incidents not factored into traditional safety assessments. Consider safety when creating a business justification for cybersecurity risk assessments. Functional safety assessments are a well-established practice in machine and process automation. These assessments focus on random hardware failures or […]

Read More

White Papers by John Cusimano:

Integrating ICS Cybersecurity and Process Safety Management (PSM)

The majority of process plants today are controlled and operated by automation systems built on Ethernet TCP/IP networks and legacy Microsoft operating systems. These systems are vulnerable to cybersecurity breaches resulting in potentially significant risks. Standards have been developed on how to assess and mitigate cyber risks to these systems. This paper provides an introductory summary of these topics.

Read More