Blog

Cost considerations for burner management systems (BMS)

May 17, 2019

(and where picking safety integrity levels on burner management systems makes sense) Safety is always a primary concern at any industrial site, and for good reason. But how much should you pay for that safety? While that question may have seemed blasphemous in days gone by, in today’s highly competitive business environment, unnecessary costs of […]

Read More

Leveraging Mature Process Safety Risk Management Techniques to Address Industrial Cybersecurity Risk

May 8, 2019

Leveraging Mature Process Safety Risk Management Techniques to Address Industrial Cybersecurity Risk Functional safety assessments have been a well‐established practice since the 1990’s to help organizations identify and manage industrial hazards. One of the most important is the Process Hazard Analysis (PHA) requirement and its associated Hazards and Operability Study (HAZOP) methodology, a technique used […]

Read More

Parallels between pipeline leak detection and cyber breach detection

April 25, 2019

Pipeline leaks can have catastrophic effects on the environment, on communities, and on a company’s bottom line. A company could lose their license to operate, lose a fortune in revenue, and employees could face jail time. Simply put, no one wants leaks. As a result, pipeline companies invest considerable effort preventing, detecting, and responding to […]

Read More

Updated 5/20: aeSolutions is excited to be hosting ISA Houston Section’s May Cyber Camp

April 17, 2019

We were thrilled with the overwhelmingly enthusiastic response we had for these aeSolutions hosted classes which were taught by 3 different instructors. The original post with event details is archived below. “Thanks to the students whose active participation in the class made it successful!  I thoroughly enjoyed teaching the class and was pleasantly surprised how […]

Read More

Managing an Industrial Cybersecurity Program

April 10, 2019

A large, multi-site industrial manufacturer faces many challenges when developing and managing an industrial cybersecurity program.  What comes first? What are the priorities? How long should it take to implement mitigations? How do you measure progress? Many perform vulnerability and risk assessments which can produce hundreds of recommendations across dozens of sites. Some recommendations apply […]

Read More

Managing the Risk of IT-OT Convergence

April 1, 2019

Whether we like it or not — Information Technology (IT) and Operational Technology (OT) are converging.  In fact, most would say they already have converged to a large degree and this will continue until they are almost indiscernible in terms of the underlying technology.  While the benefits are incredible, convergence means industrial control systems (ICS) […]

Read More

How Can I Protect my Safety Instrumented Systems (SIS) from Cyber Threats?

March 26, 2019

In the past, many people believed that safety instrumented systems (SIS) were immune to cybersecurity issues because they were either completely separate, or they were connected, but independent from the control system. Unfortunately, in today’s world, that thinking can be very dangerous. Cybersecurity threats can have a significant impact on the availability and integrity of […]

Read More

S4: Getting a Handle on Consequences

February 6, 2019

John Cusimano, vice president of cybersecurity at aeSolutions, was recently featured in a panel at the S4X19 conference exploring the strengths and benefits of conducting a Cyber Process Hazard Analysis (CyberPHA) or Consequence-driven Cyber-informed Engineering (CCE) process.  A recent article on isssource.com highlighted some takeaways from that panel:   “In a CyberPHA we leverage processes […]

Read More

Operations is now an IT Shop. It needs to start acting like one.

January 30, 2019

Once, back in my consulting days, I did a quick IT inventory of a newly-installed industrial automation system I was working on: It was an EtherNet/IP-based network consisting of 65 multi-vendor switches, within which ran a Microsoft Domain containing 42 VM-hosted servers running 145 core pieces of multi-vendor software, arranged in two separately-located fully redundant ‘mini […]

Read More