Industrial Cybersecurity Blog

Building a cybersecurity program part 2 : Building a security culture & understanding the relationship between resiliency vs. security

September 24, 2019

There are three significant challenges when building a cybersecurity program. They are 1) getting executive commitment, 2) building a security culture, and 3) understanding the relationship between resiliency vs. security. Last week we looked at Getting executive commitment. Let’s look at the last two in more detail in this blog. Building a security culture Most […]

Read More

Building a cybersecurity program part 1 : Getting executive commitment

September 18, 2019

There are three significant challenges when building a cybersecurity program. They are 1) getting executive commitment, 2) building a security culture, and 3) understanding the relationship between resiliency vs. security. Let’s look at the first in more detail in this blog. Getting executive commitment From an executive perspective, there are two primary obstacles. The first […]

Read More

aeSolutions’ Cyber PHA featured on the Unsolicited Response Podcast: Truth or Consequences

June 12, 2019

The aeCyberPHA methodology is a practical application of the ISA 62443 cybersecurity risk assessment requirements. The method links realistic threat scenarios with known vulnerabilities and existing countermeasures and couples that with credible consequences from the PHA to determine cyber risk. Earlier this year, John Cusimano, vice president of cybersecurity at aeSolutions, participated in a panel […]

Read More

Leveraging Mature Process Safety Risk Management Techniques to Address Industrial Cybersecurity Risk

May 8, 2019

Leveraging Mature Process Safety Risk Management Techniques to Address Industrial Cybersecurity Risk Functional safety assessments have been a well‐established practice since the 1990’s to help organizations identify and manage industrial hazards. One of the most important is the Process Hazard Analysis (PHA) requirement and its associated Hazards and Operability Study (HAZOP) methodology, a technique used […]

Read More

Parallels between pipeline leak detection and cyber breach detection

April 25, 2019

Pipeline leaks can have catastrophic effects on the environment, on communities, and on a company’s bottom line. A company could lose their license to operate, lose a fortune in revenue, and employees could face jail time. Simply put, no one wants leaks. As a result, pipeline companies invest considerable effort preventing, detecting, and responding to […]

Read More

Updated 5/20: aeSolutions is excited to be hosting ISA Houston Section’s May Cyber Camp

April 17, 2019

We were thrilled with the overwhelmingly enthusiastic response we had for these aeSolutions hosted classes which were taught by 3 different instructors. The original post with event details is archived below. “Thanks to the students whose active participation in the class made it successful!  I thoroughly enjoyed teaching the class and was pleasantly surprised how […]

Read More

Managing an Industrial Cybersecurity Program

April 10, 2019

A large, multi-site industrial manufacturer faces many challenges when developing and managing an industrial cybersecurity program.  What comes first? What are the priorities? How long should it take to implement mitigations? How do you measure progress? Many perform vulnerability and risk assessments which can produce hundreds of recommendations across dozens of sites. Some recommendations apply […]

Read More

Managing the Risk of IT-OT Convergence

April 1, 2019

Whether we like it or not — Information Technology (IT) and Operational Technology (OT) are converging.  In fact, most would say they already have converged to a large degree and this will continue until they are almost indiscernible in terms of the underlying technology.  While the benefits are incredible, convergence means industrial control systems (ICS) […]

Read More