PAS in the News

  • Manufacturing Connection

    July 28, 2020
     Modular OT Cybersecurity Solution

    PAS Global announced Cyber Integrity now includes in-product expansion to support industrial organizations as they mature their OT cybersecurity capabilities. PAS also unveiled a new OT Inventory Assessment Service offered at no charge to qualified organizations.

    See more >

  • Utility Dive

    July 8, 2020
     Enel ransomware attack highlights the value of a top-down security culture

    Utilities in the United States face a growing threat from ransomware attacks, which create financial incentives for hackers beyond potential disruptions to the power grid. In response, energy companies are making security a priority. Matt Selheimer shares his thoughts on how to drive security strategies.

    See more >

  • Dark Reading

    June 30, 2020
     COVID-19 Puts ICS Security Initiatives 'On Pause'

    Security pros concerned that increased remote access to vulnerable operational technology and stalled efforts to harden OT environments puts critical infrastructure at greater risk. Mark Carrigan, COO at PAS, weighs in on the impact current circumstances have on cybersecurity considerations.

    See more >

  • Utlity Dive

    June 15, 2020
     Utility Ransomware Attacks Becoming More Sophisticated, New 'Honeypot' Operation Finds

    Security firm Cybereason created a fake industrial control network designed to look like an electricity company with operations in North America and Europe and watched as hackers broke in within three days by compromising an administrator password that was insufficiently secure. Matt Selheimer, CMO at PAS, discusses how this should be a wake up call for the industrial sector.

    See more >

  • IoT World Today

    June 12, 2020
     Developing a Critical Infrastructure Cybersecurity Strategy

    Given the blossoming of attacks on organizations — from energy to health care firms — the need for robust critical infrastructure cybersecurity has expanded. Matt Selheimer of PAS shares where and how OT security efforts should be prioritized.

    See more >

  • Archer News Network

    June 11, 2020
     New Info on Attack Campaign Against U.S. Utilities in 2019

    Researchers now say an attack group launched two different campaigns, LookBack and FlowCloud, targeting utilities in the U.S. last year. Mark Carrigan, COO at PAS, weighs in on the implications of these malware attacks.

    See more >

  • SC Media UK

    May 4, 2020
     Key 2020 Employee Security Policies According to Six Experts

    A top-down approach to cybersecurity works if the CEO and the Board pave the way. Six international experts, including PAS CEO & Founder Eddie Habibi, explain which security policies will strengthen employee cyber resilience in 2020.

    See more >

  • IoT World Today

    April 27, 2020
     Why Industrial Automation Security Should Be a Renewed Focus

    Industrial automation security is vital as manufacturers and critical infrastructure organizations weigh a technological reboot. PAS COO Mark Carrigan shares his concerns on the risk remote operations can pose.

    See more >

  • ISA Global Cybersecurity Alliance

    April 23, 2020
     The ISA Global Cybersecurity Alliance Reflects on the COVID-19 Crisis

    Matt Selheimer, CMO at PAS Global, shares the criticality of remote services at this time in the wake of COVID-19. PAS has re-doubled efforts to remotely support projects like OT cybersecurity workshops and functional designs and alarm philosophy, documentation, and rationalization.

    See more >

  • IndustrialCyber.co

    April 23, 2020
     Oil Prices Won’t Be Negative Forever. But the Oil Industry Will Never Be The Same

    The pandemic has shaken up the industry, leaving firms with more than the world could manage to burn and bankrupting some small companies. Eddie Habibi, founder and CEO of PAS, weighs in with his insights.

    See more >

  • Roadshow by CNET

    April 20, 2020
     Oil Prices Dip Into Negative Territory as Market Crashes

    The US oil market witnessed history as the price dived under $0 a barrel for the first time as the coronavirus pandemic bites. Eddie Habibi, founder and CEO of PAS, discusses the impact caused by an oversupply of crude oil, low demand for fuels due to the COVID-19 lockdown, and a shortage of storage capacity.

    See more >

  • IndustrialCyber.co

    April 2, 2020
     OT/ICS Vendors Offer Free Products and Services Through COVID-19 Outbreak

    PAS customers that have a current support agreement can access PAS University (self-paced) e-learning courses for no charge through June 30, 2020.

    See more >

  • TAG Cyber

    April 1, 2020
     Improving ICS Safety Through ICS Security

    PAS CMO, Matthew Selheimer, discusses the growing need for OT Integrity with the research team at TAG Cyber LLC. This informative and timely piece addresses the competing challenges and priorities of industrial cybersecurity, digitalization, and process safety.

    See more >

  • ISA Global Cybersecurity Alliance

    March 24, 2020
     Digitalization: Time for Some Straight Talk in the OT/ICS Community

    Mark Carrigan, COO at PAS, shares what is driving digitalization, the implications (both positive and potentially negative), and what the operational technology and industrial control systems (OT/ICS) community should be doing about it.

    See more >

  • ARC Advisory Group

    March 11, 2020
     Digital Transformation, Process Safety, and Cybersecurity: The Need for OT Integrity

    Eddie Habibi, CEO and Founder of PAS, discusses the need for greater OT Integrity in the era of digitalization and increasing cybersecurity risk with Larry O’Brien, VP of Research at ARC Advisory Group. Learn how actionable information is key to process safety, reliability, and profitability. Watch for this and many other critical topics.

    See more >

  • CSO

    March 2, 2020
     4 ways 5G will change your enterprise threat model

    The benefits that fifth-generation cellular networks will enable come with security risks that organizations need to pay attention to right now. Jason Haward-Grau, CISO at PAS, shares his concerns.

    See more >

  • The Wall Street Journal

    March 2, 2020
     5G Capabilities Create Information Security Challenges

    New 5G wireless communications technology will force companies to think differently about how they secure and manage critical information. Mark Carrigan, COO at PAS, advises organizations to assess the additional risks before deployment.

    See more >

  • ISS Source

    February 26, 2020
     Vulnerabilities Buried Deep in OT

    A process control network operates every day, and while the system may just keep chugging along, a little-known fact is there are exploitable vulnerabilities hidden – and built in to – all OT operations. Mark Carrigan, COO at PAS, shares results of research conducted on 10K industrial endpoints and the vulnerabilities exposed on those devices.

    See more >

  • KPRC Click 2 Houston

    February 7, 2020
     Cyberattacks Are Big Threat to Houston’s Vulnerable Oil and Gas Industry, Experts Say

    The United States is the world’s leading oil producer and Houston is the heart of it with 10 refineries producing more than 2.5 million barrels of oil each day. Add in dozens of chemical plants and the Houston area is a target-rich environment for cyber criminals. “The threats are real and they are happening,” said Eddie Habibi, founder and CEO of PAS.

    See more >

  • Manufacturing Connection

    January 24, 2020
     Continual Market Development Pays Off For Process Control Supplier

    PAS introduced an expanded Cyber Integrity offering with risk analytics for continuous operational technology (OT) endpoint security in March 2019. Following this milestone, the company marked record growth in the adoption of this solution across multiple geographies with leading organizations in the chemicals and oil & gas industries, in particular.

    See more >

  • Dark Reading

    January 24, 2020
     Ryuk Ransomware Hit Multiple Oil & Gas Facilities, ICS Security Expert Says

    Attackers have weaponized Active Directory to spread ransomware across at least five organizations in the oil and gas industry. Eddie Habibi of PAS shares recommendations on how to prepare for such an attack.

    See more >

  • IoT World Today

    January 21, 2020
     An ICS Security Checklist

    Because industrial control systems (ICS) security is complicated, it is vital to have comprehensive defenses. Jason Haward-Grau of PAS shares his take on some of the challenges.

    See more >

  • SecurityWeek

    January 21, 2020
     Design Weaknesses Expose Industrial Systems to Damaging Attacks

    PAS recently performed an analysis of industrial control systems (ICS). The results show that many products contain features and functions that have been designed with no security in mind, allowing malicious hackers to abuse them and potentially cause serious damage.

    See more >

  • Utility Dive

    January 16, 2020
     ISA Global Cybersecurity Alliance Triples Membership

    A worldwide cybersecurity alliance established last year by the International Society of Automation (ISA) has tripled its membership in just six months. ISA executive director Mary Ramsey said: "When we pair ISA's standards expertise with the real-world experience of companies like PAS, we can make major strides in advancing cybersecurity.

    See more >

  • Dark Reading

    January 14, 2020
     Industrial Control System Features at Risk

    Discover how some ICS product functions can be weaponized by altering their configurations. Mark Carrigan shares how PAS studied some 10,000 of its customers' ICS systems to pinpoint features that he describes as "delicate by design" with easily abused configuration capabilities.

    See more >

  • Utility Dive

    January 7, 2020
     Utilities 'Caught in the Crosshairs' as Us-Iran Tensions Rise; Experts Say Domestic Cyberattack Likely

    As tensions between the United States and Iran rise, observers say the Middle Eastern nation is likely considering a reprisal attack on critical domestic infrastructure — putting the utility sector square in the "crosshairs" of an international conflict. Read what those observers, including Mark Carrigan of PAS, have to say about the situation.

    See more >

  • SecurityWeek

    January 3, 2020
     VIDEO: The State of OT Cybersecurity - The Good, The Bad, and The Ugly

    Mark Carrigan of PAS provides a look at the state of OT cybersecurity with a focus on strategies that owner operators and IT and OT security teams can use to cut through the noise – presented at SecurityWeek's 2019 ICS Cyber Security Conference in Atlanta.

    See more >

  • Dark Reading

    January 3, 2020
     6 CISO New Year's Resolutions for 2020

    Dark Reading asks chief information security officers how they plan to get their infosec departments in shape next year. Jason Haward-Grau, CISO at PAS, shares his vision for 2020.

    See more >

  • IoT World Today

    December 3, 2019
     6 IoT Security Predictions for 2020

    As we transition to a new decade, there is growing maturity in the field of IoT security, but also a wave of new risks. PAS, along with other industry leaders, share security concerns that may impact industrial environments in the coming year.

    See more >

  • Dark Reading

    November 25, 2019
     13 Security Pros Share Their Most Valuable Experiences

    A valuable experience in PAS Global founder and CEO Eddie Habibi's security career was during his first gig as an independent OT consultant. Learn how a human error caused a near disaster and created a lasting passion for industrial process safety and OT cybersecurity.

    See more >

  • CNBC

    November 16, 2019
     The Energy Industry Practices for a ‘Black Swan’ Cyberattack That Could Take Down the Grid

    PAS Global founder and CEO, Eddie Habibi, discusses cyber risk to the US electrical grid and other critical infrastructure during GridEx, where the energy sector meets to conduct simulated cyber attacks on the power grid. In this CNBC interview, he shares how critical infrastructure is a high-risk target for cyber attacks and industrial organizations need to do more to prepare for the inevitable.

    See more >

  • Utility Dive

    November 4, 2019
     Security and Distributed Resources: An Attacker 'Will Eventually Get In'

    As the United States' electric system becomes more distributed, security experts say the growing array of internet-connected sensors and industrial control systems presents a potential vulnerability that is not clearly understood and could be exploited to cause blackouts.

    See more >

  • Dark Reading

    November 1, 2019
     Solar, Wind Power Utility Disrupted in Rare Cyberattack

    A cyberattack on the U.S. energy grid has just come to light, so to speak, which disrupted plant visibility at Utah-based sPower back in March. sPower, a Utah-based wind and solar provider, began experiencing a series of lost connections between its main control center and remote power-generation sites.

    See more >

  • SC Media

    November 1, 2019
     Energy Company Hit With DoS Attack Last Spring Identified as sPower

    “Even though, and thankfully, the operational area was not itself impacted… the simplicity of this attack should make generators sit up and take notice. This was a simple IT attack on an unpatched firewall, which was still vulnerable, in spite of the patch being available,” said Jason Haward-Grau, CISO at infrastructure/ICS security provider PAS Global.

    See more >

  • Dark Reading

    October 28, 2019
     5 Things the Hoodie & the Hard Hat Need to Know About Each Other

    For nearly 30 years, operational technology (OT) in industrial facilities was considered relatively safe from outside hacking risk. The so-called air gap between IT and OT, paired with the heavy use of proprietary industrial control systems, created a mindset of "security via obscurity."

    See more >

  • Utility Dive

    September 27, 2019
     US Electric Grid More Vulnerable to Cyberattacks as DERs Increase Potential Targets, GAO Finds

    According to a new assessment from the U.S. Government Accountability Office, industrial control systems and the rise of distributed resources play a major roles in the growing risk. The report recommends the FERC analyze the threat of a "coordinated cyberattack on geographically distributed targets" and consider beefing up its security requirements and compliance thresholds.

    See more >

  • Utility Dive

    September 24, 2019
     Phishing Campaign Continues to Target Utilities, Evolves Attack Techniques

    Security firm Proofpoint on Monday revealed that what appears to be a state-sponsored hacking campaign targeting the U.S. utility sector with malware dubbed "Lookback" has continued and grown more sophisticated since it was first revealed this summer.

    See more >

  • CNBC - Texas Ransomware Attacks Show Big Gaps in Cyber Defenses

    August 22, 2019
     Texas Ransomware Attacks Show Big Gaps in Cyber Defenses

    The ransomware attacks against more than 20 Texas towns this week are significant. Though little is known about the origins of the attacks, the spread of ransomware across small-town America has exposed a deep problem in how the country approaches cybersecurity. That’s because local governments commonly share single service providers, making many vulnerable at once.

    See more >

  • Control Design - PAS CMO answers 7 questions on the state of the industry

    August 20, 2019
     PAS CMO Answers 7 Questions on the State of the Industry

    A technology executive with more than two decades of experience in cybersecurity, IT operations and enterprise business applications, Matthew Selheimer reveals his thoughts on the state of the industry and how the company will continue to protect clients in the future.

    See more >

  • infosecurity

    July 9, 2019
     DOE, Industry Collaborate to Defend Power Utilities

    The Department of Energy (DOE) engaged in conversations with industry partners in order to advance the cybersecurity of industrial control systems in the nation’s critical infrastructure, including power utilities and pipelines, according to FedScoop and E&E News. “Private entities and key agencies formed a consortium over concerns industrial control systems (ICS) are increasingly being targeted by nation-states, hacktiv...

    See more >

  • FedScoop

    July 5, 2019
     DOE Teams with Industry on Pipeline Cybersecurity

    The Department of Energy is working with industry to craft recommendations in the next several months for increasing cybersecurity around pipeline critical infrastructure. Private entities and key agencies formed a consortium over concerns industrial control systems (ICS) are increasingly being targeted by nation-states, hacktivists and advanced persistent threats, but such incidents aren’t being discussed.

    See more >

  • E&E News

    July 3, 2019
     Promise and Peril Line Utilities' Path to Cloud Computing

    U.S. power utilities are crafting strategies for shifting their operations to the cloud, a once-unthinkable move filled with promise but dogged by questions about security and compliance. Cloud technology uses a virtual layer of software to marshal physical computing resources like data servers, allowing users to quickly draw the exact amount of processing power they need.

    See more >

  • Dark Reading

    June 27, 2019
     7 Ways to Mitigate Supply Chain Attacks

    Companies should secure vendor access to their environments through strong security at the perimeter, PAS Global's Haward-Grau says. This can include measures like multifactor authentication and segregated access protocols. "Where possible, ensure vendors are using your systems to access your environment," he says. "Specify their user capabilities as external users of your infrastructure."

    See more >

  • ARC Advisory Group

    May 30, 2019
     Executive Interview with Eddie Habibi of PAS

    At the most recent ARC Industry Forum in Orlando this past February, I had the pleasure of interviewing Eddie Habibi, Founder and CEO of PAS. You can see the video here at our YouTube Channel. We had a chance to discuss a wide range of topics, from the convergence of cybersecurity and safety to the importance of having a good backup and response plan in case of a cyber-attack. PAS has grown to be one of the leading OT...

    See more >

  • UberKnowledge

    May 16, 2019
     Operational Technology is Underrepresented in Cybersecurity

    Podcast: PAS CISO Jason Haward-Grau talks about cyber crime in OT and the huge impact it has on human life, infrastructure, and energy resources. He discusses the importance of frameworks in encouraging good, ethical behavior and shares his thoughts on digital consumer rights being determined by geography.

    See more >

  • Automation World

    May 9, 2019
     Putting the Pieces Together for a Secure Industry

    Cybersecurity has become intertwined—inescapably—with so much of the technology necessary to move industry forward and help manufacturers remain competitive. The cybersecurity ecosystem has also become more intertwined. Hardly a week passes without news of a new partnership among various types of suppliers within this community.

    See more >

  • Dark Reading

    April 15, 2019
     TRITON Attacks Underscore Need for Better Defenses

    As attackers focus on cyber-physical systems, companies must improve their visibility into IT system compromises as well as limit actions on operational-technology networks, experts say. Security experts have a warning for critical-infrastructure companies: The group behind the TRITON attack on industrial control systems is not unique.

    See more >

  • Security Week

    April 12, 2019
     Industry Reactions to New Triton Attacks on Critical Infrastructure

    News broke this week that the threat group behind the notorious malware known as Triton, Trisis and HatMan has targeted another critical infrastructure facility. The existence of Triton came to light in 2017 after the malware had caused disruptions at an oil and gas plant in Saudi Arabia. FireEye, which previously linked Triton to a research institute owned by the Russian government, recently analyzed the threat actor...

    See more >

  • IoT World Today

    April 11, 2019
     Trisis Malware Discovered at Additional Industrial Facility

    When cybersecurity researchers at Dragos and FireEye disclosed the so-called Triton malware targeting industrial safety systems, it was something of a revelation. Triton marked the first discovery of malware intended to cause physical destruction. The code did so by targeting an industrial safety instrumented system, but was, thankfully, not effective in causing disaster. The attack, also known as “Trisis,” was shrouded ...

    See more >

  • Dark Reading

    April 11, 2019
     Triton/Trisis Attacks Another Victim

    Yet another critical infrastructure organization was found infiltrated with the Triton/Trisis malware tools used in a 2017 attack that shut down the safety instrumentation system at a petrochemical plant in Saudi Arabia. FireEye Mandiant, here this week, revealed that it recently discovered the Triton/Trisis attack code installed at the second industrial organization and that it is currently working on an ongoing incide...

    See more >

  • SC Magazine

    April 10, 2019
     Second Triton/Trisis Critical Infrastructure Attack Spotted

    A second attack against a critical infrastructure target has been launched using the Triton/Trisis custom attack framework. FireEye researchers were able to attribute a second attack to the Russian group it fingered as being behind the initial 2017 attack that hit a petrochemical plant in Saudi Arabia through its industrial control system.

    See more >

  • Power Magazine

    April 10, 2019
     New TRITON/TRISIS Cyberattack Reported at Critical Infrastructure Facility

    Details about the attack are sparse, but FireEye and other experts warned that TRITON—also known as TRISIS—is an especially insidious attack framework because it is designed and deployed to modify application memory on safety instrumented system (SIS) controllers to prevent them from functioning correctly, increasing the likelihood of a failure and other physical consequences.

    See more >

  • Chemical Processing

    March 29, 2019
     Combat Cybersecurity Threats To Process Safety

    The quest for continuous improvement in the process industries always requires change. However, when not managed properly, change can lead to disaster. Chemical makers and refiners often use their industrial control system (ICS) — the cyber-physical assets responsible for automated controls and safety — as the platform for continuous improvement. At most sites, the ICS undergoes more changes than any other production ass...

    See more >

  • ARC Advisory Group

    March 21, 2019
     Video Interview: PAS Founder & CEO Eddie Habibi at the ARC Industry Forum 2019

    In this video from the ARC Forum 2019, Larry O’Brien, VP of Research from ARC Advisory Group, talks to Eddie Habibi, Founder and CEO of PAS Global, LLC about the importance of IT/OT convergence as well as OT cybersecurity and process safety convergence. They elaborate on the three most important OT cybersecurity considerations: building a complete and accurate ICS asset inventory, maintaining a baseline configuration and...

    See more >

  • DataCenter Knowledge

    February 26, 2019
     Is Your Data Center Power System Protected from Cyberattacks?

    Generators, uninterruptable power supplies, and power distribution units all help to maintain and control the power that runs the data centers. But they rarely pay enough attention to the cybersecurity controls on their power systems, even though these systems are proving to be vulnerable to cyberattacks.

    See more >

  • Automation World

    February 21, 2019
     In Search of Industrial Cybersecurity Experts

    Whether hiring an outsider or training someone in-house, there is always the perennial worry about someone poaching your ICS cybersecurity professional after you’ve invested in their training. There is no easy answer, Haward-Grau says—just the heavy lifting it takes to retain employees with hot skills. At PAS, he devotes a major portion of his CISO role to the care and feeding of his cybersecurity team. “You have to make...

    See more >

  • Dark Reading

    January 16, 2019
     Malware Built to Hack Building Automation Systems

    S4x19 -- Miami -- Researchers who discovered multiple vulnerabilities in building automation system (BAS) equipment have also constructed proof-of-concept malware to exploit some of those security weaknesses. Security researcher Elisa Costante and her team at ForeScout last summer created the test malware – a modular design that includes a worm that spreads itself among BAS devices – using intelligence they gathered over...

    See more >

  • Intelligent CISO

    January 15, 2019
     PAS Global Expert on How Best to Approach OT Cybersecurity

    ddie Habibi, founder and CEO of PAS Global, is considered a pioneer and thought leader in the fields of industrial control systems (ICS) cybersecurity, Industrial IoT, data analytics and operations management. He talks to Intelligent CISO here about why IT and OT security must come together to ensure industrial facilities remain secure, using best practice guidance from Christophe Rey-herme, CISO for industrial control

    See more >

  • TechTarget

    January 15, 2019
     How to Mitigate Risks Caused by Supply Chain Software

    Another way an organization can identify whether it's exposed to cybersecurity risks is by doing a risk assessment, said Eddie Habibi, founder and CEO of PAS Global, a provider of industrial control system cybersecurity in Houston. Many companies, including the big four consulting firms, offer this service, which provides clients with a checklist to ensure they are following certain methods and taking the right steps to ...

    See more >

  • IT Business Edge

    January 14, 2019
     Cybersecurity Predictions for 2019

    Another nation-state-related prediction warns of a convergence with organized crime. “In the past, organized crime played a significantly larger threat to the industry than nation-state attacks as the rise in opportunity and capability brought organized criminals into the arena,” said Jason Haward-Grau, CISO at PAS Global. “In 2019, dangerous nation-state alliances will be formed or further cemented, and these groups wil...

    See more >

  • ISS Source

    January 9, 2019
     Safety, Physical, Cyber Security Triangle Converging

    Any weakness an attacker can find in the security armor could be an entry point. “We are seeing attacks across all vectors, and the majority are still seen as transiting across the magic air gap from the enterprise into OT,” said Jason Haward-Grau, CISO at PAS Global. “The challenge is that we don’t tend to talk about the attacks that are happening unless necessary. In some cases, they aren’t even identified as cyber att...

    See more >

  • Security Infowatch

    December 26, 2018
     Cybersecurity Experts Ponder Looming 2019 Threats

    While CSOs and CISOs might not all agree on what their most dangerous threats are, they are certainly in unison when it comes to taking a more proactive than reactive approach to facing their challenges. As is our custom this time of the season, SecurityInfoWatch investigates our collective crystal ball – with the help of industry experts, of course – to predict what threats and challenges loom for 2019. The responses we...

    See more >

  • Cyberscoop

    December 21, 2018
     FBI Warns Industry that Hackers Could Probe Vulnerable Connections in Building Systems

    The building-automation sector has lagged behind others in network defense, experts said. While security practitioners have paid greater attention to the ICS field as a whole in recent years, the subsector of building automation has been neglected, said Eddie Habibi, founder of energy-security company PAS Global.

    See more >

  • Houston Business Journal

    December 6, 2018
     Industrial Cybersecurity Co. to Hire, Expand Clear Lake Headquarters

    “We are on a very critical mission,” said CEO Eddie Habibi. “When there is a successful attack on critical infrastructure, people get hurt. Molecules move, atoms move, electrons move and bad things happen.”

    See more >

  • Hydrocarbon Processing

    November 2018
     Viewpoint - Industry 4.0: Demystifying the Next Big Thing in Oil and Gas

    Until a few years ago, the term Industrial Revolution referred to the significant technological changes that began in the late 1700s with the advent of the steam engine, leading to the mechanization of work and the unprecedented economic growth and prosperity that followed. The age of the steam engine is now considered the first Industrial Revolution. The second Industrial Revolution began in the late 1800s with the prol...

    See more >

  • Chemical Engineering

    March 1, 2018
     A Cybersecurity Platform for Multi-Vendor Automation Systems

    This company’s Cyber Integrity 6.0 platform now includes continuous vulnerability management, providing immediate, comprehensive visibility into vulnerability risk within industrial process control networks. Cyber Integrity works across the multi-vendor automation environment, providing foundational cybersecurity, enterprise scalability and platform independence. It also automates internal and regulatory compliance repor...

    See more >

  • Dark Reading

    November 5, 2018
     Energy Sector's IT Networks in the Bulls-Eye

    Eddie Habibi, founder and CEO of ICS security firm PAS Global, says his firm has seen how IT network hacks can ultimately can be used to harm the human machine interfaces (HMI) of machines in the industrial network side, for example. That can allow an attacker to corrupt databases, for example, he says, or block the ICS/SCADA operator's view of a manufacturing process. But for attackers to truly disrupt or sabotage an...

    See more >

  • Oil & Gas Australia

    November 5, 2018
     How the Oil Industry Can Avoid Unseen Dangers in Operational Technology

    Attacks on OT systems are escalating rapidly, yet many oil and gas companies continue to focus cyber security efforts on IT-centric, rather than production-centric, endpoints. They also continue to rely on manual vulnerability management processes, leaving their industrial facilities exposed to unacceptable risks.

    See more >

  • Manufacturing Connection

    November 1, 2018
     Cybersecurity Viewed As Extension of Alarms and Safety Systems

    I asked PAS founder and CEO Eddie Habibi about his pivot to cybersecurity during our conversation this week. It’s not a pivot, he corrected me. Cybersecurity is a natural progression from all the work PAS has done since its founding. “Cybersecurity starts with knowing everything in the system from level 0 forward. This creates a baseline for change management. (PAS product) Integrity had that already, so we built analyti...

    See more >

  • Sequre World

    October 24, 2018
     There’s No Technological Panacea to Save ICS From Cyber Threats- You Need Strong Foundations

    “We’re chronically late to the party” starts Jason Haward-Grau, CISO at PAS, on stage “…because we’re still trying to learn the lessons from the last 10-15 years, while our adversaries are out there innovating.” He’s at CS4CA Europe 2018, speaking about securing industrial control systems (ICSs) by monitoring and detecting unauthorized change in the process control network (PCN).

    See more >

  • RiskXtra

    October 23, 2018
     Industrial Control Systems: Securing The Heartbeat of Critical Infrastructure

    For many years, cyber security for ICS was something of an afterthought. Security investments focused on the IT assets that drive business processes and personnel productivity. The primary objective for IT cyber security is to protect Intellectual Property and ensure availability of the IT assets. ICS were not considered to be a target because they were obscure, isolated from the IT networks and generally not of interest...

    See more >

  • Utility Dive

    October 15, 2018
     Grid Mod: Transactive and Distributed Tech Demand a New Approach

    Standardization is "generally helpful for the cybersecurity market," Habibi said. "However, standards generally provide guidelines that then must be expanded upon by operating companies." As the United States' electric grid is modernized, Habibi said the most important point may be to inventory and understand the industrial control systems that are connected and controlling vital equipment.

    See more >

  • SearchSecurity

    October 11, 2018
     U.S. Weapon Systems Cybersecurity Failing, GAO Report Says

    Jason Haward-Grau, CISO at PAS in Houston, agreed that it was good news that "these issues have been identified now, so they can be addressed." "Knowing where you are and where your vulnerabilities lie is the first step to being able to address it. Cybersecurity is now very much front and center in most organizations and the concepts of getting and keeping your house in order are gaining traction," Haward-Grau wrote via ...

    See more >

  • Security Brief Australia

    October 9, 2018
     Industrial Control Systems: How to Approach OT Cybersecurity

    To secure industrial facilities and ensure safe, reliable production, operational technology (OT) and IT security, traditionally two separate disciplines with different priorities, must come together to share cybersecurity and risk management best practices. PAS Global recently reached out to a panel of industry experts focused on OT cybersecurity risk mitigation and asked them to share their strategies for making indust...

    See more >

  • Hydrocarbon Processing

    October 3, 2018
     From the ICS Frontlines: Approaching OT Cybersecurity

    To secure industrial facilities and ensure safe and reliable production, operational technology (OT) and information technology (IT) security—traditionally two separate disciplines with different priorities— must collaborate to share cybersecurity and risk management best practices. We recently reached out to a panel of industry experts focused on OT cybersecurity risk mitigation and asked them to share their...

    See more >

  • Network World

    September 26, 2018
     Edge Computing is the Place to Address a Host of IoT Security Concerns

    First designed for the industrial IoT (IIoT), edge computing refers places placing an edge router or gateway locally with a group of IIoT endpoints, such as an arrangement of connected valves, actuators and other equipment on a factory floor. Because the lifespan of industrial equipment is frequently measured in decades, the connectivity features of those endpoints either date back to their first installation or they’ve ...

    See more >

  • Journal of Cyber Policy

    September 14, 2018
     Does the United States Need a National Cybersecurity Agency?

    According to Tamara Anderson, VP of Corporate Strategy and General Counsel at PAS, Global, which works in ICS security, “Consolidating the various federal cyber operations into a highly-functional, focused and coordinated organization is imperative.” She noted, however, “Rather than creating a hard-handed, authoritative regulating body, it’s crucial that a new cybersecurity agency collaborate effectively with the private...

    See more >

  • Security Boulevard

    September 5, 2018
     Meeting the Security Challenges for ICS, OT

    perational technology (OT) makes our factories run and ensures the critical infrastructure can fulfill its services. Yet, when we talk about manufacturing and systems in terms of cybersecurity, the focus tends to be on protecting the IT networks, rather than protecting OT.

    See more >

  • Information Management

    August 24, 2018
     National Women's Equality Day a Reminder of Inequality in Cybersecurity

    August 26 is dedicated to celebrating women’s equality nationally. But when it comes to the cybersecurity field, how can we celebrate when the lack of women in the tech and cyber field is plainly evident and conferences such as RSA, Black Hat and Identiverse are being criticized for not selecting women to keynote any sessions?

    See more >

  • Journal of Cyber Policy

    August 24, 2018
     Black Hat 2018: The ICS Conversation

    The subject of Industrial Control Systems (ISCs) came up frequently at Black Hat 2018. The threats are very real, with serious potential consequences in the event of a successful attack. “It’s about safety. Your unknown, Reagan-era hardware might control valves and pipes that could explode if they get overloaded by an attack,” remarked CEO Eddie Habibi.

    See more >

  • Oilfield Technology

    August 20, 2018
     The Oil Industry’s Unseen Dangers: OT Cyber Vulnerabilities

    Attacks on OT systems are rapidly escalating, yet many oil and gas companies continue to focus cybersecurity efforts on IT-centric, rather than production-centric, endpoints. Scott Hollis, Director of Product Management at PAS, looks at how the oil industry can avoid the unseen dangers in operational technology.

    See more >

  • ECT News Network

    August 14, 2018
     Def Con Voting Machine Hacks Ruffle Feathers

    The security of the election infrastructure needs the same attention that protection of the nation's critical infrastructure has been getting, maintained Eddie Habibi, CEO of PAS, a provider of security software for industrial control systems, based in Houston, Texas.

    See more >

  • SecurityBrief Australia

    August 13, 2018
     How Nation-State Attacks Impact Businesses

    With tensions between global superpowers rising, cyber attacks have become a new frontier for governments to gain an advantage over one another. SecurityBrief spoke to PAS Global CEO and industrial cybersecurity veteran Eddie Habibi about nation-state attacks, the motivations behind them, and how organisations get caught in the crossfire.

    See more >

  • Security Guy TV

    August 8, 2018
     Security Guy TV: Live Black Hat 2018 Interview

    PAS Founder and CEO Eddie Habibi talks to Chuck Harold of Security Guy TV live at Black Hat 2018.

    See more >

  • Bloomberg

    August 7, 2018
     Utilities Prepare for Increased Cyberattacks on the Electric Grid

    More electric utilities and energy companies are turning to cybersecurity vendors for protection against attempted attacks, a growing threat highlighted by the recent disclosure of Russian hacking into their communications networks last year. The U.S. utility sector faces millions of attempted cyber intrusions a day. Duke Energy, one of the largest power companies in the nation serving 7.6 million customers reported mo...

    See more >

  • AutomationWorld

    August 3, 2018
     Russian Attacks on U.S. Industry Continue

    No doubt you saw the flurry of news last week from the Department of Homeland Security about Russian hackers accessing isolated, secure, air-gapped networks at power generation utilities. DHS noted that the hackers gained access to the utilities’ networks by first breaking into the networks of the utilities’ trusted vendors. The hackers were able to do this by using tools like spear-phishing emails and watering-holes to ...

    See more >

  • Threatpost

    July 25, 2018
     Podcast: The Industrial World is Facing a Security Crisis

    Eddie Habibi, the CEO of industrial IoT security company, sounds off on how to secure the increasingly connected industrial control space. As more industrial systems become connected, so follows increased awareness of security issues surrounding industrial control systems, programmable logic controllers and SCADA. These once rare worlds of operational technology (OT) and IoT have now become part of the mainstream cybe...

    See more >

  • ISS Source

    July 25, 2018
     Political Ploy or Not, Industry Needs to Act

    A chill spread over the manufacturing automation sector this week as a warning released from the Department of Homeland Security (DHS) regarding Russian infiltration of energy sector systems and networks. More details on the advanced persistent threat (APT) attacks did release from an earlier March warning and some recommendations were made to help protect organizations.

    See more >

  • Process & Control

    June 25, 2018
     The Right Remedy for OT Vulnerability

    Industrial process and power companies struggle to effectively manage OT cybersecurity vulnerabilities and risks. This threat is expanding, and such vulnerabilities are considerably harder to identify and remediate than IT vulnerabilities. The sophistication and effectiveness of recent industrial cyber attacks, such as the Triton/Tritos malware attack in 2017, demonstrate that it is more important than ever to identify a...

    See more >

  • June 18, 2018
     D.C. Distributed Energy Proposal Draws Concerns of Increased Cybersecurity Risks

    According to Eddie Habibi, CEO at PAS, a cybersecurity company offering services to the energy and power industries, the risk of cyber attacks is very real. An attack could cause a loss of power in a large area of the country for an extended period of time, and can be almost as bad as any natural disaster.

    See more >

  • Control Engineering

    June 4, 2018
     Security's Role in Manufacturing Automation

    Advances in technologies can lead to great things for the manufacturing automation sector, but everyone has to keep in mind security has to play a key role. "With new technologies and new advancements, we can see unintended consequences," said Eddie Habibi, chief executive and founder of PAS Global during his keynote address at the PAS 2018 Optics conference in Houston. "This is no different than working in a process pla...

    See more >

  • Utility Dive

    June 1, 2018
     DOE Cybersecurity Report Reveals 7 'Gaps' in Power Sector Defense Capabilities

    The U.S. Department of Energy on Wednesday made public an August 2017 report that concluded there are more than a half dozen "capability gaps" in the power sector's ability to respond to a cyberattack on the electric grid. A power outage due to a cyberattack has never happened in this country, but hacking attempts are on the rise and a recent focus on industrial control systems (ICS) by would-be intruders has upped the ...

    See more >

  • InfoSecurity

    May 29, 2018
     What Lies Beneath - Avoiding the Unseen Dangers of OT Vulnerabilities

    Given the sophistication and effectiveness of recent industrial cyber-attacks, such as the Ukrainian power grid attack in 2015, the Industroyer/CrashOverride malware attack in 2016, and the Triton/Trisis malware attack in 2017, it is more important than ever to identify and remediate operational technology (OT) vulnerabilities. However, industrial process and power companies still struggle to effectively manage OT cybers...

    See more >

  • Utility Dive

    May 21, 2018
     Five Ways the Utility Industry Can Mitigate Cyber Incidents

    With the rising urgency of threats to the power grid, cybersecurity is becoming prioritized along with safety. A strategy based on rules, enforcement and awareness needs to be applied to the power, oil and gas sectors, according to PAS CEO and Founder, Eddie Habibi.

    See more >

  • SC Magazine

    April 19, 2018
     Critical Infrastructure Needs Shoring Up after U.S., U.K. Blame Russia for Attacks

    The U.S. is prepared to take aggressive action against Russia for a recent, extended campaign of cyberattacks on infrastructure assets around the world by compromising devices such as routers and firewalls, the White House cybersecurity coordinator, who has since left his position, said Monday. “When we see malicious cyberactivity, whether it be from the Kremlin or other nation-state actors, we are going to push back,”

    See more >

  • ISS Source

    April 18, 2018
     U.S., UK OT Alert on Russians Hackers

    Critical infrastructure, governments and Internet service providers (ISPs) are all areas Russian state-sponsored hackers are targeting on a global basis, according to a joint technical alert released this week. The focus of the attacks are “government and private-sector organizations, critical infrastructure providers, and the Internet service providers (ISPs) supporting these sectors,” according to the alert released by...

    See more >

  • U.S. News & World Report

    April 13, 2018
     Can the Law Stop Ransomware?

    Stunning ransomware attacks like those that recently hobbled Atlanta and Baltimore have thus far defied a legislative solution, with lawmakers in only a handful of states having criminalized the activity and experts skeptical that harsher laws would even make a difference. The attack on Atlanta last month, which reportedly struck five of 13 city agencies and forced some 8,000 city workers to take their computers offli...

    See more >

  • Automation World

    April 13, 2018
     Managing the Consequences of Cyber Threats

    General Michael Hayden, a retired U.S. Air Force four-star general and the former Director of the National Security Agency (NSA) and Central Intelligence Agency (CIA), has extensive knowledge and understanding of how to handle conflict and combat. During his time serving in a variety of senior positions, including responsibility for a combat support agency of the Department of Defense, as the Commander of the Air Intelli...

    See more >

  • ISS Source

    April 11, 2018
     PAS: Avoid Unintended Consequences

    Advances in technologies can lead to great things for the manufacturing automation sector, but everyone has to keep in mind security has to play a key role. “With new technologies and new advancements, we can see unintended consequences,” said Eddie Habibi, chief executive and founder of PAS Global during his Tuesday keynote address at the PAS 2018 Optics conference in Houston, TX. “This is no different than working i...

    See more >

  • ISS Source

    April 11, 2018
     PAS: Cyber a New Domain

    Technology is advancing across all industries and it is making them smarter and more agile, but attack vectors are also on the rise, which means industry leaders need to understand who and what they are facing. “The faster we go, the more ‘behinder’ we get,” said General Michael Hayden, principal at the Chertoff Group and former Director of the CIA and the NSA, during his keynote address Tuesday at the PAS 2018 Optics...

    See more >

  • Automation World

    March 28, 2018
     The Infiltration of U.S. Control Systems

    CERT Alert TA18-074A removed any doubts that hostile nation states are actively targeting U.S. industrial control systems. On March 15, 2018, we all learned that the long-discussed cyber-attack on industrial control systems (ICS) had actually happened. Of course, many attacks on ICSs have happened before, but this one—with the backing of a nation-state—is the one that has been most feared.

    See more >

  • CSO Magazine

    March 19, 2018
     8 Questions to Ask About Your Industrial Control Systems Security

    Do you have a real cybersecurity-focused ICS strategy in place, or are you force-fitting IT security policies on your industrial control systems? A recent incident where a likely nation-state threat actor inadvertently shut down a critical infrastructure facility in the Middle East when testing new malware has stoked widespread concerns about the vulnerability of industrial control systems (ICSs) to new cyberthreats. Man...

    See more >

  • SC Magazine

    March 12, 2018
     MuddyWater APT Campaign Flowing Again

    The MuddyWater campaign appears to be rising to the surface again with researchers finding similarities between this older cyberespionage attack and a new one targeting Turkey, Pakistan and Tajikistan. Trend Micro researchers believe the latest series of incursions is related to last year's MuddyWater incidents, which were discovered by Palo Alto's Unit 42, as each uses official looking documents purporting to be from...

    See more >

  • Dark Reading

    February 22, 2018
     Anatomy of an Attack on the Industrial IoT

    We like to think that cyberattacks are focused primarily on stealing credit card numbers and that attackers don't know much about the control systems that run critical infrastructure. Unfortunately, that's just wishful thinking. In 2017, we saw an increasing number of threat actors bypass existing network perimeter security controls to perform sophisticated reconnaissance of industrial process control networks (PCNs). Th...

    See more >

  • Automation World

    February 19, 2018
     Cross-Industry Collaboration at Heart of Cybersecurity Agreement

    With major cyber attacks like WannaCry, NotPetya and Triton affecting not only consumer entities but manufacturing and energy sectors as well, 2017 could be the year that industry finally took notice of the growing threat to industrial control systems. Does that also mean 2018 will be the year that industrial companies take the steps necessary to prevent the next attack?

    See more >

  • Automation World

    February 15, 2018
     Making Sense of the ICS Cybersecurity Market

    The convergence of industrial control networks and operational technology (OT) with traditional information technology (IT) has been a “coming attraction” for years. But the growth in ICS cyber attacks is a sign that convergence is finally here. In the past, securing control systems was not a major concern because they were air gapped -isolated from IT and the rest of the enterprise -running on proprietary protocols, emb...

    See more >

  • ISS Source

    February 7, 2018
     ICS Connected to Net: Beware of Hype

    It is very easy to get caught up in the hype and hysteria surrounding cybersecurity and not understand facts behind a barrage of data. In the end, it is all about context. That idea comes into play after a report released earlier this week saying the amount of industrial control systems (ICS) now accessible over the Internet increased over the previous year.

    See more >

  • ISS Source

    January 29, 2018
     PAS Releases Cyber Integrity 6.0

    PAS Global released its PAS Cyber Integrity 6.0, which includes continuous vulnerability management providing visibility into risk within industrial process control networks. With traditional IT vulnerability management, Cyber Integrity also addresses proprietary industrial control systems that comprise 80 percent of a facility environment.

    See more >

  • Dark Reading

    January 25, 2018
     Industrial Safety Systems in the Bullseye

    No doubt it could have been far worse - even catastrophic. An apparent misstep by the attackers behind the malware now known as TRITON/TRISIS that was discovered embedded in a Schneider Electric customer's safety system controller late last year fortunately failed, causing two of the safety instrumented systems (SISes) to shut down an industrial process in the plant. That outage led to the discovery of the customized bac...

    See more >

  • Dark Reading

    January 23, 2018
     Fallout from Rushed Patching for Meltdown, Spectre

    The performance hit with the patches is especially painful for the industrial environment, which is both a juicy target for attack as well as highly disruption-averse. "In the world of critical infrastructure, where safety and availability are paramount, updates that carry this kind of baggage are simply not applied immediately," says Eddie Habibi, founder and CEO of PAS Global.

    See more >

  • Help Net Security

    January 19, 2018
     New Infosec Products of the Week​: January 19, 2018

    PAS Cyber Integrity 6.0 now includes continuous vulnerability management providing visibility into vulnerability risk within industrial process control networks. Cyber Integrity moves beyond traditional IT vulnerability management by also addressing the proprietary industrial control systems that comprise 80 percent of a facility environment.

    See more >

  • Plant Services

    January 15, 2018
     Trust is Not a Strategy for Cybersecurity

    Digitalization adds significant value despite the cyber risk. “Don’t fear connectivity – the benefits are too great,” says Eddie Habibi, founder and CEO of PAS Global. On the other hand, he cautions, the threat of cyberattack is imminent and proven; critical systems are vulnerable; and “every minute, day, or month that you put off securing your systems, they remain at risk.”

    See more >

  • The Security Ledger

    January 15, 2018
     Episode 79: Hackable Nukes and Dissecting Naughty Toys

    In this week’s Security Ledger Podcast episode, the UK -based policy think tank Chatham House warned last week that aging nuclear weapons systems in the U.S., the U.K. and other nations are vulnerable to cyber attacks that could be used to start a global conflagration. We talk with Eddie Habbibi of PAS Global about what can be done to secure hackable nukes.

    See more >

  • ARC Advisory Group

    January 12, 2018
     Enabling Continuous Vulnerability Management for Industrial Control Systems

    Industrial companies have made significant investments in cybersecurity technologies to protect their plants and industrial control systems (ICS). But many companies are unable to keep up with the never-ending stream of new vulnerability alerts from suppliers and groups like ICS-CERT. This leaves many plants at risk of serious cyber incidents, jeopardizing safety and operational reliability.

    See more >

  • Silicon Angle

    January 11, 2018
     Report Claims Hackers Could Start a Nuclear War through Vulnerable Weapons Systems

    A think tank today published a report that claims that nuclear weapon systems in both the U.S. and U.K. are vulnerable to hacking and that hackers could potentially start a nuclear war. The claim comes from Chatham House in its report “Cybersecurity of Nuclear Weapons Systems: Threats, Vulnerabilities and Consequences,” which details the history of nuclear weapons systems and the inherent risks built into them.

    See more >

  • Networks Asia

    January 7, 2018
     Our Top 7 Cyber Security Predictions for 2018

    Given what’s happened in 2017 — the Equifax breach, state-sponsored attacks, Russian manipulation of social media, Wannacry, and more phishing scams than we can count — you might not be looking forward to 2018. Breaches will be bigger, hackers will be smarter, and security teams and budgets won’t seem to keep pace.

    See more >

  • ISSSource

    December 20, 2017
     ICS Alert: USB Malware Attack

    Security provider Nyotron found an advanced malware campaign attempting to attack a company’s Middle Eastern critical infrastructure clients. “On December 11, 2017 at 01:21 a.m., a night-shift employee working at an around-the-clock critical infrastructure facility located in the Middle East plugged a USB drive into a shared workstation that dozens of the company’s employees use on a daily basis.”

    See more >

  • Control Global

    December 19, 2017
     You Can Be a Cybersecurity Badass - Part 2

    Of course, the ultimate aim of any cybersecurity effort is the same as any other plant-floor initiative from basic loop control to advanced process optimization and safety—keep the application running as efficiently and profitably as possible. However, because there's no "set it and forget it" with cybersecurity due to constantly evolving probes and threats, a secure network and the communications traffic on it must be c...

    See more >

  • IT World

    December 18, 2017
     Our Top 7 Cyber Security Predictions for 2018

    Given what’s happened in 2017 — the Equifax breach, state-sponsored attacks, Russian manipulation of social media, Wannacry, and more phishing scams than we can count — you might not be looking forward to 2018. Breaches will be bigger, hackers will be smarter, and security teams and budgets won’t seem to keep pace.

    See more >

  • AutomationWorld reports on cyber attack in critical infrastructure

    December 18, 2017
     Cyber Attack Hits Safety System in Critical Infrastructure

    Industry is abuzz over reports issued by both FireEye and Dragos about a cybersecurity incident that took place at a critical infrastructure facility in the Middle East. The malware referred to as Triton is significant to our community because it is not only part of an increasing focus of attacks on industrial control systems (ICSs), but it is the first to directly target a safety instrumented system (SIS).

    See more >

  • CSO announces top cybersecurity predictions for 2018

    December 18, 2017
     Our Top 7 Cyber Security Predictions for 2018

    Given what’s happened in 2017 — the Equifax breach, state-sponsored attacks, Russian manipulation of social media, Wannacry, and more phishing scams than we can count — you might not be looking forward to 2018. Breaches will be bigger, hackers will be smarter, and security teams and budgets won’t seem to keep pace. Some things will get worse before they get better, but we expect real progress in a few areas.

    See more >

  • Automation.com

    December 11, 2017
     What Lies Beneath – Avoiding the Unseen Dangers of OT Vulnerabilities

    A recent Accenture survey found that 76 percent of utility executives in North America believe the country faces a moderate risk of interruption to electricity due to a cyberattack. The full truth is that much more infrastructure than power generation is at risk. Process control networks (PCNs) in critical infrastructure sites − refineries, chemical plants, and manufacturing facilities − all have potential danger swimmin...

    See more >

  • CRN

    December 6, 2017
     2017 Internet Of Things 50: 15 Coolest Industrial IoT Companies

    Here are CRN's 15 coolest industrial IoT companies that are leveraging their channel to deploy analytics and data monitoring tools on the industrial floor, deploy connected smart equipment, and ultimately bridge IT with operational technology.

    See more >

  • Automation World

    December 5, 2017
     Industrial Cybersecurity Predictions

    2017 was certainly a year in which industry seemed to become more focused on cybersecurity. But with so much activity in this sector, making sense of it all is tough. Here are some insights into potential new developments for 2018. Eddie Habibi, founder and CEO of PAS—a cybersecurity and asset and operations management technology supplier—recently shared his thoughts on what he called “seven seismic trends” he expects to...

    See more >

  • SecurityBrief Asia

    November 24, 2017
     Industrial Security Provider PAS Joins RSA Ready Technology Program

    Global industrial control systems security provider PAS Global’s Cyber Integrity platform has now become completely interoperable with RSA NetWitness Suite. PAS is a solution provider of industrial control system (ICS) cybersecurity, process safety and asset reliability in the energy, power and process industries. The interoperability means that industial process companies that use RSA NetWitness can access further secur...

    See more >

  • Dark Reading

    November 13, 2017
     Emerging IT Security Technologies: 13 Categories, 26 Vendors

    In the category of ICS Security - Tools for enabling the security, confidentiality, and integrity of network-connected SCADA and industrial control systems. Founded in 2014, PAS provides cybersecurity, asset management, and process safety products for the power, process, and energy industries. Factors to Watch include a strategic global partnership with Siemens for real-time monitoring of control systems Platform-i...

    See more >

  • IIoT World


     12 Predictions for ICS Cybersecurity in 2018

    What does 2018 hold for ICS cybersecurity? Here are seven seismic trends Eddie Habibi sees happening in the world of ICS cybersecurity: Disclosing a Critical Infrastructure Cyber Attack Will Be Mandatory: The lack of a mandate to disclose attacks on corporations continues to hinder accurate intelligence gathering, targeted defensive strategies against an evolving threat landscape, and appropriate offensive respons...

    See more >

  • ISS Source

    November 1, 2017
     How to Find an APT Attack

    Critical infrastructure presents high value targets that if exploited can produce significant political or financial gain – more than retail or financial industry targets we tend to see in the news,” said David Zahn, GM of the cybersecurity business unit at PAS. “The reason is that the industrial control systems that sit at the end of the industrial facility’s kill chain control in many cases volatile process.

    See more >

  • eSecurity Planet

    October 25, 2017
     Understanding the Threat: Bad Rabbit Ransomware Spreads Worldwide

    The United State Computer Emergency Readiness Team (US-CERT) is warning of a new ransomware campaign called Bad Rabbit, which appears to be a variant of the Petya ransomware that was first detected in early 2016. "US-CERT discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored," US-CERT stated in an alert. "Using unpatched and unsupported software may inc...

    See more >

  • Security Week

    October 23, 2017
     DHS, FBI Warn of Ongoing APT Attack Against Critical Infrastructure

    The Department of Homeland Security and Federal Bureau of Investigation have issued a joint technical alert warning that government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors are subject to an ongoing attack campaign from an advanced actor, most probably Dragonfly (aka Crouching Yeti and Energetic Bear).

    See more >

  • eWeek

    October 23, 2017
     US-CERT Warns of Active Attacks Against Industrial Control Systems

    US-CERT issued a technical alert advisory on Oct.21 warning of advanced persistent threat activity targeting energy and other critical infrastructure sectors across the U.S. The technical alert was compiled with information provided from both the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). According to the analysis, energy, nuclear, water, aviation and critical manufacturing sec...

    See more >

  • eSecurity Planet

    October 13, 2017
     North Korean Hackers Hit U.S. Electric Companies with Spear Phishing Attacks

    Eddie Habibi, CEO of PAS Global, told eSecurity Planet by email that as tensions continue to rise between the U.S. and North Korea, we should expect the intensity of cyber attacks on U.S. critical infrastructure to rise as well. And while critical infrastructure is as prepared as it has ever been for phishing attacks, Habibi said, it's not well prepared for the consequences of attacks that provide the attackers with "ac...

    See more >

  • Dark Reading

    October 11, 2017
     North Korean Threat Actors Probe US Electric Companies

    September spear phishing attack appeared to be more reconnaissance activity than sign of impending attack, FireEye says. Known threat actors based in North Korea recently targeted several US electric companies in a spear-phishing campaign that appeared to be more of an early reconnaissance mission than an attempt to cause any immediate disruption.

    See more >

  • Security Week

    October 11, 2017
     North Korean Hackers Targeted U.S. Electric Firms: Report

    Hackers likely affiliated with the North Korean government seem to lack the ability to disrupt the U.S. power supply, according to a new report from FireEye. The state-sponsored actors conducted a reconnaissance attack against electric companies in the United States on Sept. 22, 2017, via spear-phishing emails, but the incident did not lead to a disruption, the security company reports.

    See more >

  • InfoSecurity

    October 11, 2017
     North Korea Targets US Power Grid

    As the saber-rattling between US President Donald Trump and North Korean leader Kim Jon-Un continues, reports have surfaced that the DPRK had plans to hack the American power grid, while also successfully targeting the South Korean Ministry of Defense.

    See more >

  • ISA

    October 10, 2017
     Protecting the ICS from Cyberthreats

    Effectively meeting ICS cybersecurity challenges begins by recognizing that OT is uniquely different from IT. IT systems manage digital bits of information. OT systems drive production by monitoring and directly controlling physical devices, such as circuit breakers at power stations that distribute electricity and the valves and compressors at refineries that produce gasoline. While attackers focusing on enterprise IT s...

    See more >

  • ISA

    October 10, 2017
     Beyond Alarm Management

    Alarm management’s powerful infrastructure extends to many other important uses. Once you have accomplished alarm system improvement, what is next? Can you leverage the software and work processes in place for alarm management to achieve other significant improvements? Many companies are doing exactly that.

    See more >

  • IT Pro Today

    February 5, 2018
     Q&A: Siemens Industrial Security Exec on Cyber Priorities

    Decades ago, the term “industrial security” primarily referred to safeguarding physical assets. With the rise of connected industrial control systems, the focus expanded to keep remote intruders out. In both cases, industry professionals often approached security as a mission to keep some malevolent “other” out of their premises and away from critical machinery. While the threat of external threat actors is very real, th...

    See more >

  • CyberWire

    September 27, 2017
     The WannaCry Ransomware Pandemic: Sloppy but Dangerous. What about ICS?

    WannaCry infections have resumed, but at a slower rate, as the kill switch in the original version is removed. A now warned and worried online world is working to secure itself against this second, apparently less virulent, variant of the ransomware. Attribution, which is still at a very circumstantial and preliminary stage, continues to point toward North Korea. Technical experts think they've found evidence of connecti...

    See more >

  • SmartBrief

    September 25, 2017
     Siemens, PAS Team Up for Control System Monitoring

    Siemens and PAS Global have announced a partnership to provide real-time monitoring for industrial control systems. The companies' combined technology will provide customers with the tools to identify proprietary assets and to detect and respond to threats to control systems.

    See more >

  • Utility Products

    September 21, 2017
     Monitoring System: Fleet-Wide, Real Time Monitoring for Control Systems

    Siemens, a global engineering and technology provider, and PAS Global, a provider of industrial control system (ICS) cybersecurity solutions, announced an agreement to provide fleet-wide, real time monitoring for control systems. By leveraging the capabilities of both companies, this partnership will provide customers with: (1) deep analytics required to identify and inventory proprietary assets; and (2) visibility to de...

    See more >

  • ARC Advisory Group

    September 20, 2017
     Siemens and PAS Strike Up Partnership to Provide Essential Industrial Control System Cybersecurity

    Siemens, a global engineering and technology company, and PAS Global, a leading provider of industrial control system (ICS) cybersecurity solutions, announced an agreement to provide fleet-wide, real-time monitoring for control systems. By leveraging the unique capabilities of both companies, this partnership will be able to provide customers with: (1) deep analytics required to identify and inventory proprietary assets;...

    See more >

  • Compressor Tech

    September 20, 2017
     Keeping Assets Safe From Cyber Attacks

    Siemens has announced an agreement with U.S.-based PAS Global, a global provider of industrial control system (ICS) cybersecurity solutions, to provide fleetwide, real time monitoring for control systems. The agreement will provide customers with the deep analytics required to identify and inventory proprietary assets and the visibility to detect and respond effectively to attacks across the operating environment, Sieme...

    See more >

  • Diesel & Gas Turbine Worldwide

    September 19, 2017
     Keeping Things Secure From Cyber Attacks

    Siemens has announced an agreement with U.S.-based PAS Global, a global provider of industrial control system (ICS) cybersecurity solutions, to provide fleetwide, real-time monitoring for control systems. The agreement will provide customers with the deep analytics required to identify and inventory proprietary assets and the visibility to detect and respond effectively to attacks across the operating environment, Sieme...

    See more >

  • Automation World

    September 19, 2017
     Siemens and PAS Team to Provide ICS Security in Energy

    With a focus on protecting the critical infrastructure industries of utilities and oil and gas, the partnership combines control system knowledge and analytics with deep domain expertise and response. It takes a village to raise a child. It also takes a village to protect your assets. In the energy industry—where use of digital technologies is growing to help boost revenues and efficiencies, and where cyber attacks have ...

    See more >

  • Control Design

    September 19, 2017
     Siemens and PAS Global Partner to Address ICS Cybersecurity

    Siemens has announced it has partnered with industrial control system (ICS) cybersecurity solutions company PAS Global, to provide stronger visibility and security across the ICS - particularly in the oil and gas and utility sectors. According to Siemens, the partnership will increase visibility to detect and respond effectively to attacks across the operating environment, provide deep analytics required to identify and ...

    See more >

  • Hydrocarbon Processing

    September 19, 2017
     Siemens, PAS Announce Partnership to Provide Industrial Control System Cybersecurity

    Siemens and PAS Global, a provider of industrial control system (ICS) cybersecurity solutions, announced an agreement to provide fleet-wide, real time monitoring for control systems. By leveraging the unique capabilities of both companies, this partnership will provide customers with deep analytics required to identify and inventory proprietary assets; and visibility to detect and respond effectively to attacks across th...

    See more >

  • Security Week

    September 19, 2017
     Siemens, PAS Partner on Industrial Cybersecurity

    Engineering giant Siemens and PAS, a company that specializes in cyber security solutions for industrial control systems (ICS), announced on Tuesday a new strategic partnership. The goal of the partnership is to provide organizations the capabilities needed to identify and inventory assets, including distributed and legacy control systems, and provide visibility for detecting cyber threats and unauthorized engineering c...

    See more >

  • Dark Reading

    September 19, 2017
     Siemens' New ICS/SCADA Security Service a Sign of the Times

    Now meet the next big thing for Siemens and other major ICS/SCADA equipment vendors: managed security services. Siemens today kicked up a notch its existing network monitoring and security services with the addition of anomaly detection technology from PAS that monitors all brands of industrial and computing equipment – not just its own - on a plant network.

    See more >

  • CRN

    September 19, 2017
     IoT Company PAS, Siemens Pair Up To 'Bridge The Visibility Gap' For Manufacturing Assets

    PAS, a startup focused on securing connected manufacturing floors, has announced it will team up with industrial heavyweight Siemens to help better secure operational technology. Siemens and PAS will partner "bring the best in breed technology" that helps manufacturing companies gain stronger visibility and security across legacy control assets and industrial control systems, particularly in the oil and gas and utility ...

    See more >

  • eSecurity Planet

    September 6, 2017
     Critical Infrastructure Compromised: New Cyber Attacks Hit Energy Companies in U.S., Turkey, Switzerland

    The Dragonfly group now appears to be focused on compromising operational networks. Symantec researchers recently uncovered a new wave of cyber attacks targeting the energy sector in Europe and North America, with the potential to disrupt operations at target companies. The group behind the attacks, known as Dragonfly, has been in operation since 2011 but was relatively quiet for a while after it was first exposed in 20...

    See more >

  • Wall Street Journal

    September 6, 2017
     Cyber Matters: Examining the Threat Against Industrial Control Systems

    The risk of industrial-control systems being targeted with cyberattacks has long concerned operators, governments and vendors, but fears of widespread attacks crippling critical infrastructure have so far failed to materialize. Now, that risk only appears to be growing because of the availability of attack tools, and evolving motivation of digital adversaries. Industrial-control systems, or ICS, are found mainly in ener...

    See more >

  • ISS Source

    September 6, 2017
     Power Grid Compromise

    In what should be a surprise to no one: A series of attacks compromised energy companies in the United States and Europe which led to bad guys gaining access to grid operations to the point where they could flip the switch on power. A report released by Symantec Wednesday revealed attacks by a group it is calling Dragonfly 2.0, which it said targeted dozens of energy companies since 2015.

    See more >

  • CRN

    September 4, 2017
     30 Internet Of Things Executives Whose Names You Should Know

    As IoT continues to mature, more executives have come forward with their engineering and sales expertise to offer their insights on how to best monetize the market. CRN has compiled a list of the top executives making a mark in IoT – whether they are top executives charged with leading vendors' overarching IoT strategies, solution provider executives at the front of the IoT sales charge, or thought leaders who are close...

    See more >

  • Automation World

    August 25, 2017
     Facing Serious Threats in Critical Infrastructure

    Doomsday scenarios might sound like hype, but the increasing number of cybersecurity incidents we’ve seen in electric, water, nuclear and other critical facilities are trials for larger attacks. It’s difficult to write about cybersecurity without sounding like Chicken Little. I know that the more I flap my wings, the more you might ignore me altogether. Doomsday messages don’t strike fear; our overhyped message receptors...

    See more >

  • ISS Source

    August 25, 2017
     Fighting FUD From DC

    If anyone thought fear, uncertainty and doubt (FUD) as an approach to cybersecurity ended a long time ago, then view the latest report coming out of Washington saying there is a narrow and fleeting window to prepare for and prevent “a 9/11-level cyber-attack” against the U.S. critical infrastructure. That FUD induced comment came from a report the Presidential National Infrastructure Advisory Council (NIAC) just released...

    See more >

  • Dark Reading

    August 17, 2017
     Critical Infrastructure, Cybersecurity & the 'Devil’s Rope'

    How hackers today are engaging in a modern 'Fence Cutter War' against industrial control systems, and what security professionals need to do about it. The Homestead Act of 1862 promised US citizens that if they settled and farmed frontier land for five years, it was theirs to own. One of the primary challenges settlers faced was finding fencing materials to protect their crops from open-range cattle. Barbed wire was inve...

    See more >

  • Naked Security

    August 3, 2017
     Researchers Display “CAN Do” Skill in Vehicle DoS

    Add one more to the lengthening list of ways your connected car can get hacked. The NCCIC/ICS-CERT (National Cybersecurity and Communications Integration Center/Industrial Control Systems Cyber Emergency Readiness Team) issued an “alert” late last week following the release of a research paper on, “a vulnerability in the Controller Area Network (CAN) Bus standard with proof-of-concept (PoC) exploit code affecting CAN Bus.”

    See more >

  • ISS Source

    August 2, 2017
     PAS’ Alarm Mechanic Hikes Plant Safety

    PAS Global LLC released its PlantState Suite (PSS) 8.3 featuring Alarm Mechanic. The new feature helps improve process plant safety and console operator performance minimizing nuisance alarms through automated analytics and recommendations. PlantState Suite makes power and process plant operators more effective at identifying, evaluating, and managing alarms.

    See more >

  • ISS Source

    August 2, 2017
     Black Hat: ICS Security Movement

    In the ICS environment, it is all about understanding what security means and then adapting to and adopting a culture much like the industry did 40 years ago or so when it came to safety. “It is all about changing cultures,” said Eddie Habibi, founder and chief executive at PAS, who attended Black Hat USA 2017 in Las Vegas, NV, for the first time this year and sat down for a few moments to share his thoughts on the evolv...

    See more >

  • The Hill

    July 26, 2017
     Obama Cyber Czar: Trump State Department Needs Cybersecurity Office

    Former President Obama's cyber czar on Wednesday piled on the criticism of a rumored Trump administration plan to shutter the State Department's cybersecurity coordinator office. Michael Daniel told The Hill that cybersecurity is an issue "that crosses multiple desks at the State Department."

    See more >

  • Automation World

    June 29, 2017
     Another Cybersecurity Wake-Up Call—Answer It

    When the WannaCry ransomware attack hit Windows-based computers worldwide last month—debilitating the British National Health Service and affecting hundreds of thousands of computers worldwide—it was a big headline. But in the month and a half that’s passed since then, it seems to have become just another day in the news. Attack after attack is coming through, and it should be very clear—because it apparently wasn’t clea...

    See more >

  • Dark Reading

    June 26, 2017
     Look, But Don't Touch: One Key to Better ICS Security

    How do we fix industrial control systems cybersecurity? Experts say better visibility is essential to improving ICS/SCADA security. But infosec teams will never gain that visibility until they stop trying to observe ICS environments through the eyes of IT professionals. There are fundamental differences in IT and OT (operational technology) gear, processes, and people, say experts.

    See more >

  • Dark Reading

    June 21, 2017
     WannaCry Forces Honda to Take Production Plant Offline

    In an example of just how persistent modern cyberthreats can be, automaker Honda Motors had to temporarily stop production at its Sayama plant in Japan this week after being hit by WannaCry, a malware threat the company thought it had mitigated just one month ago. The nearly 48-hour shutdown impacted production of about 1,000 vehicles at the facility, which does engine production and assembly for a line of vehicles incl...

    See more >

  • SecurityWeek

    June 16, 2017
     Industry Reactions to 'CrashOverride' Malware: Feedback Friday

    Researchers described some theoretical attack scenarios involving this malware and warned that the threat could be adapted for attacks on other countries, including the U.S., and other sectors. Contacted by SecurityWeek, industry professionals shared some thoughts on the threat posed by CrashOverride/Industroyer, and provided recommendations on how organizations can protect their systems.

    See more >

  • CNBC

    June 15, 2017
     Nightly Business Report

    Eddie Habibi, Founder and CEO of PAS, talks to Andrea Day at CNBC about cybersecurity risks for the oil and gas infrastructure. Cybersecurity experts say that oil and gas infrastructure is a target of hackers, and if successful could potentially shut down or interrupt production.

    See more >

  • ISS Source

    June 12, 2017
     ICS Malware Linked to Grid Attack

    There is a piece of malware believed to have been used in the December Ukraine substation attack that targeted power grids, researchers said. The malware ended up discovered by ESET, which called it Industroyer. The company also shared some data with ICS cybersecurity company Dragos, which tracks it as CRASHOVERRIDE and the attacker that uses it as ELECTRUM.

    See more >

  • Automation World

    May 17, 2017
     Will WannaCry Be Industry’s Cybersecurity Wake-Up Call?

    Possibly the biggest cybersecurity news item to come across the wires since Stuxnet was last week’s news about WannaCry. WannaCry is a type of malware referred to as ransomware because it blocks access to the infected computer’s data until a ransom is paid to regain access. It began infecting Windows-based computers worldwide on Friday, May 12, 2017, through phishing emails and a self-propagating worm feature in the malw...

    See more >

  • IICA Technology Expo

    May 17, 2017
     Expert’s Insights on How to Address Wanna Cry Ransomware Types of Attacks

    Last week Wanna Cry cyberattack infected tens of thousands of computers, from manufacturing to hospitals and big industrial organizations, a great opportunity for ICS players to talk about their products/solutions as there were no catastrophic damages yet. In the first phase, the majority of players expressed their opinion about the consequences that such an attack might have on OT. What is the solution to protect a fact...

    See more >

  • ISS Source

    May 15, 2017
     How to Protect Against ‘WannaCry’

    WannaCry hit over 200,000 computers, from manufacturing to medical, in at least 174 countries starting Friday and through the beginning of this week and this ransomware attack could easily be prevented if manufacturers just follow some basic steps. The malicious code relied on victims opening a zip file emailed to them and from there the ransomware package used a patched flaw in the Microsoft operating system software to...

    See more >

  • SecurityWeek

    May 12, 2017
     Industry Reactions to Trump's Cybersecurity Executive Order

    U.S. President Donald Trump signed an executive order on Thursday in an effort to improve the protection of federal networks and critical infrastructure against cyberattacks. The executive order states that the heads of departments and agencies will be held accountable for managing cybersecurity risk. They are required to use NIST’s Framework for Improving Critical Infrastructure Cybersecurity to manage risk, and they m...

    See more >

  • CSO Magazine

    May 12, 2017
     Mixed Reviews for Trump’s Executive Order on Cybersecurity

    The reviews of President Donald Trump’s Executive Order (EO) on cybersecurity were coming in within hours of its signing yesterday afternoon, and they were most definitely mixed. There was general agreement that the intent of the EO – delayed more than three months from late-January, when it was originally scheduled to be signed – was good.

    See more >

  • ISS Source

    May 11, 2017
     Industry OK with Trump Security EO

    The cybersecurity executive order contains suggestions considered good ideas by experts, including holding agency heads accountable for cybersecurity. “President Trump’s cybersecurity executive order (EO) addresses the right areas of concern – updated federal systems, critical infrastructure, deterrence, workforce education, and more,” said Eddie Habibi, chief executive and found of Houston-based PAS. “Thankfully, the ex...

    See more >

  • IIoT World

    May 5, 2017
     2017 – The “Silence Before the Storm” When it Comes to ICS Breaches

    Cyberespionage is now the most common type of attack seen in manufacturing, the public sector and now education, warns the Verizon 2017 Data Breach Investigations Report, which was published a week ago. Much of this is due to the high proliferation of propriety research, prototypes, and confidential personal data, which are hot-ticket items for cybercriminals. Nearly 2,000 breaches were analyzed in this year's report and...

    See more >

  • TechTarget

    April 28, 2017
     Pretexting is a Rising Threat According to 2017 Verizon DBIR

    The 2017 Verizon Verizon Data Breach Investigation Report both highlighted big threats of which the industry is already aware, such as ransomware, as well as under-the-radar threats like pretexting, which can be extremely dangerous in certain situations. The data in the 2017 Verizon Data Breach Investigation Report (DBIR) was gathered from 65 organizations across the world, including analysis of 42,068 incidents and 1,93...

    See more >

  • IIoT World

    April 28, 2017
     CEO IIoT Insights: How Can You Secure What You Cannot See in an Industrial Enterprise?

    Companies are flying blind when it comes to 80% of the cyber assets that exist within an industrial process facility. They lack sufficient visibility into what assets they have and how they are configured. Without this data, basic cybersecurity questions remain difficult to answer. For example, did an unauthorized change occur, where are my vulnerabilities, and can I recover quickly if the worst case scenario happens? W...

    See more >

  • eWeek

    April 27, 2017
     VC Cash Infusion Helping Security Vendors Bolster Efforts

    PAS Global mentioned in eWeek. VC Cash Infusion Helping Security Vendors Bolster Efforts. Securing industrial control systems is a growing market for cybersecurity vendors, which is why Houston-based PAS announced on April 11 that it raised $40 million in a new round of funding. The new funding was led by Tinicum L.P.

    See more >

  • CyberScoop

    April 27, 2017
     Verizon’s Annual Data Breach Report is Depressing Reading, Again

    The takeaway from the 10th annual Verizon Data Breach Investigations Report is depressingly familiar: Of the 1,935 breaches analyzed, 88 percent were accomplished using a familiar list of nine attack vectors, meaning they could probably have been prevented by a few simple cyber-hygiene measures.

    See more >

  • Fast Company

    April 27, 2017
     Why Even Our Water Supply Is Not Safe From Hackers

    “Weapons of mass destruction don’t have to be physical bombs that move from one location to another—they can be these ticking bombs in these control systems that …cause severe damage and bring down the critical infrastructure of a country.” says Eddie Habibi, founder and CEO of the Houston-based ICS security firm PAS.

    See more >

  • Automation World

    April 27, 2017
     Investments Boost Industrial Cybersecurity

    You’ve likely noticed an increase in the number of new entrants into the industrial control system (ICS) cybersecurity field over the past year or so. Even longstanding companies in this space have been expanding their cybersecurity-related products and services. Further evidence of the increasing interest in this space can be seen in the outside investments being made here. A case in point is the investment of $40 milli...

    See more >

  • Automation.com

    April 17, 2017
     PAS announces $40 million investment to fuel cybersecurity efforts

    PAS, a provider of ICS cybersecurity, process safety, and asset reliability solutions for the energy, power, and process industries, announced a $40 million growth investment by Tinicum, L.P. and certain affiliated funds managed by Tinicum Incorporated (“Tinicum”). Tinicum is a private investment partnership focused on late stage investments in manufacturing, energy, technology, media, and infrastructure.

    See more >

  • SecurityWeek

    April 14, 2017
     Veteran Industrial Cybersecurity Firm PAS Raises $40 Million

    With deep roots in software solutions for process safety and asset reliability for industrial firms, Houston, TX-based PAS announced this week that it has taken a $40 Million investment that will be used to fuel its Industrial control system (ICS) cybersecurity business. PAS has been around for 23 years and says its solutions are deployed in more than 1,100 facilities globally in more than 70 countries.

    See more >

  • ISS Source

    April 12, 2017
     PAS Looks to Expand Security Business

    PAS gained a $40 million growth investment from Tinicum, L.P. This funding round is a move to expand PAS sales and marketing as well as increase research and development for its security software product, Cyber Integrity. Cyber Integrity protects critical infrastructure from risks associated with rising Industrial Internet of Things (IIoT) adoption, malicious cyber attacks, and insider threats.

    See more >

  • WSJ

    April 11, 2017
     Tinicum Invests $40 Million in Industrial Software Maker PAS

    PAS Global, LLC, a maker of software for industrial businesses, secured a $40 million growth investment from Tinicum. The Houston-based company sells software that monitors the security and safety of industrial control systems for more than 520 customers including chemical, refining and power generation companies.

    See more >

  • Houston Business Journal

    April 11, 2017
     After $40 million capital raise, Houston cybersecurity firm outlines growth plans

    Houston-based PAS Global LLC announced April 11 it has raised $40 million in its first capital raise as it plans to triple its headcount over the next three years. PAS is a cybersecurity company that largely services the oil and gas industry. Founded in Clear Lake in 1993, the company now has roughly 150 employees.

    See more >

  • eSecurity Planet

    April 11, 2017
     PAS Raises $40M in New Funding to Secure Industrial Control Systems

    Securing Industrial Control Systems (ICS) is a growing market for cybersecurity vendors, which is why Houston-based PAS announced on April 11 that it is raising a new $40 million round of funding. The new funding was led by Tincum L.P. The new money will be used by PAS to help grow the company's go-to-market efforts as well as its technology development.

    See more >

  • CRN

    April 11, 2017
     Industrial IoT Security Company PAS Raises $40 Million Funding

    Houston's PAS, a security firm focused on industrial control systems, has raised $40 million as the company looks to expand its channel program for operational technology (OT) security. PAS, which provides security for industrial control systems – including distributed control systems, programmable logic controllers, turbo machinery controls, and compressor control systems – wants to broaden its sales approach and invol...

    See more >

  • Power Magazine

    April 1, 2017
     The Future Is Now: Connected Power Plants Are Here

    While there are undeniably potential security risks related to connecting a power plant’s systems, that should not necessarily be a deterrent to doing so, according to Mark Carrigan, COO of PAS Inc. The potential benefits of integrating IIoT technology into a plant’s operation can outweigh the cybersecurity risks, as long as the plant operator addresses the risks, he said.

    See more >

  • SC Magazine

    February 23, 2017
     Trump Gets Mixed Reviews on Cybersecurity, One Month In

    There is some debate on whether a 60-day cybersecurity review is worthwhile. Let's not miss the irony of a leaked executive order as a proof point that our federal government needs better security around information. Can officials perform such a review in time to provide solid recommendations? Many departments can as they've performed this exercise previously.

    See more >

  • SecurityWeek

    January 23, 2017
     Overhyped Media Reports Bad For ICS Security: Experts

    Overblown media reports describing critical infrastructure incidents can have a negative impact on cybersecurity in the industrial control systems (ICS) sector, experts have warned. The number of attacks aimed at ICS has reportedly increased in the past year and several incidents have been disclosed to the public. However, some of the mainstream media reports covering these attacks have been sensationalized or inaccurate.

    See more >

  • SecurityWeek

    January 17, 2017
     Critical Infrastructure Security: Risks Posed by IT Network Breaches

    There have been several incidents recently where a critical infrastructure organization’s IT systems were breached or became infected with malware. SecurityWeek has reached out to several ICS security experts to find out if these types of attacks are an indicator of a weak security posture, which could lead to control systems also getting hacked.

    See more >

  • Dark Reading

    January 10, 2017
     Molecular Cybersecurity Vs. Information Cybersecurity

    When it comes to industrial processes, security begins at the molecular level. Not all cybersecurity risk is created equal. Case in point: when Sony was hacked, information was stolen, systems were wiped, and society was temporarily deprived of a Seth Rogan movie. These were mostly bad outcomes, and Sony certainly suffered a significant financial loss.

    See more >

  • SC Magazine

    December 20, 2016
     The State of Nation-State Attacks

    Attacks on government and private sector targets are rampant. Experts are skittish when it comes to attribution, reports Larry Jaffee. Electric grids remain a target for cyberattacks, notes David Zahn, general manager of the cybersecurity business unit for PAS, a Houston-based provider of process safety, cybersecurity and asset services for the energy, power, and process industries.

    See more >

  • The Huffington Post

    December 15, 2016
     Security Companies Seek Information Sharing, Standards From Trump Administration

    Operations management and cybersecurity company PAS anticipates an uptick in cybersecurity regulation, but warns that doesn’t always lead to tightened security. “Federal regulation is a double-edged sword,” says David Zahn, general manager of cybersecurity at PAS. “On one side, it forces nationwide attention and, more importantly, investment that might otherwise happen too slowly. Unfortunately, good compliance does not...

    See more >

  • Help Net Security

    December 2016
     ICS Cybersecurity: Futurism vs. Here and Now

    (Page 27) Dire prognostications make for great headlines, but not every crystal ball gives an accurate picture of the future. If we want to find existential threats in the here and now, we need look no further than cybersecurity within industrial facilities and power plants. Unlike breaches that lead to financial or information loss, a breach within an industrial site can bring injury to people and environment as well as...

    See more >

  • Threatpost

    December 12, 2016
     German Industrial Giant Victim of Cyber Espionage

    Data stolen from ThyssenKrupp may not yield hackers a huge payday, but instead enable them to cause significant damage to future operations of the company, according to David Zahn, general manager of PAS, an industrial control system cybersecurity firm. “Instead of making a large cash withdrawal, hackers could disrupt production or worse; cause significant physical damage to production equipment, the environment or even ...

    See more >

  • Automation World

    October 2016
     Safety Lifecycle Management

    PAS rolls out IPL Assurance software with real-time predictive analytics that monitor the health and availability of Independent Protection Layers which enable operators to ascertain the overall risk profile of a facility. The safety structure of complex process control systems is designed in multiple layers in order to ensure an equipment “event” is caught way before it starts. This multi-tiered set up is based on Safet...

    See more >

  • The UK Register

    October 2016
     Schneider Electric Plugs Gaping Hole in Industrial Control Kit

    David Zahn, general manager at PAS, Inc, a provider of industrial control systems cybersecurity technology, added that further flaws along the lines of the one successfully resolved by Schneider are inevitable because industrial control technology was never designed with security in mind. “It is good that cybersecurity companies are disclosing these vulnerabilities and following good ethical disclosure practices, but no...

    See more >

  • IT World Canada

    October 2016
     Another Warning of a Vulnerability in Industrial Control Systems

    David Zahn, general manager at PAS, Inc., a provider of ICS cybersecurity, was at the session and said in an email that it is good that cybersecurity companies are disclosing these vulnerabilities and following good ethical disclosure practices. But, he added, no one should be surprised that such vulnerabilities exist.

    See more >

  • ISS Source

    October 2016
     Process Analytics Safety Tool Launches

    Safety risk remains a top priority for all companies in the process industries, but knowing if and when an incident may occur is not so cut and dried. Along those lines, PAS Inc. launched a tool Wednesday that can not only provide visibility into what is going on, it can also offer real-time predictive analytics on the health and availability of the safety instrumented systems (SIS), alarm management systems, and other I...

    See more >

  • Automation World

    October 2016
     How to Keep Shutdowns from Becoming Disasters

    In process industries like oil and gas and chemicals, the ability to identify shifts in patterns that could eventually cause problems is critical. That’s because a seemingly simple issue, like a pump malfunction, could result in a not so natural disaster. From oil spills to gas leaks and fires, manufacturing incidents are still fairly frequent. And when death, injury and environmental destruction are involved, company ex...

    See more >

  • Chemical Engineering

    October 2016
     You Cannot Secure What You Cannot See

    In industrial facilities, cyber incidents typically result from three basic scenarios: a malicious attack from an outside individual or group; a cyber incident that results from an engineer making a mistake that alters a control process or diminishes safe operations; or the work of a disgruntled employee or ex-employee. No matter which of these scenarios you believe is real or presents the most risk, companies must take ...

    See more >

  • Processing Magazine

    September 2016
     Combatting the Insider Threat

    Visibility into a facility’s proprietary control system configurations is a prerequisite for cybersecurity. According to IBM’s 2016 Cyber Security Intelligence Index report, 44.5 percent of all cyberattacks in 2015 — up from 31.5 percent the previous year — were perpetrated by malicious insiders. An additional 15.5 percent resulted from inadvertent actors. Process plants are not immune to these attacks.

    See more >

  • March 2016
     Interview: Eddie Habibi, CEO of PAS at the ARC Industry Forum

    Founder and CEO of PAS interviews with the ARC Advisory Group at the 2016 ARC Industry Forum. ARC Advisory Group is the leading technology research and advisory firm for industry and infrastructure. Their coverage of technology and trends extends from business systems to product and asset lifecycle management, Industrial IoT, Industry 4.0, supply chain management, operations management, energy optimization and automation...

    See more >

  • Chemical Engineering

    March 2016
     Understand and Cure High Alarm Rates

    Modern distributed control systems (DCS) and supervisory control and data acquisition (SCADA) systems are highly capable at controlling chemical processes. However, when incorrectly configured, which is often the case, they also excel at another task - generating alarms. It is common to find alarm rates that exceed thousands per day or per shift at some chemical process industries (CPI) facilities. This is a far greater...

    See more >

  • Automation World

    January 2016
     Taking Abnormal Situation Management to the Outer Limits

    As the plant floor becomes more connected, so do abnormal situations—which can originate from anywhere in the enterprise. To help operators navigate this new universe of anomalies, suppliers are turning to artificial intelligence and machine learning technologies that enable proactive situational awareness vs. reactive alarm management.

    See more >

  • January 2016
     Industrial IIOT: An Opportunity for Fast-Moving Innovators; a Threat to Slow-Moving...

    The Industrial Internet of Things (IIoT) presents a unique opportunity to speed up the slow-moving technology adoption lifecycle that is inherent to the industrial sector for operational technologies (OT). This is a sector that – for all the right reasons related to safety, security, and continuity – is relatively slow to adopt new technologies.

    See more >

  • December 2015
    Using Process Graphics to Maximize Operator Effectiveness

    For three decades, the process industries have been using sophisticated Distributed Control Systems (DCS) or Site Control And Data Acquisition (SCADA) systems for process control. These use real-time process control graphics as the Human-Machine Interface (HMI) for the operator. But when we installed these systems, there were no available guidelines as to what constituted a “good” graphic.

    See more >

  • November 2015
    Securing Industrial Control Systems from the Inside and Out

    For the last several months, officials from PAS have been traveling the globe talking to manufacturing executives about best practices for securing industrial control systems (ICS). A few years ago these trips were focused on educating companies on the vulnerabilities of the ICS. But today, interestingly, CIOs and cybersecurity professionals understand that the safeguards currently in place only scratch the network surface.

    See more >

  • November 2015
    A New Take On ICS Cybersecurity

    Industrial Control Systems (ICS) Cybersecurity risks have become so public that CEOs and Board members are sponsoring projects within their companies and raising visibility of the issue. PAS Inc. CEO Eddie Habibi and General Manager of Cybersecurity and CMO David Zahn shared that news with me during a conversation this week regarding the release of a new version of PAS Cyber Integrity (5.0).

    See more >

  • November 2015
     IT/OT Convergence Rolls On

    PAS, which is well known for its Integrity software, has perhaps solved the problem with its new release of Cyber Integrity 5.0, a part of the PAS Integrity Software Suite, according to David Zahn, general manager of the cyber security business unit at PAS. PAS Cyber Integrity is based upon the proven PAS Integrity platform, and it automates internal and regulatory compliance reporting while reducing associated efforts b...

    See more >

  • July 2015
    Pick the Real Culprit

    Standards on alarm management have continued to evolve since the June 2009 publication of ISA-18.2, the first true standard on alarm management applicable to U.S. companies. Alarm management standards went global in October 2014 with the release of the international standard IEC 62682.

    See more >

  • May 2015
     PAS Adds Cybersecurity Business Unit

    Recognizing the need for a bulletproof security framework for industrial control systems, PAS Inc., a provider of asset and configuration management for distributed control systems (DCS), has formed a new Cyber Security Business Unit focused on providing products and services to protect the core configuration of the control system. In addition to the announcement of a new division, PAS rolled out the latest version of it...

    See more >

  • May 2015
     Security Evolution at PAS

    Cyber security issues continue to grow throughout the manufacturing automation sector and that is becoming clearer with new players trying to capitalize on the latest buzzwords to garner a foothold, but sometimes the answer to a problem has been in front of you all along. At least that is what PAS believes as the Houston-based asset reliability provider today launched a new cyber security business unit focused on configu...

    See more >

  • April 2015
     Technology Toolbox: Security Inside and Out

    Protecting industrial plants and their machines, networks, information systems, and personnel from threats is a management duty. New tools are designed to help companies comply with NERC’s Critical Infrastructure Protection (CIP) requirements, OSHA’s Process Safety Management (PSM) standards, the ISA/IEC-62443 standards, and other external and internal security measures. Following are products meant to help companies man...

    See more >

  • February 2015
     Modern Age Plant Safety: Are We Pulling a Car with an Old Horse?

    Human error ties to all industrial accidents in one shape or form. “Hold on! Pumps fail and cause incidents all the time,” you might say. Yet, why do pumps fail? Often it is due to improper maintenance. Sometimes it might be because of shoddy design. Even with the pump failing to perform, there is still often an opportunity to avoid an incident if a console operator takes timely corrective actions. No matter the situatio...

    See more >

  • Chemical Processing

    January 2015
     Interest Builds in State-Based Control

    State-based control isn’t new but chemical companies now are showing increasing interest in the approach, according to vendors such as ABB, PAS, ProSys and Siemens. This has much to do with the 2010 launch of the ISA106 committee on Procedure Automation for Continuous Process Operations by the International Society for Automation, Research Triangle Park, N.C. Prior to this, only a small number of chemical companies, nota...

    See more >

  • Automation World

    July 2014
     Upgrading that '70s Interface

    The move to distributed control systems that deliver data in a digital format made old interfaces obsolete. But what some thought were improvements were actually obstacles. Today, understanding human error and ability, as well as industrial processes, helps engineers think like operators when it comes to redesigning control rooms and alarm-management systems. BASF and Southern Company explain what they’ve done.

    See more >

  • Industrial Automation Insider

    June 2014
     PAS: The Little Engine that Could! PAS Technical Conference 2014

    PAS is celebrating their 20th anniversary. Founder Eddie Habibi and his team threw a much larger party for the PAS Technology Conference 2014 than you'd expect from the company size. It was a respectable sized User Group meeting, too, with over 130 people from several countries in attendance. The conference keynotes by Eddie Habibi and FBI Special Agent Angela Haun were proceed by a press conference in which PAS CEO Habi...

    See more >

  • ISS Source

    February 2014
     Integrated Platform Boosts Human Response

    When you think about the automation, asset reliability and mechanical reliability we’ve been investing in our plants for the past 40 years, it’s no wonder we’ve designed in some pretty amazing technologies to boost overall plant reliability. While the mechanical side has seen an upturn, the human side of reliability needs some work.

    See more >

  • InTech

    December 2013
     Next Frontier: Operator-Automation Relationship

    Preclude operator error, improve safety and profitability. Industrial control systems are ocmplex designs, but they do not give much consideration to the needs of the human operator. This oversight has caused serious and costly accidents. By empowering operators with the right hman-automation relationship tools, companies will achieve and exceed their goals.

    See more >

  • Automation.com

    October 2013
     As Built Documentation Goes Real-Time, Supports Cyber Security & Greater Efficiency

    Anyone in the automation profession has experienced frustration in troubleshooting a problem or adding something new to control systems where the “as built” documentation does not match the installed system. This gap in documentation results in a significant amount of wasted man-hours and increased MTTR (Mean Time To Repair). In addition, cyber security requirements and regulations require up-to-date “as built” documenta...

    See more >

  • Automation World

    October 2013
     Process Safety Futures

    Conventional control systems are inherently limited in their ability to make cognitively complex decisions. Most operations are based on central operator consoles that require training and need close attention. They display too much data and too little relevant information. In crisis situations, with many hundreds and even thousands of simultaneous alarms, physical cooperation and communications become overwhelming and h...

    See more >

  • Automation World

    May 2013
     Trend Watch: Cyber Security Dashboards for NERC CIP Compliance

    Southern Company’s approach to NERC CIP compliance holds lessons for the manufacturing and processing industries as cybersecurity becomes a business imperative. For Southern Company, cybersecurity is not optional. They are required to address NERC cybersecurity standards, which, according to Southern Company’s systems analyst Larry Spoonemore, includes: maintaining an inventory of all assets and cyber devices/systems at ...

    See more >

  • Automation World

    May 2013
     Trend Watch: Operator HMI Development

    Industry conferences frequently offer a great chance to see new technologies up close along with the opportunity to hear various end users talk about their experience with those technologies. Less frequently, however, do you catch a bit of insight that could harbinger technology applications across industry.

    See more >

  • Automation World

    April 2013
     Barriers to Human Reliability

    The PAS conference in Houston last week primarily focused on the concept of Human Reliability, which, in essence, is the science of minimizing human error in service of greater safety, compliance and, ultimately, profitability. Highlighting the fact that this idea is not simply a pet concept of PAS—which is rebranding itself as “The Human Reliability Company”—the PAS conference featured a number of end user presenters fr...

    See more >

  • Automation World

    April 2013
     The Human-Automation Intersection

    It may not be a new concept, considering its roots can be found in H.W. Heinrich’s study of industrial safety in the 1930s, but the idea of “Human Reliability” certainly seems to be catching on across industry. Beyond the benefits of increased safety and improving the appeal of industrial work to new and existing employees, Human Reliability is also being lauded for its positive impact on productivity. A showcase example...

    See more >

  • ISS Source

    April 2013
     PAS: Visibility Across Enterprise

    Visibility of control system data remains a top priority for refineries these days as the entire enterprise needs to see what is going on throughout the process. “We are constantly getting pressure to get the data as visible and transparent as possible to a variety of different groups,” said Jason Bottjen, manager of control systems engineering at Valero Energy Corp., during his talk Tuesday at the PAS Technical Conferen...

    See more >

  • ISS Source

    April 2013
     PAS: One Way Communications Works

    That is why there were two companies – Waterfall Security Solutions and Owl Computing — talking differing technologies at the PAS Technical Conference in Houston, but saying one way communication is a very effective security tool. ake the Shamoon attack this past August. RasGas suffered from the attack last August and it forced the company to disconnect completely from the network.

    See more >

  • ISS Source

    April 2013
     PAS: Security a Productivity Enhancer

    Larry Spoonemore knows the advantages of cyber security go beyond just securing the plant. He knows it can be a productivity enhancer. “You will find if you manage the issues and over a period of time, you will improve productivity,” said Spoonemore, the control system integrity coordinator at energy provider Southern Company during his talk Tuesday on Automated Management of Cyber Security Assets at the PAS Technical Co...

    See more >

  • ISS Source

    Aprpil 2013
     PAS: Human Reliability

    It is time to focus on human reliability. “We have done a fantastic job in improving productivity, let’s try to prevent human error,” said Eddie Habibi, chief executive and founder of PAS, during his keynote address Tuesday at the PAS Technical Conference in Houston. “Human error is to human reliability as pump failure is to asset reliability.” In these days of faster, better, more, the reliance on technology is becoming...

    See more >

  • What's New In Process Technology

    May 2012
     To Err is Human

    Using Technology to Try to Solve the Problem is Equally Human. Humans are wonderful, complex beings. That our very name, homo sapiens, can be translated to wise man, is an indication of our intelligence. We have the ability and capacity to do so much and, along with our advanced language capability, we can reason, problem-solve, introspect and quickly adapt to current conditions around us. But we are not infallible.

    See more >

  • Industrial Automation Asia

    December 2011
     Qatargas Selects PAS For Site-wide Alarm System Improvement Project

    PAS, a supplier of human reliability software and services to the power and processing industries worldwide, has announced that Qatargas, the world’s largest liquefied natural gas (LNG) producer, has chosen PAS’ PlantState Suite alarm management software and engineering services for an improvement project across all their units.

    See more >

  • Connecting Industry

    June 2011
     A Modern Era for HMIs and Alarm Management Systems

    Iconon any company, an employee’s performance affects its productivity, profitability, and reputation. In manufacturing, the link is immediately apparent because the process is directly controlled by the real-time actions of a console operator. If that operator makes a critical mistake, the entire company may be adversely affected.

    See more >

  • Control Engineering Asia

    May 2011
     A Human Focus

    In most process industries, manufacturing is directly controlled by the real-time actions of a console operator. If that operator makes a critical mistake, the entire company and its shareholders may be adversely affected. The disciplines of Human Factors and Ergonomics explore the way humans interact within their work environment. Every individual’s job performance directly impacts safety, production, and profitability ...

    See more >

  • Industrial Automation Insider

    January 2011
     Hard-won experience of alarm management

    This alarm management problem leads on to a look at the practical and pragmatic approach adopted in the second edition of “The Alarm Management Handbook,” by Bill Hollifield, Principal Alarm Management Consultant for PAS, and Eddie Habibi, founder and ceo of PAS: incidentally Hollifield is also co-author of “The High Performance HMI Handbook.”

    See more >

  • Automazione Industriale

    September 2010
     Protecting knowledge improves processes

    As a leading player in the field of automation and information technology decreasing the time to implement automation and information projects while reducing risk are key priorities for Invensys Operations Management. Recently, Invensys has adopted PAS’ Integrity Software in order to automate the capture and management of the highly complex configuration of process automation assets, from field devices to advanced applic...

    See more >

  • Manufacturing Automation

    June 2010
     High Performance HMIs

    A new era of the human-machine interface (HMI) is upon us. Harsher safety and compliance standards have persuaded many operating companies to replace their “traditional” graphics with high-performance HMIs – a move that is sure to make life easier for plant operators everywhere. When graphic operator display capabilities were first introduced into distributed control systems (DCS) in the late 1970s, there were no guideli...

    See more >

  • ARC Advisory Group

    September 2009
     PAS Improves Operations and Automation Effectiveness

    PAS provides Operations and Automation Effectiveness solutions to the process industries. PAS improves operations effectiveness by maximizing operators’ situational awareness; enabling them to take the most beneficial actions during both steady state operations and abnormal situations. PAS’ Integrity software improves automation effectiveness by mapping and managing configuration for the ever-increasing number of complex...

    See more >

  • Industrial Automation Insider

    August 2009
     PAS sets out to map the Automation Genome

    PAS sets out to map the ‘Automation Genome’ Process automation users increasingly find themselves between the Scylla of growing complexity and the Charybdis of diminishing resource. OK, pretentious, but at least rather less cliché ridden than a rock and a hard place!

    See more >

  • InTech

    November 2007
     Stop Designing for Failure

    "All accidents are preventable." This is a powerful statement that inspires professional men and women in their quest for a safer working environment. We believe it to be true because otherwise we would have to accept failure. And when it comes to human life, failure is not an acceptable option. But is it true? Reality seems at odds with our belief.

    See more >

  • World Oil

    September 2006
     Alarm Systems Greatly Affect Offshore Facilities Amid High Oil Prices

    By following seven key steps, operators can create highly effective, reliable alarm systems to optimize offshore production facilities' operation. Reliability of oil and gas production facilities has never been more important. Poorly performing alarm systems negatively impact reliability and production. They can interfere with, rather than assist, the operator in handling an abnormal situation.

    See more >