Advances in technologies can lead to great things for the manufacturing automation sector, but everyone has to keep in mind security has to play a key role. "With new technologies and new advancements, we can see unintended consequences," said Eddie Habibi, chief executive and founder of PAS Global during his keynote address at the PAS 2018 Optics conference in Houston. "This is no different than working in a process pla...
See more >
The U.S. Department of Energy on Wednesday made public an August 2017 report that concluded there are more than a half dozen "capability gaps" in the power sector's ability to respond to a cyberattack on the electric grid. A power outage due to a cyberattack has never happened in this country, but hacking attempts are on the rise and a recent focus on industrial control systems (ICS) by would-be intruders has upped the ...
Given the sophistication and effectiveness of recent industrial cyber-attacks, such as the Ukrainian power grid attack in 2015, the Industroyer/CrashOverride malware attack in 2016, and the Triton/Trisis malware attack in 2017, it is more important than ever to identify and remediate operational technology (OT) vulnerabilities. However, industrial process and power companies still struggle to effectively manage OT cybers...
With the rising urgency of threats to the power grid, cybersecurity is becoming prioritized along with safety. A strategy based on rules, enforcement and awareness needs to be applied to the power, oil and gas sectors, according to PAS CEO and Founder, Eddie Habibi.
The U.S. is prepared to take aggressive action against Russia for a recent, extended campaign of cyberattacks on infrastructure assets around the world by compromising devices such as routers and firewalls, the White House cybersecurity coordinator, who has since left his position, said Monday. “When we see malicious cyberactivity, whether it be from the Kremlin or other nation-state actors, we are going to push back,”
Critical infrastructure, governments and Internet service providers (ISPs) are all areas Russian state-sponsored hackers are targeting on a global basis, according to a joint technical alert released this week. The focus of the attacks are “government and private-sector organizations, critical infrastructure providers, and the Internet service providers (ISPs) supporting these sectors,” according to the alert released by...
Stunning ransomware attacks like those that recently hobbled Atlanta and Baltimore have thus far defied a legislative solution, with lawmakers in only a handful of states having criminalized the activity and experts skeptical that harsher laws would even make a difference. The attack on Atlanta last month, which reportedly struck five of 13 city agencies and forced some 8,000 city workers to take their computers offli...
General Michael Hayden, a retired U.S. Air Force four-star general and the former Director of the National Security Agency (NSA) and Central Intelligence Agency (CIA), has extensive knowledge and understanding of how to handle conflict and combat. During his time serving in a variety of senior positions, including responsibility for a combat support agency of the Department of Defense, as the Commander of the Air Intelli...
Advances in technologies can lead to great things for the manufacturing automation sector, but everyone has to keep in mind security has to play a key role. “With new technologies and new advancements, we can see unintended consequences,” said Eddie Habibi, chief executive and founder of PAS Global during his Tuesday keynote address at the PAS 2018 Optics conference in Houston, TX. “This is no different than working i...
Technology is advancing across all industries and it is making them smarter and more agile, but attack vectors are also on the rise, which means industry leaders need to understand who and what they are facing. “The faster we go, the more ‘behinder’ we get,” said General Michael Hayden, principal at the Chertoff Group and former Director of the CIA and the NSA, during his keynote address Tuesday at the PAS 2018 Optics...
CERT Alert TA18-074A removed any doubts that hostile nation states are actively targeting U.S. industrial control systems. On March 15, 2018, we all learned that the long-discussed cyber-attack on industrial control systems (ICS) had actually happened. Of course, many attacks on ICSs have happened before, but this one—with the backing of a nation-state—is the one that has been most feared.
Do you have a real cybersecurity-focused ICS strategy in place, or are you force-fitting IT security policies on your industrial control systems? A recent incident where a likely nation-state threat actor inadvertently shut down a critical infrastructure facility in the Middle East when testing new malware has stoked widespread concerns about the vulnerability of industrial control systems (ICSs) to new cyberthreats. Man...
This company’s Cyber Integrity 6.0 platform now includes continuous vulnerability management, providing immediate, comprehensive visibility into vulnerability risk within industrial process control networks. Cyber Integrity works across the multi-vendor automation environment, providing foundational cybersecurity, enterprise scalability and platform independence. It also automates internal and regulatory compliance repor...
The MuddyWater campaign appears to be rising to the surface again with researchers finding similarities between this older cyberespionage attack and a new one targeting Turkey, Pakistan and Tajikistan. Trend Micro researchers believe the latest series of incursions is related to last year's MuddyWater incidents, which were discovered by Palo Alto's Unit 42, as each uses official looking documents purporting to be from...
We like to think that cyberattacks are focused primarily on stealing credit card numbers and that attackers don't know much about the control systems that run critical infrastructure. Unfortunately, that's just wishful thinking. In 2017, we saw an increasing number of threat actors bypass existing network perimeter security controls to perform sophisticated reconnaissance of industrial process control networks (PCNs). Th...
With major cyber attacks like WannaCry, NotPetya and Triton affecting not only consumer entities but manufacturing and energy sectors as well, 2017 could be the year that industry finally took notice of the growing threat to industrial control systems. Does that also mean 2018 will be the year that industrial companies take the steps necessary to prevent the next attack?
The convergence of industrial control networks and operational technology (OT) with traditional information technology (IT) has been a “coming attraction” for years. But the growth in ICS cyber attacks is a sign that convergence is finally here. In the past, securing control systems was not a major concern because they were air gapped -isolated from IT and the rest of the enterprise -running on proprietary protocols, emb...
It is very easy to get caught up in the hype and hysteria surrounding cybersecurity and not understand facts behind a barrage of data. In the end, it is all about context. That idea comes into play after a report released earlier this week saying the amount of industrial control systems (ICS) now accessible over the Internet increased over the previous year.
PAS Global released its PAS Cyber Integrity 6.0, which includes continuous vulnerability management providing visibility into risk within industrial process control networks. With traditional IT vulnerability management, Cyber Integrity also addresses proprietary industrial control systems that comprise 80 percent of a facility environment.
No doubt it could have been far worse - even catastrophic. An apparent misstep by the attackers behind the malware now known as TRITON/TRISIS that was discovered embedded in a Schneider Electric customer's safety system controller late last year fortunately failed, causing two of the safety instrumented systems (SISes) to shut down an industrial process in the plant. That outage led to the discovery of the customized bac...
The performance hit with the patches is especially painful for the industrial environment, which is both a juicy target for attack as well as highly disruption-averse. "In the world of critical infrastructure, where safety and availability are paramount, updates that carry this kind of baggage are simply not applied immediately," says Eddie Habibi, founder and CEO of PAS Global.
PAS Cyber Integrity 6.0 now includes continuous vulnerability management providing visibility into vulnerability risk within industrial process control networks. Cyber Integrity moves beyond traditional IT vulnerability management by also addressing the proprietary industrial control systems that comprise 80 percent of a facility environment.
Digitalization adds significant value despite the cyber risk. “Don’t fear connectivity – the benefits are too great,” says Eddie Habibi, founder and CEO of PAS Global. On the other hand, he cautions, the threat of cyberattack is imminent and proven; critical systems are vulnerable; and “every minute, day, or month that you put off securing your systems, they remain at risk.”
In this week’s Security Ledger Podcast episode, the UK -based policy think tank Chatham House warned last week that aging nuclear weapons systems in the U.S., the U.K. and other nations are vulnerable to cyber attacks that could be used to start a global conflagration. We talk with Eddie Habbibi of PAS Global about what can be done to secure hackable nukes.
Industrial companies have made significant investments in cybersecurity technologies to protect their plants and industrial control systems (ICS). But many companies are unable to keep up with the never-ending stream of new vulnerability alerts from suppliers and groups like ICS-CERT. This leaves many plants at risk of serious cyber incidents, jeopardizing safety and operational reliability.
A think tank today published a report that claims that nuclear weapon systems in both the U.S. and U.K. are vulnerable to hacking and that hackers could potentially start a nuclear war. The claim comes from Chatham House in its report “Cybersecurity of Nuclear Weapons Systems: Threats, Vulnerabilities and Consequences,” which details the history of nuclear weapons systems and the inherent risks built into them.
Given what’s happened in 2017 — the Equifax breach, state-sponsored attacks, Russian manipulation of social media, Wannacry, and more phishing scams than we can count — you might not be looking forward to 2018. Breaches will be bigger, hackers will be smarter, and security teams and budgets won’t seem to keep pace.
Security provider Nyotron found an advanced malware campaign attempting to attack a company’s Middle Eastern critical infrastructure clients. “On December 11, 2017 at 01:21 a.m., a night-shift employee working at an around-the-clock critical infrastructure facility located in the Middle East plugged a USB drive into a shared workstation that dozens of the company’s employees use on a daily basis.”
Of course, the ultimate aim of any cybersecurity effort is the same as any other plant-floor initiative from basic loop control to advanced process optimization and safety—keep the application running as efficiently and profitably as possible. However, because there's no "set it and forget it" with cybersecurity due to constantly evolving probes and threats, a secure network and the communications traffic on it must be c...
Industry is abuzz over reports issued by both FireEye and Dragos about a cybersecurity incident that took place at a critical infrastructure facility in the Middle East. The malware referred to as Triton is significant to our community because it is not only part of an increasing focus of attacks on industrial control systems (ICSs), but it is the first to directly target a safety instrumented system (SIS).
Given what’s happened in 2017 — the Equifax breach, state-sponsored attacks, Russian manipulation of social media, Wannacry, and more phishing scams than we can count — you might not be looking forward to 2018. Breaches will be bigger, hackers will be smarter, and security teams and budgets won’t seem to keep pace. Some things will get worse before they get better, but we expect real progress in a few areas.
A recent Accenture survey found that 76 percent of utility executives in North America believe the country faces a moderate risk of interruption to electricity due to a cyberattack. The full truth is that much more infrastructure than power generation is at risk. Process control networks (PCNs) in critical infrastructure sites − refineries, chemical plants, and manufacturing facilities − all have potential danger swimmin...
Here are CRN's 15 coolest industrial IoT companies that are leveraging their channel to deploy analytics and data monitoring tools on the industrial floor, deploy connected smart equipment, and ultimately bridge IT with operational technology.
2017 was certainly a year in which industry seemed to become more focused on cybersecurity. But with so much activity in this sector, making sense of it all is tough. Here are some insights into potential new developments for 2018. Eddie Habibi, founder and CEO of PAS—a cybersecurity and asset and operations management technology supplier—recently shared his thoughts on what he called “seven seismic trends” he expects to...
Global industrial control systems security provider PAS Global’s Cyber Integrity platform has now become completely interoperable with RSA NetWitness Suite. PAS is a solution provider of industrial control system (ICS) cybersecurity, process safety and asset reliability in the energy, power and process industries. The interoperability means that industial process companies that use RSA NetWitness can access further secur...
In the category of ICS Security - Tools for enabling the security, confidentiality, and integrity of network-connected SCADA and industrial control systems. Founded in 2014, PAS provides cybersecurity, asset management, and process safety products for the power, process, and energy industries. Factors to Watch include a strategic global partnership with Siemens for real-time monitoring of control systems Platform-i...
What does 2018 hold for ICS cybersecurity? Here are seven seismic trends Eddie Habibi sees happening in the world of ICS cybersecurity: Disclosing a Critical Infrastructure Cyber Attack Will Be Mandatory: The lack of a mandate to disclose attacks on corporations continues to hinder accurate intelligence gathering, targeted defensive strategies against an evolving threat landscape, and appropriate offensive respons...
Critical infrastructure presents high value targets that if exploited can produce significant political or financial gain – more than retail or financial industry targets we tend to see in the news,” said David Zahn, GM of the cybersecurity business unit at PAS. “The reason is that the industrial control systems that sit at the end of the industrial facility’s kill chain control in many cases volatile process.
The United State Computer Emergency Readiness Team (US-CERT) is warning of a new ransomware campaign called Bad Rabbit, which appears to be a variant of the Petya ransomware that was first detected in early 2016. "US-CERT discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored," US-CERT stated in an alert. "Using unpatched and unsupported software may inc...
The Department of Homeland Security and Federal Bureau of Investigation have issued a joint technical alert warning that government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors are subject to an ongoing attack campaign from an advanced actor, most probably Dragonfly (aka Crouching Yeti and Energetic Bear).
US-CERT issued a technical alert advisory on Oct.21 warning of advanced persistent threat activity targeting energy and other critical infrastructure sectors across the U.S. The technical alert was compiled with information provided from both the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). According to the analysis, energy, nuclear, water, aviation and critical manufacturing sec...
Eddie Habibi, CEO of PAS Global, told eSecurity Planet by email that as tensions continue to rise between the U.S. and North Korea, we should expect the intensity of cyber attacks on U.S. critical infrastructure to rise as well. And while critical infrastructure is as prepared as it has ever been for phishing attacks, Habibi said, it's not well prepared for the consequences of attacks that provide the attackers with "ac...
September spear phishing attack appeared to be more reconnaissance activity than sign of impending attack, FireEye says. Known threat actors based in North Korea recently targeted several US electric companies in a spear-phishing campaign that appeared to be more of an early reconnaissance mission than an attempt to cause any immediate disruption.
Hackers likely affiliated with the North Korean government seem to lack the ability to disrupt the U.S. power supply, according to a new report from FireEye. The state-sponsored actors conducted a reconnaissance attack against electric companies in the United States on Sept. 22, 2017, via spear-phishing emails, but the incident did not lead to a disruption, the security company reports.
As the saber-rattling between US President Donald Trump and North Korean leader Kim Jon-Un continues, reports have surfaced that the DPRK had plans to hack the American power grid, while also successfully targeting the South Korean Ministry of Defense.
Effectively meeting ICS cybersecurity challenges begins by recognizing that OT is uniquely different from IT. IT systems manage digital bits of information. OT systems drive production by monitoring and directly controlling physical devices, such as circuit breakers at power stations that distribute electricity and the valves and compressors at refineries that produce gasoline. While attackers focusing on enterprise IT s...
Alarm management’s powerful infrastructure extends to many other important uses. Once you have accomplished alarm system improvement, what is next? Can you leverage the software and work processes in place for alarm management to achieve other significant improvements? Many companies are doing exactly that.
Decades ago, the term “industrial security” primarily referred to safeguarding physical assets. With the rise of connected industrial control systems, the focus expanded to keep remote intruders out. In both cases, industry professionals often approached security as a mission to keep some malevolent “other” out of their premises and away from critical machinery. While the threat of external threat actors is very real, th...
WannaCry infections have resumed, but at a slower rate, as the kill switch in the original version is removed. A now warned and worried online world is working to secure itself against this second, apparently less virulent, variant of the ransomware. Attribution, which is still at a very circumstantial and preliminary stage, continues to point toward North Korea. Technical experts think they've found evidence of connecti...
Siemens and PAS Global have announced a partnership to provide real-time monitoring for industrial control systems. The companies' combined technology will provide customers with the tools to identify proprietary assets and to detect and respond to threats to control systems.
Siemens, a global engineering and technology provider, and PAS Global, a provider of industrial control system (ICS) cybersecurity solutions, announced an agreement to provide fleet-wide, real time monitoring for control systems. By leveraging the capabilities of both companies, this partnership will provide customers with: (1) deep analytics required to identify and inventory proprietary assets; and (2) visibility to de...
Siemens, a global engineering and technology company, and PAS Global, a leading provider of industrial control system (ICS) cybersecurity solutions, announced an agreement to provide fleet-wide, real-time monitoring for control systems. By leveraging the unique capabilities of both companies, this partnership will be able to provide customers with: (1) deep analytics required to identify and inventory proprietary assets;...
Siemens has announced an agreement with U.S.-based PAS Global, a global provider of industrial control system (ICS) cybersecurity solutions, to provide fleetwide, real time monitoring for control systems. The agreement will provide customers with the deep analytics required to identify and inventory proprietary assets and the visibility to detect and respond effectively to attacks across the operating environment, Sieme...
Siemens has announced an agreement with U.S.-based PAS Global, a global provider of industrial control system (ICS) cybersecurity solutions, to provide fleetwide, real-time monitoring for control systems. The agreement will provide customers with the deep analytics required to identify and inventory proprietary assets and the visibility to detect and respond effectively to attacks across the operating environment, Sieme...
With a focus on protecting the critical infrastructure industries of utilities and oil and gas, the partnership combines control system knowledge and analytics with deep domain expertise and response. It takes a village to raise a child. It also takes a village to protect your assets. In the energy industry—where use of digital technologies is growing to help boost revenues and efficiencies, and where cyber attacks have ...
Siemens has announced it has partnered with industrial control system (ICS) cybersecurity solutions company PAS Global, to provide stronger visibility and security across the ICS - particularly in the oil and gas and utility sectors. According to Siemens, the partnership will increase visibility to detect and respond effectively to attacks across the operating environment, provide deep analytics required to identify and ...
Siemens and PAS Global, a provider of industrial control system (ICS) cybersecurity solutions, announced an agreement to provide fleet-wide, real time monitoring for control systems. By leveraging the unique capabilities of both companies, this partnership will provide customers with deep analytics required to identify and inventory proprietary assets; and visibility to detect and respond effectively to attacks across th...
Engineering giant Siemens and PAS, a company that specializes in cyber security solutions for industrial control systems (ICS), announced on Tuesday a new strategic partnership. The goal of the partnership is to provide organizations the capabilities needed to identify and inventory assets, including distributed and legacy control systems, and provide visibility for detecting cyber threats and unauthorized engineering c...
Now meet the next big thing for Siemens and other major ICS/SCADA equipment vendors: managed security services. Siemens today kicked up a notch its existing network monitoring and security services with the addition of anomaly detection technology from PAS that monitors all brands of industrial and computing equipment – not just its own - on a plant network.
PAS, a startup focused on securing connected manufacturing floors, has announced it will team up with industrial heavyweight Siemens to help better secure operational technology. Siemens and PAS will partner "bring the best in breed technology" that helps manufacturing companies gain stronger visibility and security across legacy control assets and industrial control systems, particularly in the oil and gas and utility ...
The Dragonfly group now appears to be focused on compromising operational networks. Symantec researchers recently uncovered a new wave of cyber attacks targeting the energy sector in Europe and North America, with the potential to disrupt operations at target companies. The group behind the attacks, known as Dragonfly, has been in operation since 2011 but was relatively quiet for a while after it was first exposed in 20...
The risk of industrial-control systems being targeted with cyberattacks has long concerned operators, governments and vendors, but fears of widespread attacks crippling critical infrastructure have so far failed to materialize. Now, that risk only appears to be growing because of the availability of attack tools, and evolving motivation of digital adversaries. Industrial-control systems, or ICS, are found mainly in ener...
In what should be a surprise to no one: A series of attacks compromised energy companies in the United States and Europe which led to bad guys gaining access to grid operations to the point where they could flip the switch on power. A report released by Symantec Wednesday revealed attacks by a group it is calling Dragonfly 2.0, which it said targeted dozens of energy companies since 2015.
As IoT continues to mature, more executives have come forward with their engineering and sales expertise to offer their insights on how to best monetize the market. CRN has compiled a list of the top executives making a mark in IoT – whether they are top executives charged with leading vendors' overarching IoT strategies, solution provider executives at the front of the IoT sales charge, or thought leaders who are close...
Doomsday scenarios might sound like hype, but the increasing number of cybersecurity incidents we’ve seen in electric, water, nuclear and other critical facilities are trials for larger attacks. It’s difficult to write about cybersecurity without sounding like Chicken Little. I know that the more I flap my wings, the more you might ignore me altogether. Doomsday messages don’t strike fear; our overhyped message receptors...
If anyone thought fear, uncertainty and doubt (FUD) as an approach to cybersecurity ended a long time ago, then view the latest report coming out of Washington saying there is a narrow and fleeting window to prepare for and prevent “a 9/11-level cyber-attack” against the U.S. critical infrastructure. That FUD induced comment came from a report the Presidential National Infrastructure Advisory Council (NIAC) just released...
How hackers today are engaging in a modern 'Fence Cutter War' against industrial control systems, and what security professionals need to do about it. The Homestead Act of 1862 promised US citizens that if they settled and farmed frontier land for five years, it was theirs to own. One of the primary challenges settlers faced was finding fencing materials to protect their crops from open-range cattle. Barbed wire was inve...
Add one more to the lengthening list of ways your connected car can get hacked. The NCCIC/ICS-CERT (National Cybersecurity and Communications Integration Center/Industrial Control Systems Cyber Emergency Readiness Team) issued an “alert” late last week following the release of a research paper on, “a vulnerability in the Controller Area Network (CAN) Bus standard with proof-of-concept (PoC) exploit code affecting CAN Bus.”
PAS Global LLC released its PlantState Suite (PSS) 8.3 featuring Alarm Mechanic. The new feature helps improve process plant safety and console operator performance minimizing nuisance alarms through automated analytics and recommendations. PlantState Suite makes power and process plant operators more effective at identifying, evaluating, and managing alarms.
In the ICS environment, it is all about understanding what security means and then adapting to and adopting a culture much like the industry did 40 years ago or so when it came to safety. “It is all about changing cultures,” said Eddie Habibi, founder and chief executive at PAS, who attended Black Hat USA 2017 in Las Vegas, NV, for the first time this year and sat down for a few moments to share his thoughts on the evolv...
Former President Obama's cyber czar on Wednesday piled on the criticism of a rumored Trump administration plan to shutter the State Department's cybersecurity coordinator office. Michael Daniel told The Hill that cybersecurity is an issue "that crosses multiple desks at the State Department."
When the WannaCry ransomware attack hit Windows-based computers worldwide last month—debilitating the British National Health Service and affecting hundreds of thousands of computers worldwide—it was a big headline. But in the month and a half that’s passed since then, it seems to have become just another day in the news. Attack after attack is coming through, and it should be very clear—because it apparently wasn’t clea...
How do we fix industrial control systems cybersecurity? Experts say better visibility is essential to improving ICS/SCADA security. But infosec teams will never gain that visibility until they stop trying to observe ICS environments through the eyes of IT professionals. There are fundamental differences in IT and OT (operational technology) gear, processes, and people, say experts.
In an example of just how persistent modern cyberthreats can be, automaker Honda Motors had to temporarily stop production at its Sayama plant in Japan this week after being hit by WannaCry, a malware threat the company thought it had mitigated just one month ago. The nearly 48-hour shutdown impacted production of about 1,000 vehicles at the facility, which does engine production and assembly for a line of vehicles incl...
Researchers described some theoretical attack scenarios involving this malware and warned that the threat could be adapted for attacks on other countries, including the U.S., and other sectors. Contacted by SecurityWeek, industry professionals shared some thoughts on the threat posed by CrashOverride/Industroyer, and provided recommendations on how organizations can protect their systems.
Eddie Habibi, Founder and CEO of PAS, talks to Andrea Day at CNBC about cybersecurity risks for the oil and gas infrastructure. Cybersecurity experts say that oil and gas infrastructure is a target of hackers, and if successful could potentially shut down or interrupt production.
There is a piece of malware believed to have been used in the December Ukraine substation attack that targeted power grids, researchers said. The malware ended up discovered by ESET, which called it Industroyer. The company also shared some data with ICS cybersecurity company Dragos, which tracks it as CRASHOVERRIDE and the attacker that uses it as ELECTRUM.
Possibly the biggest cybersecurity news item to come across the wires since Stuxnet was last week’s news about WannaCry. WannaCry is a type of malware referred to as ransomware because it blocks access to the infected computer’s data until a ransom is paid to regain access. It began infecting Windows-based computers worldwide on Friday, May 12, 2017, through phishing emails and a self-propagating worm feature in the malw...
Last week Wanna Cry cyberattack infected tens of thousands of computers, from manufacturing to hospitals and big industrial organizations, a great opportunity for ICS players to talk about their products/solutions as there were no catastrophic damages yet. In the first phase, the majority of players expressed their opinion about the consequences that such an attack might have on OT. What is the solution to protect a fact...
WannaCry hit over 200,000 computers, from manufacturing to medical, in at least 174 countries starting Friday and through the beginning of this week and this ransomware attack could easily be prevented if manufacturers just follow some basic steps. The malicious code relied on victims opening a zip file emailed to them and from there the ransomware package used a patched flaw in the Microsoft operating system software to...
U.S. President Donald Trump signed an executive order on Thursday in an effort to improve the protection of federal networks and critical infrastructure against cyberattacks. The executive order states that the heads of departments and agencies will be held accountable for managing cybersecurity risk. They are required to use NIST’s Framework for Improving Critical Infrastructure Cybersecurity to manage risk, and they m...
The reviews of President Donald Trump’s Executive Order (EO) on cybersecurity were coming in within hours of its signing yesterday afternoon, and they were most definitely mixed. There was general agreement that the intent of the EO – delayed more than three months from late-January, when it was originally scheduled to be signed – was good.
The cybersecurity executive order contains suggestions considered good ideas by experts, including holding agency heads accountable for cybersecurity. “President Trump’s cybersecurity executive order (EO) addresses the right areas of concern – updated federal systems, critical infrastructure, deterrence, workforce education, and more,” said Eddie Habibi, chief executive and found of Houston-based PAS. “Thankfully, the ex...
Cyberespionage is now the most common type of attack seen in manufacturing, the public sector and now education, warns the Verizon 2017 Data Breach Investigations Report, which was published a week ago. Much of this is due to the high proliferation of propriety research, prototypes, and confidential personal data, which are hot-ticket items for cybercriminals. Nearly 2,000 breaches were analyzed in this year's report and...
The 2017 Verizon Verizon Data Breach Investigation Report both highlighted big threats of which the industry is already aware, such as ransomware, as well as under-the-radar threats like pretexting, which can be extremely dangerous in certain situations. The data in the 2017 Verizon Data Breach Investigation Report (DBIR) was gathered from 65 organizations across the world, including analysis of 42,068 incidents and 1,93...
Companies are flying blind when it comes to 80% of the cyber assets that exist within an industrial process facility. They lack sufficient visibility into what assets they have and how they are configured. Without this data, basic cybersecurity questions remain difficult to answer. For example, did an unauthorized change occur, where are my vulnerabilities, and can I recover quickly if the worst case scenario happens? W...
PAS Global mentioned in eWeek. VC Cash Infusion Helping Security Vendors Bolster Efforts. Securing industrial control systems is a growing market for cybersecurity vendors, which is why Houston-based PAS announced on April 11 that it raised $40 million in a new round of funding. The new funding was led by Tinicum L.P.
The takeaway from the 10th annual Verizon Data Breach Investigations Report is depressingly familiar: Of the 1,935 breaches analyzed, 88 percent were accomplished using a familiar list of nine attack vectors, meaning they could probably have been prevented by a few simple cyber-hygiene measures.
“Weapons of mass destruction don’t have to be physical bombs that move from one location to another—they can be these ticking bombs in these control systems that …cause severe damage and bring down the critical infrastructure of a country.” says Eddie Habibi, founder and CEO of the Houston-based ICS security firm PAS.
You’ve likely noticed an increase in the number of new entrants into the industrial control system (ICS) cybersecurity field over the past year or so. Even longstanding companies in this space have been expanding their cybersecurity-related products and services. Further evidence of the increasing interest in this space can be seen in the outside investments being made here. A case in point is the investment of $40 milli...
PAS, a provider of ICS cybersecurity, process safety, and asset reliability solutions for the energy, power, and process industries, announced a $40 million growth investment by Tinicum, L.P. and certain affiliated funds managed by Tinicum Incorporated (“Tinicum”). Tinicum is a private investment partnership focused on late stage investments in manufacturing, energy, technology, media, and infrastructure.
With deep roots in software solutions for process safety and asset reliability for industrial firms, Houston, TX-based PAS announced this week that it has taken a $40 Million investment that will be used to fuel its Industrial control system (ICS) cybersecurity business. PAS has been around for 23 years and says its solutions are deployed in more than 1,100 facilities globally in more than 70 countries.
PAS gained a $40 million growth investment from Tinicum, L.P. This funding round is a move to expand PAS sales and marketing as well as increase research and development for its security software product, Cyber Integrity. Cyber Integrity protects critical infrastructure from risks associated with rising Industrial Internet of Things (IIoT) adoption, malicious cyber attacks, and insider threats.
PAS Global, LLC, a maker of software for industrial businesses, secured a $40 million growth investment from Tinicum. The Houston-based company sells software that monitors the security and safety of industrial control systems for more than 520 customers including chemical, refining and power generation companies.
Houston-based PAS Global LLC announced April 11 it has raised $40 million in its first capital raise as it plans to triple its headcount over the next three years. PAS is a cybersecurity company that largely services the oil and gas industry. Founded in Clear Lake in 1993, the company now has roughly 150 employees.
Securing Industrial Control Systems (ICS) is a growing market for cybersecurity vendors, which is why Houston-based PAS announced on April 11 that it is raising a new $40 million round of funding. The new funding was led by Tincum L.P. The new money will be used by PAS to help grow the company's go-to-market efforts as well as its technology development.
Houston's PAS, a security firm focused on industrial control systems, has raised $40 million as the company looks to expand its channel program for operational technology (OT) security. PAS, which provides security for industrial control systems – including distributed control systems, programmable logic controllers, turbo machinery controls, and compressor control systems – wants to broaden its sales approach and invol...
While there are undeniably potential security risks related to connecting a power plant’s systems, that should not necessarily be a deterrent to doing so, according to Mark Carrigan, COO of PAS Inc. The potential benefits of integrating IIoT technology into a plant’s operation can outweigh the cybersecurity risks, as long as the plant operator addresses the risks, he said.
There is some debate on whether a 60-day cybersecurity review is worthwhile. Let's not miss the irony of a leaked executive order as a proof point that our federal government needs better security around information. Can officials perform such a review in time to provide solid recommendations? Many departments can as they've performed this exercise previously.
Overblown media reports describing critical infrastructure incidents can have a negative impact on cybersecurity in the industrial control systems (ICS) sector, experts have warned. The number of attacks aimed at ICS has reportedly increased in the past year and several incidents have been disclosed to the public. However, some of the mainstream media reports covering these attacks have been sensationalized or inaccurate.
There have been several incidents recently where a critical infrastructure organization’s IT systems were breached or became infected with malware. SecurityWeek has reached out to several ICS security experts to find out if these types of attacks are an indicator of a weak security posture, which could lead to control systems also getting hacked.
When it comes to industrial processes, security begins at the molecular level. Not all cybersecurity risk is created equal. Case in point: when Sony was hacked, information was stolen, systems were wiped, and society was temporarily deprived of a Seth Rogan movie. These were mostly bad outcomes, and Sony certainly suffered a significant financial loss.
Attacks on government and private sector targets are rampant. Experts are skittish when it comes to attribution, reports Larry Jaffee. Electric grids remain a target for cyberattacks, notes David Zahn, general manager of the cybersecurity business unit for PAS, a Houston-based provider of process safety, cybersecurity and asset services for the energy, power, and process industries.
Operations management and cybersecurity company PAS anticipates an uptick in cybersecurity regulation, but warns that doesn’t always lead to tightened security. “Federal regulation is a double-edged sword,” says David Zahn, general manager of cybersecurity at PAS. “On one side, it forces nationwide attention and, more importantly, investment that might otherwise happen too slowly. Unfortunately, good compliance does not...
(Page 27) Dire prognostications make for great headlines, but not every crystal ball gives an accurate picture of the future. If we want to find existential threats in the here and now, we need look no further than cybersecurity within industrial facilities and power plants. Unlike breaches that lead to financial or information loss, a breach within an industrial site can bring injury to people and environment as well as...
Data stolen from ThyssenKrupp may not yield hackers a huge payday, but instead enable them to cause significant damage to future operations of the company, according to David Zahn, general manager of PAS, an industrial control system cybersecurity firm. “Instead of making a large cash withdrawal, hackers could disrupt production or worse; cause significant physical damage to production equipment, the environment or even ...
PAS rolls out IPL Assurance software with real-time predictive analytics that monitor the health and availability of Independent Protection Layers which enable operators to ascertain the overall risk profile of a facility. The safety structure of complex process control systems is designed in multiple layers in order to ensure an equipment “event” is caught way before it starts. This multi-tiered set up is based on Safet...
David Zahn, general manager at PAS, Inc, a provider of industrial control systems cybersecurity technology, added that further flaws along the lines of the one successfully resolved by Schneider are inevitable because industrial control technology was never designed with security in mind. “It is good that cybersecurity companies are disclosing these vulnerabilities and following good ethical disclosure practices, but no...
David Zahn, general manager at PAS, Inc., a provider of ICS cybersecurity, was at the session and said in an email that it is good that cybersecurity companies are disclosing these vulnerabilities and following good ethical disclosure practices. But, he added, no one should be surprised that such vulnerabilities exist.
Safety risk remains a top priority for all companies in the process industries, but knowing if and when an incident may occur is not so cut and dried. Along those lines, PAS Inc. launched a tool Wednesday that can not only provide visibility into what is going on, it can also offer real-time predictive analytics on the health and availability of the safety instrumented systems (SIS), alarm management systems, and other I...
In process industries like oil and gas and chemicals, the ability to identify shifts in patterns that could eventually cause problems is critical. That’s because a seemingly simple issue, like a pump malfunction, could result in a not so natural disaster. From oil spills to gas leaks and fires, manufacturing incidents are still fairly frequent. And when death, injury and environmental destruction are involved, company ex...
In industrial facilities, cyber incidents typically result from three basic scenarios: a malicious attack from an outside individual or group; a cyber incident that results from an engineer making a mistake that alters a control process or diminishes safe operations; or the work of a disgruntled employee or ex-employee. No matter which of these scenarios you believe is real or presents the most risk, companies must take ...
Visibility into a facility’s proprietary control system configurations is a prerequisite for cybersecurity. According to IBM’s 2016 Cyber Security Intelligence Index report, 44.5 percent of all cyberattacks in 2015 — up from 31.5 percent the previous year — were perpetrated by malicious insiders. An additional 15.5 percent resulted from inadvertent actors. Process plants are not immune to these attacks.
Founder and CEO of PAS interviews with the ARC Advisory Group at the 2016 ARC Industry Forum. ARC Advisory Group is the leading technology research and advisory firm for industry and infrastructure. Their coverage of technology and trends extends from business systems to product and asset lifecycle management, Industrial IoT, Industry 4.0, supply chain management, operations management, energy optimization and automation...
Modern distributed control systems (DCS) and supervisory control and data acquisition (SCADA) systems are highly capable at controlling chemical processes. However, when incorrectly configured, which is often the case, they also excel at another task - generating alarms. It is common to find alarm rates that exceed thousands per day or per shift at some chemical process industries (CPI) facilities. This is a far greater...
As the plant floor becomes more connected, so do abnormal situations—which can originate from anywhere in the enterprise. To help operators navigate this new universe of anomalies, suppliers are turning to artificial intelligence and machine learning technologies that enable proactive situational awareness vs. reactive alarm management.
The Industrial Internet of Things (IIoT) presents a unique opportunity to speed up the slow-moving technology adoption lifecycle that is inherent to the industrial sector for operational technologies (OT). This is a sector that – for all the right reasons related to safety, security, and continuity – is relatively slow to adopt new technologies.
For three decades, the process industries have been using sophisticated Distributed Control Systems (DCS) or Site Control And Data Acquisition (SCADA) systems for process control. These use real-time process control graphics as the Human-Machine Interface (HMI) for the operator. But when we installed these systems, there were no available guidelines as to what constituted a “good” graphic.
For the last several months, officials from PAS have been traveling the globe talking to manufacturing executives about best practices for securing industrial control systems (ICS). A few years ago these trips were focused on educating companies on the vulnerabilities of the ICS. But today, interestingly, CIOs and cybersecurity professionals understand that the safeguards currently in place only scratch the network surface.
Industrial Control Systems (ICS) Cybersecurity risks have become so public that CEOs and Board members are sponsoring projects within their companies and raising visibility of the issue. PAS Inc. CEO Eddie Habibi and General Manager of Cybersecurity and CMO David Zahn shared that news with me during a conversation this week regarding the release of a new version of PAS Cyber Integrity (5.0).
PAS, which is well known for its Integrity software, has perhaps solved the problem with its new release of Cyber Integrity 5.0, a part of the PAS Integrity Software Suite, according to David Zahn, general manager of the cyber security business unit at PAS. PAS Cyber Integrity is based upon the proven PAS Integrity platform, and it automates internal and regulatory compliance reporting while reducing associated efforts b...
Standards on alarm management have continued to evolve since the June 2009 publication of ISA-18.2, the first true standard on alarm management applicable to U.S. companies. Alarm management standards went global in October 2014 with the release of the international standard IEC 62682.
Recognizing the need for a bulletproof security framework for industrial control systems, PAS Inc., a provider of asset and configuration management for distributed control systems (DCS), has formed a new Cyber Security Business Unit focused on providing products and services to protect the core configuration of the control system. In addition to the announcement of a new division, PAS rolled out the latest version of it...
Cyber security issues continue to grow throughout the manufacturing automation sector and that is becoming clearer with new players trying to capitalize on the latest buzzwords to garner a foothold, but sometimes the answer to a problem has been in front of you all along. At least that is what PAS believes as the Houston-based asset reliability provider today launched a new cyber security business unit focused on configu...
Protecting industrial plants and their machines, networks, information systems, and personnel from threats is a management duty. New tools are designed to help companies comply with NERC’s Critical Infrastructure Protection (CIP) requirements, OSHA’s Process Safety Management (PSM) standards, the ISA/IEC-62443 standards, and other external and internal security measures. Following are products meant to help companies man...
Human error ties to all industrial accidents in one shape or form. “Hold on! Pumps fail and cause incidents all the time,” you might say. Yet, why do pumps fail? Often it is due to improper maintenance. Sometimes it might be because of shoddy design. Even with the pump failing to perform, there is still often an opportunity to avoid an incident if a console operator takes timely corrective actions. No matter the situatio...
State-based control isn’t new but chemical companies now are showing increasing interest in the approach, according to vendors such as ABB, PAS, ProSys and Siemens. This has much to do with the 2010 launch of the ISA106 committee on Procedure Automation for Continuous Process Operations by the International Society for Automation, Research Triangle Park, N.C. Prior to this, only a small number of chemical companies, nota...
The move to distributed control systems that deliver data in a digital format made old interfaces obsolete. But what some thought were improvements were actually obstacles. Today, understanding human error and ability, as well as industrial processes, helps engineers think like operators when it comes to redesigning control rooms and alarm-management systems. BASF and Southern Company explain what they’ve done.
PAS is celebrating their 20th anniversary. Founder Eddie Habibi and his team threw a much larger party for the PAS Technology Conference 2014 than you'd expect from the company size. It was a respectable sized User Group meeting, too, with over 130 people from several countries in attendance. The conference keynotes by Eddie Habibi and FBI Special Agent Angela Haun were proceed by a press conference in which PAS CEO Habi...
When you think about the automation, asset reliability and mechanical reliability we’ve been investing in our plants for the past 40 years, it’s no wonder we’ve designed in some pretty amazing technologies to boost overall plant reliability. While the mechanical side has seen an upturn, the human side of reliability needs some work.
Preclude operator error, improve safety and profitability. Industrial control systems are ocmplex designs, but they do not give much consideration to the needs of the human operator. This oversight has caused serious and costly accidents. By empowering operators with the right hman-automation relationship tools, companies will achieve and exceed their goals.
Anyone in the automation profession has experienced frustration in troubleshooting a problem or adding something new to control systems where the “as built” documentation does not match the installed system. This gap in documentation results in a significant amount of wasted man-hours and increased MTTR (Mean Time To Repair). In addition, cyber security requirements and regulations require up-to-date “as built” documenta...
Conventional control systems are inherently limited in their ability to make cognitively complex decisions. Most operations are based on central operator consoles that require training and need close attention. They display too much data and too little relevant information. In crisis situations, with many hundreds and even thousands of simultaneous alarms, physical cooperation and communications become overwhelming and h...
Southern Company’s approach to NERC CIP compliance holds lessons for the manufacturing and processing industries as cybersecurity becomes a business imperative. For Southern Company, cybersecurity is not optional. They are required to address NERC cybersecurity standards, which, according to Southern Company’s systems analyst Larry Spoonemore, includes: maintaining an inventory of all assets and cyber devices/systems at ...
Industry conferences frequently offer a great chance to see new technologies up close along with the opportunity to hear various end users talk about their experience with those technologies. Less frequently, however, do you catch a bit of insight that could harbinger technology applications across industry.
The PAS conference in Houston last week primarily focused on the concept of Human Reliability, which, in essence, is the science of minimizing human error in service of greater safety, compliance and, ultimately, profitability. Highlighting the fact that this idea is not simply a pet concept of PAS—which is rebranding itself as “The Human Reliability Company”—the PAS conference featured a number of end user presenters fr...
It may not be a new concept, considering its roots can be found in H.W. Heinrich’s study of industrial safety in the 1930s, but the idea of “Human Reliability” certainly seems to be catching on across industry. Beyond the benefits of increased safety and improving the appeal of industrial work to new and existing employees, Human Reliability is also being lauded for its positive impact on productivity. A showcase example...
Visibility of control system data remains a top priority for refineries these days as the entire enterprise needs to see what is going on throughout the process. “We are constantly getting pressure to get the data as visible and transparent as possible to a variety of different groups,” said Jason Bottjen, manager of control systems engineering at Valero Energy Corp., during his talk Tuesday at the PAS Technical Conferen...
That is why there were two companies – Waterfall Security Solutions and Owl Computing — talking differing technologies at the PAS Technical Conference in Houston, but saying one way communication is a very effective security tool. ake the Shamoon attack this past August. RasGas suffered from the attack last August and it forced the company to disconnect completely from the network.
Larry Spoonemore knows the advantages of cyber security go beyond just securing the plant. He knows it can be a productivity enhancer. “You will find if you manage the issues and over a period of time, you will improve productivity,” said Spoonemore, the control system integrity coordinator at energy provider Southern Company during his talk Tuesday on Automated Management of Cyber Security Assets at the PAS Technical Co...
It is time to focus on human reliability. “We have done a fantastic job in improving productivity, let’s try to prevent human error,” said Eddie Habibi, chief executive and founder of PAS, during his keynote address Tuesday at the PAS Technical Conference in Houston. “Human error is to human reliability as pump failure is to asset reliability.” In these days of faster, better, more, the reliance on technology is becoming...
Using Technology to Try to Solve the Problem is Equally Human. Humans are wonderful, complex beings. That our very name, homo sapiens, can be translated to wise man, is an indication of our intelligence. We have the ability and capacity to do so much and, along with our advanced language capability, we can reason, problem-solve, introspect and quickly adapt to current conditions around us. But we are not infallible.
PAS, a supplier of human reliability software and services to the power and processing industries worldwide, has announced that Qatargas, the world’s largest liquefied natural gas (LNG) producer, has chosen PAS’ PlantState Suite alarm management software and engineering services for an improvement project across all their units.
Iconon any company, an employee’s performance affects its productivity, profitability, and reputation. In manufacturing, the link is immediately apparent because the process is directly controlled by the real-time actions of a console operator. If that operator makes a critical mistake, the entire company may be adversely affected.
In most process industries, manufacturing is directly controlled by the real-time actions of a console operator. If that operator makes a critical mistake, the entire company and its shareholders may be adversely affected. The disciplines of Human Factors and Ergonomics explore the way humans interact within their work environment. Every individual’s job performance directly impacts safety, production, and profitability ...
This alarm management problem leads on to a look at the practical and pragmatic approach adopted in the second edition of “The Alarm Management Handbook,” by Bill Hollifield, Principal Alarm Management Consultant for PAS, and Eddie Habibi, founder and ceo of PAS: incidentally Hollifield is also co-author of “The High Performance HMI Handbook.”
As a leading player in the field of automation and information technology decreasing the time to implement automation and information projects while reducing risk are key priorities for Invensys Operations Management. Recently, Invensys has adopted PAS’ Integrity Software in order to automate the capture and management of the highly complex configuration of process automation assets, from field devices to advanced applic...
A new era of the human-machine interface (HMI) is upon us. Harsher safety and compliance standards have persuaded many operating companies to replace their “traditional” graphics with high-performance HMIs – a move that is sure to make life easier for plant operators everywhere. When graphic operator display capabilities were first introduced into distributed control systems (DCS) in the late 1970s, there were no guideli...
PAS provides Operations and Automation Effectiveness solutions to the process industries. PAS improves operations effectiveness by maximizing operators’ situational awareness; enabling them to take the most beneficial actions during both steady state operations and abnormal situations. PAS’ Integrity software improves automation effectiveness by mapping and managing configuration for the ever-increasing number of complex...
PAS sets out to map the ‘Automation Genome’ Process automation users increasingly find themselves between the Scylla of growing complexity and the Charybdis of diminishing resource. OK, pretentious, but at least rather less cliché ridden than a rock and a hard place!
"All accidents are preventable." This is a powerful statement that inspires professional men and women in their quest for a safer working environment. We believe it to be true because otherwise we would have to accept failure. And when it comes to human life, failure is not an acceptable option. But is it true? Reality seems at odds with our belief.
By following seven key steps, operators can create highly effective, reliable alarm systems to optimize offshore production facilities' operation. Reliability of oil and gas production facilities has never been more important. Poorly performing alarm systems negatively impact reliability and production. They can interfere with, rather than assist, the operator in handling an abnormal situation.