PAS - PAS in the News

December 3, 2019
6 IoT Security Predictions for 2020

As we transition to a new decade, there is growing maturity in the field of IoT security, but also a wave of new risks. PAS, along with other industry leaders, share security concerns that may impact industrial environments in the coming year.

November 25, 2019
13 Security Pros Share Their Most Valuable Experiences

A valuable experience in PAS Global founder and CEO Eddie Habibi's security career was during his first gig as an independent OT consultant. Learn how a human error caused a near disaster and created a lasting passion for industrial process safety and OT cybersecurity.

November 16, 2019
The Energy Industry Practices for a ‘Black Swan’ Cyberattack That Could Take Down the Grid

PAS Global founder and CEO, Eddie Habibi, discusses cyber risk to the US electrical grid and other critical infrastructure during GridEx, where the energy sector meets to conduct simulated cyber attacks on the power grid. In this CNBC interview, he shares how critical infrastructure is a high-risk target for cyber attacks and industrial organizations need to do more to prepare for the inevitable.

November 4, 2019
Security and Distributed Resources: An Attacker 'Will Eventually Get In'

As the United States' electric system becomes more distributed, security experts say the growing array of internet-connected sensors and industrial control systems presents a potential vulnerability that is not clearly understood and could be exploited to cause blackouts.

November 1, 2019
Solar, Wind Power Utility Disrupted in Rare Cyberattack

A cyberattack on the U.S. energy grid has just come to light, so to speak, which disrupted plant visibility at Utah-based sPower back in March. sPower, a Utah-based wind and solar provider, began experiencing a series of lost connections between its main control center and remote power-generation sites.

November 1, 2019
Energy Company Hit With DoS Attack Last Spring Identified as sPower

“Even though, and thankfully, the operational area was not itself impacted… the simplicity of this attack should make generators sit up and take notice. This was a simple IT attack on an unpatched firewall, which was still vulnerable, in spite of the patch being available,” said Jason Haward-Grau, CISO at infrastructure/ICS security provider PAS Global.

October 28, 2019
5 Things the Hoodie & the Hard Hat Need to Know About Each Other

For nearly 30 years, operational technology (OT) in industrial facilities was considered relatively safe from outside hacking risk. The so-called air gap between IT and OT, paired with the heavy use of proprietary industrial control systems, created a mindset of "security via obscurity."

September 27, 2019
US Electric Grid More Vulnerable to Cyberattacks as DERs Increase Potential Targets, GAO Finds

According to a new assessment from the U.S. Government Accountability Office, industrial control systems and the rise of distributed resources play a major roles in the growing risk. The report recommends the FERC analyze the threat of a "coordinated cyberattack on geographically distributed targets" and consider beefing up its security requirements and compliance thresholds.

September 24, 2019
Phishing Campaign Continues to Target Utilities, Evolves Attack Techniques

Security firm Proofpoint on Monday revealed that what appears to be a state-sponsored hacking campaign targeting the U.S. utility sector with malware dubbed "Lookback" has continued and grown more sophisticated since it was first revealed this summer.

CNBC - Texas Ransomware Attacks Show Big Gaps in Cyber Defenses

August 22, 2019
Texas Ransomware Attacks Show Big Gaps in Cyber Defenses

The ransomware attacks against more than 20 Texas towns this week are significant. Though little is known about the origins of the attacks, the spread of ransomware across small-town America has exposed a deep problem in how the country approaches cybersecurity. That’s because local governments commonly share single service providers, making many vulnerable at once.

Control Design - PAS CMO answers 7 questions on the state of the industry

August 20, 2019
PAS CMO Answers 7 Questions on the State of the Industry

A technology executive with more than two decades of experience in cybersecurity, IT operations and enterprise business applications, Matthew Selheimer reveals his thoughts on the state of the industry and how the company will continue to protect clients in the future.

July 9, 2019
DOE, Industry Collaborate to Defend Power Utilities

The Department of Energy (DOE) engaged in conversations with industry partners in order to advance the cybersecurity of industrial control systems in the nation’s critical infrastructure, including power utilities and pipelines, according to FedScoop and E&E News. “Private entities and key agencies formed a consortium over concerns industrial control systems (ICS) are increasingly being targeted by nation-states, hacktiv...

July 5, 2019
DOE Teams with Industry on Pipeline Cybersecurity

The Department of Energy is working with industry to craft recommendations in the next several months for increasing cybersecurity around pipeline critical infrastructure. Private entities and key agencies formed a consortium over concerns industrial control systems (ICS) are increasingly being targeted by nation-states, hacktivists and advanced persistent threats, but such incidents aren’t being discussed.

July 3, 2019
Promise and Peril Line Utilities' Path to Cloud Computing

U.S. power utilities are crafting strategies for shifting their operations to the cloud, a once-unthinkable move filled with promise but dogged by questions about security and compliance. Cloud technology uses a virtual layer of software to marshal physical computing resources like data servers, allowing users to quickly draw the exact amount of processing power they need.

June 27, 2019
7 Ways to Mitigate Supply Chain Attacks

Companies should secure vendor access to their environments through strong security at the perimeter, PAS Global's Haward-Grau says. This can include measures like multifactor authentication and segregated access protocols. "Where possible, ensure vendors are using your systems to access your environment," he says. "Specify their user capabilities as external users of your infrastructure."

May 30, 2019
Executive Interview with Eddie Habibi of PAS

At the most recent ARC Industry Forum in Orlando this past February, I had the pleasure of interviewing Eddie Habibi, Founder and CEO of PAS. You can see the video here at our YouTube Channel. We had a chance to discuss a wide range of topics, from the convergence of cybersecurity and safety to the importance of having a good backup and response plan in case of a cyber-attack. PAS has grown to be one of the leading OT...

May 16, 2019
Operational Technology is Underrepresented in Cybersecurity

Podcast: PAS CISO Jason Haward-Grau talks about cyber crime in OT and the huge impact it has on human life, infrastructure, and energy resources. He discusses the importance of frameworks in encouraging good, ethical behavior and shares his thoughts on digital consumer rights being determined by geography.

May 9, 2019
Putting the Pieces Together for a Secure Industry

Cybersecurity has become intertwined—inescapably—with so much of the technology necessary to move industry forward and help manufacturers remain competitive. The cybersecurity ecosystem has also become more intertwined. Hardly a week passes without news of a new partnership among various types of suppliers within this community.

April 15, 2019
TRITON Attacks Underscore Need for Better Defenses

As attackers focus on cyber-physical systems, companies must improve their visibility into IT system compromises as well as limit actions on operational-technology networks, experts say. Security experts have a warning for critical-infrastructure companies: The group behind the TRITON attack on industrial control systems is not unique.

April 12, 2019
Industry Reactions to New Triton Attacks on Critical Infrastructure

News broke this week that the threat group behind the notorious malware known as Triton, Trisis and HatMan has targeted another critical infrastructure facility. The existence of Triton came to light in 2017 after the malware had caused disruptions at an oil and gas plant in Saudi Arabia. FireEye, which previously linked Triton to a research institute owned by the Russian government, recently analyzed the threat actor...

April 11, 2019
Trisis Malware Discovered at Additional Industrial Facility

When cybersecurity researchers at Dragos and FireEye disclosed the so-called Triton malware targeting industrial safety systems, it was something of a revelation. Triton marked the first discovery of malware intended to cause physical destruction. The code did so by targeting an industrial safety instrumented system, but was, thankfully, not effective in causing disaster. The attack, also known as “Trisis,” was shrouded ...

April 11, 2019
Triton/Trisis Attacks Another Victim

Yet another critical infrastructure organization was found infiltrated with the Triton/Trisis malware tools used in a 2017 attack that shut down the safety instrumentation system at a petrochemical plant in Saudi Arabia. FireEye Mandiant, here this week, revealed that it recently discovered the Triton/Trisis attack code installed at the second industrial organization and that it is currently working on an ongoing incide...

April 10, 2019
Second Triton/Trisis Critical Infrastructure Attack Spotted

A second attack against a critical infrastructure target has been launched using the Triton/Trisis custom attack framework. FireEye researchers were able to attribute a second attack to the Russian group it fingered as being behind the initial 2017 attack that hit a petrochemical plant in Saudi Arabia through its industrial control system.

April 10, 2019
New TRITON/TRISIS Cyberattack Reported at Critical Infrastructure Facility

Details about the attack are sparse, but FireEye and other experts warned that TRITON—also known as TRISIS—is an especially insidious attack framework because it is designed and deployed to modify application memory on safety instrumented system (SIS) controllers to prevent them from functioning correctly, increasing the likelihood of a failure and other physical consequences.

March 29, 2019
Combat Cybersecurity Threats To Process Safety

The quest for continuous improvement in the process industries always requires change. However, when not managed properly, change can lead to disaster. Chemical makers and refiners often use their industrial control system (ICS) — the cyber-physical assets responsible for automated controls and safety — as the platform for continuous improvement. At most sites, the ICS undergoes more changes than any other production ass...

March 21, 2019
Video Interview: PAS Founder & CEO Eddie Habibi at the ARC Industry Forum 2019

In this video from the ARC Forum 2019, Larry O’Brien, VP of Research from ARC Advisory Group, talks to Eddie Habibi, Founder and CEO of PAS Global, LLC about the importance of IT/OT convergence as well as OT cybersecurity and process safety convergence. They elaborate on the three most important OT cybersecurity considerations: building a complete and accurate ICS asset inventory, maintaining a baseline configuration and...

February 26, 2019
Is Your Data Center Power System Protected from Cyberattacks?

Generators, uninterruptable power supplies, and power distribution units all help to maintain and control the power that runs the data centers. But they rarely pay enough attention to the cybersecurity controls on their power systems, even though these systems are proving to be vulnerable to cyberattacks.

February 21, 2019
In Search of Industrial Cybersecurity Experts

Whether hiring an outsider or training someone in-house, there is always the perennial worry about someone poaching your ICS cybersecurity professional after you’ve invested in their training. There is no easy answer, Haward-Grau says—just the heavy lifting it takes to retain employees with hot skills. At PAS, he devotes a major portion of his CISO role to the care and feeding of his cybersecurity team. “You have to make...

January 16, 2019
Malware Built to Hack Building Automation Systems

S4x19 -- Miami -- Researchers who discovered multiple vulnerabilities in building automation system (BAS) equipment have also constructed proof-of-concept malware to exploit some of those security weaknesses. Security researcher Elisa Costante and her team at ForeScout last summer created the test malware – a modular design that includes a worm that spreads itself among BAS devices – using intelligence they gathered over...

January 15, 2019
PAS Global Expert on How Best to Approach OT Cybersecurity

ddie Habibi, founder and CEO of PAS Global, is considered a pioneer and thought leader in the fields of industrial control systems (ICS) cybersecurity, Industrial IoT, data analytics and operations management. He talks to Intelligent CISO here about why IT and OT security must come together to ensure industrial facilities remain secure, using best practice guidance from Christophe Rey-herme, CISO for industrial control

January 15, 2019
How to Mitigate Risks Caused by Supply Chain Software

Another way an organization can identify whether it's exposed to cybersecurity risks is by doing a risk assessment, said Eddie Habibi, founder and CEO of PAS Global, a provider of industrial control system cybersecurity in Houston. Many companies, including the big four consulting firms, offer this service, which provides clients with a checklist to ensure they are following certain methods and taking the right steps to ...

January 14, 2019
Cybersecurity Predictions for 2019

Another nation-state-related prediction warns of a convergence with organized crime. “In the past, organized crime played a significantly larger threat to the industry than nation-state attacks as the rise in opportunity and capability brought organized criminals into the arena,” said Jason Haward-Grau, CISO at PAS Global. “In 2019, dangerous nation-state alliances will be formed or further cemented, and these groups wil...

January 9, 2019
Safety, Physical, Cyber Security Triangle Converging

Any weakness an attacker can find in the security armor could be an entry point. “We are seeing attacks across all vectors, and the majority are still seen as transiting across the magic air gap from the enterprise into OT,” said Jason Haward-Grau, CISO at PAS Global. “The challenge is that we don’t tend to talk about the attacks that are happening unless necessary. In some cases, they aren’t even identified as cyber att...

December 26, 2018
Cybersecurity Experts Ponder Looming 2019 Threats

While CSOs and CISOs might not all agree on what their most dangerous threats are, they are certainly in unison when it comes to taking a more proactive than reactive approach to facing their challenges. As is our custom this time of the season, SecurityInfoWatch investigates our collective crystal ball – with the help of industry experts, of course – to predict what threats and challenges loom for 2019. The responses we...

December 21, 2018
FBI Warns Industry that Hackers Could Probe Vulnerable Connections in Building Systems

The building-automation sector has lagged behind others in network defense, experts said. While security practitioners have paid greater attention to the ICS field as a whole in recent years, the subsector of building automation has been neglected, said Eddie Habibi, founder of energy-security company PAS Global.

December 6, 2018
Industrial Cybersecurity Co. to Hire, Expand Clear Lake Headquarters

“We are on a very critical mission,” said CEO Eddie Habibi. “When there is a successful attack on critical infrastructure, people get hurt. Molecules move, atoms move, electrons move and bad things happen.”

November 2018
Viewpoint - Industry 4.0: Demystifying the Next Big Thing in Oil and Gas

Until a few years ago, the term Industrial Revolution referred to the significant technological changes that began in the late 1700s with the advent of the steam engine, leading to the mechanization of work and the unprecedented economic growth and prosperity that followed. The age of the steam engine is now considered the first Industrial Revolution. The second Industrial Revolution began in the late 1800s with the prol...

November 5, 2018
Energy Sector's IT Networks in the Bulls-Eye

Eddie Habibi, founder and CEO of ICS security firm PAS Global, says his firm has seen how IT network hacks can ultimately can be used to harm the human machine interfaces (HMI) of machines in the industrial network side, for example. That can allow an attacker to corrupt databases, for example, he says, or block the ICS/SCADA operator's view of a manufacturing process. But for attackers to truly disrupt or sabotage an...

November 5, 2018
How the Oil Industry Can Avoid Unseen Dangers in Operational Technology

Attacks on OT systems are escalating rapidly, yet many oil and gas companies continue to focus cyber security efforts on IT-centric, rather than production-centric, endpoints. They also continue to rely on manual vulnerability management processes, leaving their industrial facilities exposed to unacceptable risks.

November 1, 2018
Cybersecurity Viewed As Extension of Alarms and Safety Systems

I asked PAS founder and CEO Eddie Habibi about his pivot to cybersecurity during our conversation this week. It’s not a pivot, he corrected me. Cybersecurity is a natural progression from all the work PAS has done since its founding. “Cybersecurity starts with knowing everything in the system from level 0 forward. This creates a baseline for change management. (PAS product) Integrity had that already, so we built analyti...

October 24, 2018
There’s No Technological Panacea to Save ICS From Cyber Threats- You Need Strong Foundations

“We’re chronically late to the party” starts Jason Haward-Grau, CISO at PAS, on stage “…because we’re still trying to learn the lessons from the last 10-15 years, while our adversaries are out there innovating.” He’s at CS4CA Europe 2018, speaking about securing industrial control systems (ICSs) by monitoring and detecting unauthorized change in the process control network (PCN).

October 23, 2018
Industrial Control Systems: Securing The Heartbeat of Critical Infrastructure

For many years, cyber security for ICS was something of an afterthought. Security investments focused on the IT assets that drive business processes and personnel productivity. The primary objective for IT cyber security is to protect Intellectual Property and ensure availability of the IT assets. ICS were not considered to be a target because they were obscure, isolated from the IT networks and generally not of interest...

October 15, 2018
Grid Mod: Transactive and Distributed Tech Demand a New Approach

Standardization is "generally helpful for the cybersecurity market," Habibi said. "However, standards generally provide guidelines that then must be expanded upon by operating companies." As the United States' electric grid is modernized, Habibi said the most important point may be to inventory and understand the industrial control systems that are connected and controlling vital equipment.

October 11, 2018
U.S. Weapon Systems Cybersecurity Failing, GAO Report Says

Jason Haward-Grau, CISO at PAS in Houston, agreed that it was good news that "these issues have been identified now, so they can be addressed." "Knowing where you are and where your vulnerabilities lie is the first step to being able to address it. Cybersecurity is now very much front and center in most organizations and the concepts of getting and keeping your house in order are gaining traction," Haward-Grau wrote via ...

October 9, 2018
Industrial Control Systems: How to Approach OT Cybersecurity

To secure industrial facilities and ensure safe, reliable production, operational technology (OT) and IT security, traditionally two separate disciplines with different priorities, must come together to share cybersecurity and risk management best practices. PAS Global recently reached out to a panel of industry experts focused on OT cybersecurity risk mitigation and asked them to share their strategies for making indust...

October 3, 2018
From the ICS Frontlines: Approaching OT Cybersecurity

To secure industrial facilities and ensure safe and reliable production, operational technology (OT) and information technology (IT) security—traditionally two separate disciplines with different priorities— must collaborate to share cybersecurity and risk management best practices. We recently reached out to a panel of industry experts focused on OT cybersecurity risk mitigation and asked them to share their...

September 26, 2018
Edge Computing is the Place to Address a Host of IoT Security Concerns

First designed for the industrial IoT (IIoT), edge computing refers places placing an edge router or gateway locally with a group of IIoT endpoints, such as an arrangement of connected valves, actuators and other equipment on a factory floor. Because the lifespan of industrial equipment is frequently measured in decades, the connectivity features of those endpoints either date back to their first installation or they’ve ...

September 14, 2018
Does the United States Need a National Cybersecurity Agency?

According to Tamara Anderson, VP of Corporate Strategy and General Counsel at PAS, Global, which works in ICS security, “Consolidating the various federal cyber operations into a highly-functional, focused and coordinated organization is imperative.” She noted, however, “Rather than creating a hard-handed, authoritative regulating body, it’s crucial that a new cybersecurity agency collaborate effectively with the private...

September 5, 2018
Meeting the Security Challenges for ICS, OT

perational technology (OT) makes our factories run and ensures the critical infrastructure can fulfill its services. Yet, when we talk about manufacturing and systems in terms of cybersecurity, the focus tends to be on protecting the IT networks, rather than protecting OT.

August 24, 2018
National Women's Equality Day a Reminder of Inequality in Cybersecurity

August 26 is dedicated to celebrating women’s equality nationally. But when it comes to the cybersecurity field, how can we celebrate when the lack of women in the tech and cyber field is plainly evident and conferences such as RSA, Black Hat and Identiverse are being criticized for not selecting women to keynote any sessions?

August 24, 2018
Black Hat 2018: The ICS Conversation

The subject of Industrial Control Systems (ISCs) came up frequently at Black Hat 2018. The threats are very real, with serious potential consequences in the event of a successful attack. “It’s about safety. Your unknown, Reagan-era hardware might control valves and pipes that could explode if they get overloaded by an attack,” remarked CEO Eddie Habibi.

August 20, 2018
The Oil Industry’s Unseen Dangers: OT Cyber Vulnerabilities

Attacks on OT systems are rapidly escalating, yet many oil and gas companies continue to focus cybersecurity efforts on IT-centric, rather than production-centric, endpoints. Scott Hollis, Director of Product Management at PAS, looks at how the oil industry can avoid the unseen dangers in operational technology.

August 14, 2018
Def Con Voting Machine Hacks Ruffle Feathers

The security of the election infrastructure needs the same attention that protection of the nation's critical infrastructure has been getting, maintained Eddie Habibi, CEO of PAS, a provider of security software for industrial control systems, based in Houston, Texas.

August 13, 2018
How Nation-State Attacks Impact Businesses

With tensions between global superpowers rising, cyber attacks have become a new frontier for governments to gain an advantage over one another. SecurityBrief spoke to PAS Global CEO and industrial cybersecurity veteran Eddie Habibi about nation-state attacks, the motivations behind them, and how organisations get caught in the crossfire.

August 8, 2018
Security Guy TV: Live Black Hat 2018 Interview

PAS Founder and CEO Eddie Habibi talks to Chuck Harold of Security Guy TV live at Black Hat 2018.

August 7, 2018
Utilities Prepare for Increased Cyberattacks on the Electric Grid

More electric utilities and energy companies are turning to cybersecurity vendors for protection against attempted attacks, a growing threat highlighted by the recent disclosure of Russian hacking into their communications networks last year. The U.S. utility sector faces millions of attempted cyber intrusions a day. Duke Energy, one of the largest power companies in the nation serving 7.6 million customers reported mo...

August 3, 2018
Russian Attacks on U.S. Industry Continue

No doubt you saw the flurry of news last week from the Department of Homeland Security about Russian hackers accessing isolated, secure, air-gapped networks at power generation utilities. DHS noted that the hackers gained access to the utilities’ networks by first breaking into the networks of the utilities’ trusted vendors. The hackers were able to do this by using tools like spear-phishing emails and watering-holes to ...

July 25, 2018
Podcast: The Industrial World is Facing a Security Crisis

Eddie Habibi, the CEO of industrial IoT security company, sounds off on how to secure the increasingly connected industrial control space. As more industrial systems become connected, so follows increased awareness of security issues surrounding industrial control systems, programmable logic controllers and SCADA. These once rare worlds of operational technology (OT) and IoT have now become part of the mainstream cybe...

July 25, 2018
Political Ploy or Not, Industry Needs to Act

A chill spread over the manufacturing automation sector this week as a warning released from the Department of Homeland Security (DHS) regarding Russian infiltration of energy sector systems and networks. More details on the advanced persistent threat (APT) attacks did release from an earlier March warning and some recommendations were made to help protect organizations.

March 1, 2018
A Cybersecurity Platform for Multi-Vendor Automation Systems

This company’s Cyber Integrity 6.0 platform now includes continuous vulnerability management, providing immediate, comprehensive visibility into vulnerability risk within industrial process control networks. Cyber Integrity works across the multi-vendor automation environment, providing foundational cybersecurity, enterprise scalability and platform independence. It also automates internal and regulatory compliance repor...

June 25, 2018
The Right Remedy for OT Vulnerability

Industrial process and power companies struggle to effectively manage OT cybersecurity vulnerabilities and risks. This threat is expanding, and such vulnerabilities are considerably harder to identify and remediate than IT vulnerabilities. The sophistication and effectiveness of recent industrial cyber attacks, such as the Triton/Tritos malware attack in 2017, demonstrate that it is more important than ever to identify a...

June 18, 2018
D.C. Distributed Energy Proposal Draws Concerns of Increased Cybersecurity Risks

According to Eddie Habibi, CEO at PAS, a cybersecurity company offering services to the energy and power industries, the risk of cyber attacks is very real. An attack could cause a loss of power in a large area of the country for an extended period of time, and can be almost as bad as any natural disaster.

June 4, 2018
Security's Role in Manufacturing Automation

Advances in technologies can lead to great things for the manufacturing automation sector, but everyone has to keep in mind security has to play a key role. "With new technologies and new advancements, we can see unintended consequences," said Eddie Habibi, chief executive and founder of PAS Global during his keynote address at the PAS 2018 Optics conference in Houston. "This is no different than working in a process pla...

June 1, 2018
DOE Cybersecurity Report Reveals 7 'Gaps' in Power Sector Defense Capabilities

The U.S. Department of Energy on Wednesday made public an August 2017 report that concluded there are more than a half dozen "capability gaps" in the power sector's ability to respond to a cyberattack on the electric grid. A power outage due to a cyberattack has never happened in this country, but hacking attempts are on the rise and a recent focus on industrial control systems (ICS) by would-be intruders has upped the ...

May 29, 2018
What Lies Beneath - Avoiding the Unseen Dangers of OT Vulnerabilities

Given the sophistication and effectiveness of recent industrial cyber-attacks, such as the Ukrainian power grid attack in 2015, the Industroyer/CrashOverride malware attack in 2016, and the Triton/Trisis malware attack in 2017, it is more important than ever to identify and remediate operational technology (OT) vulnerabilities. However, industrial process and power companies still struggle to effectively manage OT cybers...

May 21, 2018
Five Ways the Utility Industry Can Mitigate Cyber Incidents

With the rising urgency of threats to the power grid, cybersecurity is becoming prioritized along with safety. A strategy based on rules, enforcement and awareness needs to be applied to the power, oil and gas sectors, according to PAS CEO and Founder, Eddie Habibi.

April 19, 2018
Critical Infrastructure Needs Shoring Up after U.S., U.K. Blame Russia for Attacks

The U.S. is prepared to take aggressive action against Russia for a recent, extended campaign of cyberattacks on infrastructure assets around the world by compromising devices such as routers and firewalls, the White House cybersecurity coordinator, who has since left his position, said Monday. “When we see malicious cyberactivity, whether it be from the Kremlin or other nation-state actors, we are going to push back,”

April 18, 2018
U.S., UK OT Alert on Russians Hackers

Critical infrastructure, governments and Internet service providers (ISPs) are all areas Russian state-sponsored hackers are targeting on a global basis, according to a joint technical alert released this week. The focus of the attacks are “government and private-sector organizations, critical infrastructure providers, and the Internet service providers (ISPs) supporting these sectors,” according to the alert released by...

April 13, 2018
Can the Law Stop Ransomware?

Stunning ransomware attacks like those that recently hobbled Atlanta and Baltimore have thus far defied a legislative solution, with lawmakers in only a handful of states having criminalized the activity and experts skeptical that harsher laws would even make a difference. The attack on Atlanta last month, which reportedly struck five of 13 city agencies and forced some 8,000 city workers to take their computers offli...

April 13, 2018
Managing the Consequences of Cyber Threats

General Michael Hayden, a retired U.S. Air Force four-star general and the former Director of the National Security Agency (NSA) and Central Intelligence Agency (CIA), has extensive knowledge and understanding of how to handle conflict and combat. During his time serving in a variety of senior positions, including responsibility for a combat support agency of the Department of Defense, as the Commander of the Air Intelli...

April 11, 2018
PAS: Avoid Unintended Consequences

Advances in technologies can lead to great things for the manufacturing automation sector, but everyone has to keep in mind security has to play a key role. “With new technologies and new advancements, we can see unintended consequences,” said Eddie Habibi, chief executive and founder of PAS Global during his Tuesday keynote address at the PAS 2018 Optics conference in Houston, TX. “This is no different than working i...

April 11, 2018
PAS: Cyber a New Domain

Technology is advancing across all industries and it is making them smarter and more agile, but attack vectors are also on the rise, which means industry leaders need to understand who and what they are facing. “The faster we go, the more ‘behinder’ we get,” said General Michael Hayden, principal at the Chertoff Group and former Director of the CIA and the NSA, during his keynote address Tuesday at the PAS 2018 Optics...

March 28, 2018
The Infiltration of U.S. Control Systems

CERT Alert TA18-074A removed any doubts that hostile nation states are actively targeting U.S. industrial control systems. On March 15, 2018, we all learned that the long-discussed cyber-attack on industrial control systems (ICS) had actually happened. Of course, many attacks on ICSs have happened before, but this one—with the backing of a nation-state—is the one that has been most feared.

March 19, 2018
8 Questions to Ask About Your Industrial Control Systems Security

Do you have a real cybersecurity-focused ICS strategy in place, or are you force-fitting IT security policies on your industrial control systems? A recent incident where a likely nation-state threat actor inadvertently shut down a critical infrastructure facility in the Middle East when testing new malware has stoked widespread concerns about the vulnerability of industrial control systems (ICSs) to new cyberthreats. Man...

March 12, 2018
MuddyWater APT Campaign Flowing Again

The MuddyWater campaign appears to be rising to the surface again with researchers finding similarities between this older cyberespionage attack and a new one targeting Turkey, Pakistan and Tajikistan. Trend Micro researchers believe the latest series of incursions is related to last year's MuddyWater incidents, which were discovered by Palo Alto's Unit 42, as each uses official looking documents purporting to be from...

February 22, 2018
Anatomy of an Attack on the Industrial IoT

We like to think that cyberattacks are focused primarily on stealing credit card numbers and that attackers don't know much about the control systems that run critical infrastructure. Unfortunately, that's just wishful thinking. In 2017, we saw an increasing number of threat actors bypass existing network perimeter security controls to perform sophisticated reconnaissance of industrial process control networks (PCNs). Th...

February 19, 2018
Cross-Industry Collaboration at Heart of Cybersecurity Agreement

With major cyber attacks like WannaCry, NotPetya and Triton affecting not only consumer entities but manufacturing and energy sectors as well, 2017 could be the year that industry finally took notice of the growing threat to industrial control systems. Does that also mean 2018 will be the year that industrial companies take the steps necessary to prevent the next attack?

February 15, 2018
Making Sense of the ICS Cybersecurity Market

The convergence of industrial control networks and operational technology (OT) with traditional information technology (IT) has been a “coming attraction” for years. But the growth in ICS cyber attacks is a sign that convergence is finally here. In the past, securing control systems was not a major concern because they were air gapped -isolated from IT and the rest of the enterprise -running on proprietary protocols, emb...

February 7, 2018
ICS Connected to Net: Beware of Hype

It is very easy to get caught up in the hype and hysteria surrounding cybersecurity and not understand facts behind a barrage of data. In the end, it is all about context. That idea comes into play after a report released earlier this week saying the amount of industrial control systems (ICS) now accessible over the Internet increased over the previous year.

January 29, 2018
PAS Releases Cyber Integrity 6.0

PAS Global released its PAS Cyber Integrity 6.0, which includes continuous vulnerability management providing visibility into risk within industrial process control networks. With traditional IT vulnerability management, Cyber Integrity also addresses proprietary industrial control systems that comprise 80 percent of a facility environment.

January 25, 2018
Industrial Safety Systems in the Bullseye

No doubt it could have been far worse - even catastrophic. An apparent misstep by the attackers behind the malware now known as TRITON/TRISIS that was discovered embedded in a Schneider Electric customer's safety system controller late last year fortunately failed, causing two of the safety instrumented systems (SISes) to shut down an industrial process in the plant. That outage led to the discovery of the customized bac...

January 23, 2018
Fallout from Rushed Patching for Meltdown, Spectre

The performance hit with the patches is especially painful for the industrial environment, which is both a juicy target for attack as well as highly disruption-averse. "In the world of critical infrastructure, where safety and availability are paramount, updates that carry this kind of baggage are simply not applied immediately," says Eddie Habibi, founder and CEO of PAS Global.

January 19, 2018
New Infosec Products of the Week: January 19, 2018

PAS Cyber Integrity 6.0 now includes continuous vulnerability management providing visibility into vulnerability risk within industrial process control networks. Cyber Integrity moves beyond traditional IT vulnerability management by also addressing the proprietary industrial control systems that comprise 80 percent of a facility environment.

January 15, 2018
Trust is Not a Strategy for Cybersecurity

Digitalization adds significant value despite the cyber risk. “Don’t fear connectivity – the benefits are too great,” says Eddie Habibi, founder and CEO of PAS Global. On the other hand, he cautions, the threat of cyberattack is imminent and proven; critical systems are vulnerable; and “every minute, day, or month that you put off securing your systems, they remain at risk.”

January 15, 2018
Episode 79: Hackable Nukes and Dissecting Naughty Toys

In this week’s Security Ledger Podcast episode, the UK -based policy think tank Chatham House warned last week that aging nuclear weapons systems in the U.S., the U.K. and other nations are vulnerable to cyber attacks that could be used to start a global conflagration. We talk with Eddie Habbibi of PAS Global about what can be done to secure hackable nukes.

January 12, 2018
Enabling Continuous Vulnerability Management for Industrial Control Systems

Industrial companies have made significant investments in cybersecurity technologies to protect their plants and industrial control systems (ICS). But many companies are unable to keep up with the never-ending stream of new vulnerability alerts from suppliers and groups like ICS-CERT. This leaves many plants at risk of serious cyber incidents, jeopardizing safety and operational reliability.

January 11, 2018
Report Claims Hackers Could Start a Nuclear War through Vulnerable Weapons Systems

A think tank today published a report that claims that nuclear weapon systems in both the U.S. and U.K. are vulnerable to hacking and that hackers could potentially start a nuclear war. The claim comes from Chatham House in its report “Cybersecurity of Nuclear Weapons Systems: Threats, Vulnerabilities and Consequences,” which details the history of nuclear weapons systems and the inherent risks built into them.

January 7, 2018
Our Top 7 Cyber Security Predictions for 2018

Given what’s happened in 2017 — the Equifax breach, state-sponsored attacks, Russian manipulation of social media, Wannacry, and more phishing scams than we can count — you might not be looking forward to 2018. Breaches will be bigger, hackers will be smarter, and security teams and budgets won’t seem to keep pace.

December 20, 2017
ICS Alert: USB Malware Attack

Security provider Nyotron found an advanced malware campaign attempting to attack a company’s Middle Eastern critical infrastructure clients. “On December 11, 2017 at 01:21 a.m., a night-shift employee working at an around-the-clock critical infrastructure facility located in the Middle East plugged a USB drive into a shared workstation that dozens of the company’s employees use on a daily basis.”

December 19, 2017
You Can Be a Cybersecurity Badass - Part 2

Of course, the ultimate aim of any cybersecurity effort is the same as any other plant-floor initiative from basic loop control to advanced process optimization and safety—keep the application running as efficiently and profitably as possible. However, because there's no "set it and forget it" with cybersecurity due to constantly evolving probes and threats, a secure network and the communications traffic on it must be c...

December 18, 2017
Our Top 7 Cyber Security Predictions for 2018

Given what’s happened in 2017 — the Equifax breach, state-sponsored attacks, Russian manipulation of social media, Wannacry, and more phishing scams than we can count — you might not be looking forward to 2018. Breaches will be bigger, hackers will be smarter, and security teams and budgets won’t seem to keep pace.

AutomationWorld reports on cyber attack in critical infrastructure

December 18, 2017
Cyber Attack Hits Safety System in Critical Infrastructure

Industry is abuzz over reports issued by both FireEye and Dragos about a cybersecurity incident that took place at a critical infrastructure facility in the Middle East. The malware referred to as Triton is significant to our community because it is not only part of an increasing focus of attacks on industrial control systems (ICSs), but it is the first to directly target a safety instrumented system (SIS).

CSO announces top cybersecurity predictions for 2018

December 18, 2017
Our Top 7 Cyber Security Predictions for 2018

Given what’s happened in 2017 — the Equifax breach, state-sponsored attacks, Russian manipulation of social media, Wannacry, and more phishing scams than we can count — you might not be looking forward to 2018. Breaches will be bigger, hackers will be smarter, and security teams and budgets won’t seem to keep pace. Some things will get worse before they get better, but we expect real progress in a few areas.

December 11, 2017
What Lies Beneath – Avoiding the Unseen Dangers of OT Vulnerabilities

A recent Accenture survey found that 76 percent of utility executives in North America believe the country faces a moderate risk of interruption to electricity due to a cyberattack. The full truth is that much more infrastructure than power generation is at risk. Process control networks (PCNs) in critical infrastructure sites − refineries, chemical plants, and manufacturing facilities − all have potential danger swimmin...

December 6, 2017
2017 Internet Of Things 50: 15 Coolest Industrial IoT Companies

Here are CRN's 15 coolest industrial IoT companies that are leveraging their channel to deploy analytics and data monitoring tools on the industrial floor, deploy connected smart equipment, and ultimately bridge IT with operational technology.

December 5, 2017
Industrial Cybersecurity Predictions

2017 was certainly a year in which industry seemed to become more focused on cybersecurity. But with so much activity in this sector, making sense of it all is tough. Here are some insights into potential new developments for 2018. Eddie Habibi, founder and CEO of PAS—a cybersecurity and asset and operations management technology supplier—recently shared his thoughts on what he called “seven seismic trends” he expects to...

November 24, 2017
Industrial Security Provider PAS Joins RSA Ready Technology Program

Global industrial control systems security provider PAS Global’s Cyber Integrity platform has now become completely interoperable with RSA NetWitness Suite. PAS is a solution provider of industrial control system (ICS) cybersecurity, process safety and asset reliability in the energy, power and process industries. The interoperability means that industial process companies that use RSA NetWitness can access further secur...

November 13, 2017
Emerging IT Security Technologies: 13 Categories, 26 Vendors

In the category of ICS Security - Tools for enabling the security, confidentiality, and integrity of network-connected SCADA and industrial control systems. Founded in 2014, PAS provides cybersecurity, asset management, and process safety products for the power, process, and energy industries. Factors to Watch include a strategic global partnership with Siemens for real-time monitoring of control systems Platform-i...

12 Predictions for ICS Cybersecurity in 2018

What does 2018 hold for ICS cybersecurity? Here are seven seismic trends Eddie Habibi sees happening in the world of ICS cybersecurity: Disclosing a Critical Infrastructure Cyber Attack Will Be Mandatory: The lack of a mandate to disclose attacks on corporations continues to hinder accurate intelligence gathering, targeted defensive strategies against an evolving threat landscape, and appropriate offensive respons...

November 1, 2017
How to Find an APT Attack

Critical infrastructure presents high value targets that if exploited can produce significant political or financial gain – more than retail or financial industry targets we tend to see in the news,” said David Zahn, GM of the cybersecurity business unit at PAS. “The reason is that the industrial control systems that sit at the end of the industrial facility’s kill chain control in many cases volatile process.

October 25, 2017
Understanding the Threat: Bad Rabbit Ransomware Spreads Worldwide

The United State Computer Emergency Readiness Team (US-CERT) is warning of a new ransomware campaign called Bad Rabbit, which appears to be a variant of the Petya ransomware that was first detected in early 2016. "US-CERT discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored," US-CERT stated in an alert. "Using unpatched and unsupported software may inc...

October 23, 2017
DHS, FBI Warn of Ongoing APT Attack Against Critical Infrastructure

The Department of Homeland Security and Federal Bureau of Investigation have issued a joint technical alert warning that government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors are subject to an ongoing attack campaign from an advanced actor, most probably Dragonfly (aka Crouching Yeti and Energetic Bear).

October 23, 2017
US-CERT Warns of Active Attacks Against Industrial Control Systems

US-CERT issued a technical alert advisory on Oct.21 warning of advanced persistent threat activity targeting energy and other critical infrastructure sectors across the U.S. The technical alert was compiled with information provided from both the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). According to the analysis, energy, nuclear, water, aviation and critical manufacturing sec...

October 13, 2017
North Korean Hackers Hit U.S. Electric Companies with Spear Phishing Attacks

Eddie Habibi, CEO of PAS Global, told eSecurity Planet by email that as tensions continue to rise between the U.S. and North Korea, we should expect the intensity of cyber attacks on U.S. critical infrastructure to rise as well. And while critical infrastructure is as prepared as it has ever been for phishing attacks, Habibi said, it's not well prepared for the consequences of attacks that provide the attackers with "ac...

October 11, 2017
North Korean Threat Actors Probe US Electric Companies

September spear phishing attack appeared to be more reconnaissance activity than sign of impending attack, FireEye says. Known threat actors based in North Korea recently targeted several US electric companies in a spear-phishing campaign that appeared to be more of an early reconnaissance mission than an attempt to cause any immediate disruption.

October 11, 2017
North Korean Hackers Targeted U.S. Electric Firms: Report

Hackers likely affiliated with the North Korean government seem to lack the ability to disrupt the U.S. power supply, according to a new report from FireEye. The state-sponsored actors conducted a reconnaissance attack against electric companies in the United States on Sept. 22, 2017, via spear-phishing emails, but the incident did not lead to a disruption, the security company reports.

October 11, 2017
North Korea Targets US Power Grid

As the saber-rattling between US President Donald Trump and North Korean leader Kim Jon-Un continues, reports have surfaced that the DPRK had plans to hack the American power grid, while also successfully targeting the South Korean Ministry of Defense.

October 10, 2017
Protecting the ICS from Cyberthreats

Effectively meeting ICS cybersecurity challenges begins by recognizing that OT is uniquely different from IT. IT systems manage digital bits of information. OT systems drive production by monitoring and directly controlling physical devices, such as circuit breakers at power stations that distribute electricity and the valves and compressors at refineries that produce gasoline. While attackers focusing on enterprise IT s...

October 10, 2017
Beyond Alarm Management

Alarm management’s powerful infrastructure extends to many other important uses. Once you have accomplished alarm system improvement, what is next? Can you leverage the software and work processes in place for alarm management to achieve other significant improvements? Many companies are doing exactly that.

February 5, 2018
Q&A: Siemens Industrial Security Exec on Cyber Priorities

Decades ago, the term “industrial security” primarily referred to safeguarding physical assets. With the rise of connected industrial control systems, the focus expanded to keep remote intruders out. In both cases, industry professionals often approached security as a mission to keep some malevolent “other” out of their premises and away from critical machinery. While the threat of external threat actors is very real, th...

September 27, 2017
The WannaCry Ransomware Pandemic: Sloppy but Dangerous. What about ICS?

WannaCry infections have resumed, but at a slower rate, as the kill switch in the original version is removed. A now warned and worried online world is working to secure itself against this second, apparently less virulent, variant of the ransomware. Attribution, which is still at a very circumstantial and preliminary stage, continues to point toward North Korea. Technical experts think they've found evidence of connecti...

September 25, 2017
Siemens, PAS Team Up for Control System Monitoring

Siemens and PAS Global have announced a partnership to provide real-time monitoring for industrial control systems. The companies' combined technology will provide customers with the tools to identify proprietary assets and to detect and respond to threats to control systems.

September 21, 2017
Monitoring System: Fleet-Wide, Real Time Monitoring for Control Systems

Siemens, a global engineering and technology provider, and PAS Global, a provider of industrial control system (ICS) cybersecurity solutions, announced an agreement to provide fleet-wide, real time monitoring for control systems. By leveraging the capabilities of both companies, this partnership will provide customers with: (1) deep analytics required to identify and inventory proprietary assets; and (2) visibility to de...

September 20, 2017
Siemens and PAS Strike Up Partnership to Provide Essential Industrial Control System Cybersecurity

Siemens, a global engineering and technology company, and PAS Global, a leading provider of industrial control system (ICS) cybersecurity solutions, announced an agreement to provide fleet-wide, real-time monitoring for control systems. By leveraging the unique capabilities of both companies, this partnership will be able to provide customers with: (1) deep analytics required to identify and inventory proprietary assets;...

September 20, 2017
Keeping Assets Safe From Cyber Attacks

Siemens has announced an agreement with U.S.-based PAS Global, a global provider of industrial control system (ICS) cybersecurity solutions, to provide fleetwide, real time monitoring for control systems. The agreement will provide customers with the deep analytics required to identify and inventory proprietary assets and the visibility to detect and respond effectively to attacks across the operating environment, Sieme...

September 19, 2017
Keeping Things Secure From Cyber Attacks

Siemens has announced an agreement with U.S.-based PAS Global, a global provider of industrial control system (ICS) cybersecurity solutions, to provide fleetwide, real-time monitoring for control systems. The agreement will provide customers with the deep analytics required to identify and inventory proprietary assets and the visibility to detect and respond effectively to attacks across the operating environment, Sieme...

September 19, 2017
Siemens and PAS Team to Provide ICS Security in Energy

With a focus on protecting the critical infrastructure industries of utilities and oil and gas, the partnership combines control system knowledge and analytics with deep domain expertise and response. It takes a village to raise a child. It also takes a village to protect your assets. In the energy industry—where use of digital technologies is growing to help boost revenues and efficiencies, and where cyber attacks have ...

September 19, 2017
Siemens and PAS Global Partner to Address ICS Cybersecurity

Siemens has announced it has partnered with industrial control system (ICS) cybersecurity solutions company PAS Global, to provide stronger visibility and security across the ICS - particularly in the oil and gas and utility sectors. According to Siemens, the partnership will increase visibility to detect and respond effectively to attacks across the operating environment, provide deep analytics required to identify and ...

September 19, 2017
Siemens, PAS Announce Partnership to Provide Industrial Control System Cybersecurity

Siemens and PAS Global, a provider of industrial control system (ICS) cybersecurity solutions, announced an agreement to provide fleet-wide, real time monitoring for control systems. By leveraging the unique capabilities of both companies, this partnership will provide customers with deep analytics required to identify and inventory proprietary assets; and visibility to detect and respond effectively to attacks across th...

September 19, 2017
Siemens, PAS Partner on Industrial Cybersecurity

Engineering giant Siemens and PAS, a company that specializes in cyber security solutions for industrial control systems (ICS), announced on Tuesday a new strategic partnership. The goal of the partnership is to provide organizations the capabilities needed to identify and inventory assets, including distributed and legacy control systems, and provide visibility for detecting cyber threats and unauthorized engineering c...

September 19, 2017
Siemens' New ICS/SCADA Security Service a Sign of the Times

Now meet the next big thing for Siemens and other major ICS/SCADA equipment vendors: managed security services. Siemens today kicked up a notch its existing network monitoring and security services with the addition of anomaly detection technology from PAS that monitors all brands of industrial and computing equipment – not just its own - on a plant network.

September 19, 2017
IoT Company PAS, Siemens Pair Up To 'Bridge The Visibility Gap' For Manufacturing Assets

PAS, a startup focused on securing connected manufacturing floors, has announced it will team up with industrial heavyweight Siemens to help better secure operational technology. Siemens and PAS will partner "bring the best in breed technology" that helps manufacturing companies gain stronger visibility and security across legacy control assets and industrial control systems, particularly in the oil and gas and utility ...

September 6, 2017
Critical Infrastructure Compromised: New Cyber Attacks Hit Energy Companies in U.S., Turkey, Switzerland

The Dragonfly group now appears to be focused on compromising operational networks. Symantec researchers recently uncovered a new wave of cyber attacks targeting the energy sector in Europe and North America, with the potential to disrupt operations at target companies. The group behind the attacks, known as Dragonfly, has been in operation since 2011 but was relatively quiet for a while after it was first exposed in 20...

September 6, 2017
Cyber Matters: Examining the Threat Against Industrial Control Systems

The risk of industrial-control systems being targeted with cyberattacks has long concerned operators, governments and vendors, but fears of widespread attacks crippling critical infrastructure have so far failed to materialize. Now, that risk only appears to be growing because of the availability of attack tools, and evolving motivation of digital adversaries. Industrial-control systems, or ICS, are found mainly in ener...

September 6, 2017
Power Grid Compromise

In what should be a surprise to no one: A series of attacks compromised energy companies in the United States and Europe which led to bad guys gaining access to grid operations to the point where they could flip the switch on power. A report released by Symantec Wednesday revealed attacks by a group it is calling Dragonfly 2.0, which it said targeted dozens of energy companies since 2015.

September 4, 2017
30 Internet Of Things Executives Whose Names You Should Know

As IoT continues to mature, more executives have come forward with their engineering and sales expertise to offer their insights on how to best monetize the market. CRN has compiled a list of the top executives making a mark in IoT – whether they are top executives charged with leading vendors' overarching IoT strategies, solution provider executives at the front of the IoT sales charge, or thought leaders who are close...

August 25, 2017
Facing Serious Threats in Critical Infrastructure

Doomsday scenarios might sound like hype, but the increasing number of cybersecurity incidents we’ve seen in electric, water, nuclear and other critical facilities are trials for larger attacks. It’s difficult to write about cybersecurity without sounding like Chicken Little. I know that the more I flap my wings, the more you might ignore me altogether. Doomsday messages don’t strike fear; our overhyped message receptors...

August 25, 2017
Fighting FUD From DC

If anyone thought fear, uncertainty and doubt (FUD) as an approach to cybersecurity ended a long time ago, then view the latest report coming out of Washington saying there is a narrow and fleeting window to prepare for and prevent “a 9/11-level cyber-attack” against the U.S. critical infrastructure. That FUD induced comment came from a report the Presidential National Infrastructure Advisory Council (NIAC) just released...

August 17, 2017
Critical Infrastructure, Cybersecurity & the 'Devil’s Rope'

How hackers today are engaging in a modern 'Fence Cutter War' against industrial control systems, and what security professionals need to do about it. The Homestead Act of 1862 promised US citizens that if they settled and farmed frontier land for five years, it was theirs to own. One of the primary challenges settlers faced was finding fencing materials to protect their crops from open-range cattle. Barbed wire was inve...

August 3, 2017
Researchers Display “CAN Do” Skill in Vehicle DoS

Add one more to the lengthening list of ways your connected car can get hacked. The NCCIC/ICS-CERT (National Cybersecurity and Communications Integration Center/Industrial Control Systems Cyber Emergency Readiness Team) issued an “alert” late last week following the release of a research paper on, “a vulnerability in the Controller Area Network (CAN) Bus standard with proof-of-concept (PoC) exploit code affecting CAN Bus.”

August 2, 2017
PAS’ Alarm Mechanic Hikes Plant Safety

PAS Global LLC released its PlantState Suite (PSS) 8.3 featuring Alarm Mechanic. The new feature helps improve process plant safety and console operator performance minimizing nuisance alarms through automated analytics and recommendations. PlantState Suite makes power and process plant operators more effective at identifying, evaluating, and managing alarms.

August 2, 2017
Black Hat: ICS Security Movement

In the ICS environment, it is all about understanding what security means and then adapting to and adopting a culture much like the industry did 40 years ago or so when it came to safety. “It is all about changing cultures,” said Eddie Habibi, founder and chief executive at PAS, who attended Black Hat USA 2017 in Las Vegas, NV, for the first time this year and sat down for a few moments to share his thoughts on the evolv...

July 26, 2017
Obama Cyber Czar: Trump State Department Needs Cybersecurity Office

Former President Obama's cyber czar on Wednesday piled on the criticism of a rumored Trump administration plan to shutter the State Department's cybersecurity coordinator office. Michael Daniel told The Hill that cybersecurity is an issue "that crosses multiple desks at the State Department."

June 29, 2017
Another Cybersecurity Wake-Up Call—Answer It

When the WannaCry ransomware attack hit Windows-based computers worldwide last month—debilitating the British National Health Service and affecting hundreds of thousands of computers worldwide—it was a big headline. But in the month and a half that’s passed since then, it seems to have become just another day in the news. Attack after attack is coming through, and it should be very clear—because it apparently wasn’t clea...

June 26, 2017
Look, But Don't Touch: One Key to Better ICS Security

How do we fix industrial control systems cybersecurity? Experts say better visibility is essential to improving ICS/SCADA security. But infosec teams will never gain that visibility until they stop trying to observe ICS environments through the eyes of IT professionals. There are fundamental differences in IT and OT (operational technology) gear, processes, and people, say experts.

June 21, 2017
WannaCry Forces Honda to Take Production Plant Offline

In an example of just how persistent modern cyberthreats can be, automaker Honda Motors had to temporarily stop production at its Sayama plant in Japan this week after being hit by WannaCry, a malware threat the company thought it had mitigated just one month ago. The nearly 48-hour shutdown impacted production of about 1,000 vehicles at the facility, which does engine production and assembly for a line of vehicles incl...

June 16, 2017
Industry Reactions to 'CrashOverride' Malware: Feedback Friday

Researchers described some theoretical attack scenarios involving this malware and warned that the threat could be adapted for attacks on other countries, including the U.S., and other sectors. Contacted by SecurityWeek, industry professionals shared some thoughts on the threat posed by CrashOverride/Industroyer, and provided recommendations on how organizations can protect their systems.

June 15, 2017
Nightly Business Report

Eddie Habibi, Founder and CEO of PAS, talks to Andrea Day at CNBC about cybersecurity risks for the oil and gas infrastructure. Cybersecurity experts say that oil and gas infrastructure is a target of hackers, and if successful could potentially shut down or interrupt production.

June 12, 2017
ICS Malware Linked to Grid Attack

There is a piece of malware believed to have been used in the December Ukraine substation attack that targeted power grids, researchers said. The malware ended up discovered by ESET, which called it Industroyer. The company also shared some data with ICS cybersecurity company Dragos, which tracks it as CRASHOVERRIDE and the attacker that uses it as ELECTRUM.

May 17, 2017
Will WannaCry Be Industry’s Cybersecurity Wake-Up Call?

Possibly the biggest cybersecurity news item to come across the wires since Stuxnet was last week’s news about WannaCry. WannaCry is a type of malware referred to as ransomware because it blocks access to the infected computer’s data until a ransom is paid to regain access. It began infecting Windows-based computers worldwide on Friday, May 12, 2017, through phishing emails and a self-propagating worm feature in the malw...

May 17, 2017
Expert’s Insights on How to Address Wanna Cry Ransomware Types of Attacks

Last week Wanna Cry cyberattack infected tens of thousands of computers, from manufacturing to hospitals and big industrial organizations, a great opportunity for ICS players to talk about their products/solutions as there were no catastrophic damages yet. In the first phase, the majority of players expressed their opinion about the consequences that such an attack might have on OT. What is the solution to protect a fact...

May 15, 2017
How to Protect Against ‘WannaCry’

WannaCry hit over 200,000 computers, from manufacturing to medical, in at least 174 countries starting Friday and through the beginning of this week and this ransomware attack could easily be prevented if manufacturers just follow some basic steps. The malicious code relied on victims opening a zip file emailed to them and from there the ransomware package used a patched flaw in the Microsoft operating system software to...

May 12, 2017
Industry Reactions to Trump's Cybersecurity Executive Order

U.S. President Donald Trump signed an executive order on Thursday in an effort to improve the protection of federal networks and critical infrastructure against cyberattacks. The executive order states that the heads of departments and agencies will be held accountable for managing cybersecurity risk. They are required to use NIST’s Framework for Improving Critical Infrastructure Cybersecurity to manage risk, and they m...

May 12, 2017
Mixed Reviews for Trump’s Executive Order on Cybersecurity

The reviews of President Donald Trump’s Executive Order (EO) on cybersecurity were coming in within hours of its signing yesterday afternoon, and they were most definitely mixed. There was general agreement that the intent of the EO – delayed more than three months from late-January, when it was originally scheduled to be signed – was good.

May 11, 2017
Industry OK with Trump Security EO

The cybersecurity executive order contains suggestions considered good ideas by experts, including holding agency heads accountable for cybersecurity. “President Trump’s cybersecurity executive order (EO) addresses the right areas of concern – updated federal systems, critical infrastructure, deterrence, workforce education, and more,” said Eddie Habibi, chief executive and found of Houston-based PAS. “Thankfully, the ex...

May 5, 2017
2017 – The “Silence Before the Storm” When it Comes to ICS Breaches

Cyberespionage is now the most common type of attack seen in manufacturing, the public sector and now education, warns the Verizon 2017 Data Breach Investigations Report, which was published a week ago. Much of this is due to the high proliferation of propriety research, prototypes, and confidential personal data, which are hot-ticket items for cybercriminals. Nearly 2,000 breaches were analyzed in this year's report and...

April 28, 2017
Pretexting is a Rising Threat According to 2017 Verizon DBIR

The 2017 Verizon Verizon Data Breach Investigation Report both highlighted big threats of which the industry is already aware, such as ransomware, as well as under-the-radar threats like pretexting, which can be extremely dangerous in certain situations. The data in the 2017 Verizon Data Breach Investigation Report (DBIR) was gathered from 65 organizations across the world, including analysis of 42,068 incidents and 1,93...

April 28, 2017
CEO IIoT Insights: How Can You Secure What You Cannot See in an Industrial Enterprise?

Companies are flying blind when it comes to 80% of the cyber assets that exist within an industrial process facility. They lack sufficient visibility into what assets they have and how they are configured. Without this data, basic cybersecurity questions remain difficult to answer. For example, did an unauthorized change occur, where are my vulnerabilities, and can I recover quickly if the worst case scenario happens? W...

April 27, 2017
VC Cash Infusion Helping Security Vendors Bolster Efforts

PAS Global mentioned in eWeek. VC Cash Infusion Helping Security Vendors Bolster Efforts. Securing industrial control systems is a growing market for cybersecurity vendors, which is why Houston-based PAS announced on April 11 that it raised $40 million in a new round of funding. The new funding was led by Tinicum L.P.

April 27, 2017
Verizon’s Annual Data Breach Report is Depressing Reading, Again

The takeaway from the 10th annual Verizon Data Breach Investigations Report is depressingly familiar: Of the 1,935 breaches analyzed, 88 percent were accomplished using a familiar list of nine attack vectors, meaning they could probably have been prevented by a few simple cyber-hygiene measures.

April 27, 2017
Why Even Our Water Supply Is Not Safe From Hackers

“Weapons of mass destruction don’t have to be physical bombs that move from one location to another—they can be these ticking bombs in these control systems that …cause severe damage and bring down the critical infrastructure of a country.” says Eddie Habibi, founder and CEO of the Houston-based ICS security firm PAS.

April 27, 2017
Investments Boost Industrial Cybersecurity

You’ve likely noticed an increase in the number of new entrants into the industrial control system (ICS) cybersecurity field over the past year or so. Even longstanding companies in this space have been expanding their cybersecurity-related products and services. Further evidence of the increasing interest in this space can be seen in the outside investments being made here. A case in point is the investment of $40 milli...

April 17, 2017
PAS announces $40 million investment to fuel cybersecurity efforts

PAS, a provider of ICS cybersecurity, process safety, and asset reliability solutions for the energy, power, and process industries, announced a $40 million growth investment by Tinicum, L.P. and certain affiliated funds managed by Tinicum Incorporated (“Tinicum”). Tinicum is a private investment partnership focused on late stage investments in manufacturing, energy, technology, media, and infrastructure.

April 14, 2017
Veteran Industrial Cybersecurity Firm PAS Raises $40 Million

With deep roots in software solutions for process safety and asset reliability for industrial firms, Houston, TX-based PAS announced this week that it has taken a $40 Million investment that will be used to fuel its Industrial control system (ICS) cybersecurity business. PAS has been around for 23 years and says its solutions are deployed in more than 1,100 facilities globally in more than 70 countries.

April 12, 2017
PAS Looks to Expand Security Business

PAS gained a $40 million growth investment from Tinicum, L.P. This funding round is a move to expand PAS sales and marketing as well as increase research and development for its security software product, Cyber Integrity. Cyber Integrity protects critical infrastructure from risks associated with rising Industrial Internet of Things (IIoT) adoption, malicious cyber attacks, and insider threats.

April 11, 2017
Tinicum Invests $40 Million in Industrial Software Maker PAS

PAS Global, LLC, a maker of software for industrial businesses, secured a $40 million growth investment from Tinicum. The Houston-based company sells software that monitors the security and safety of industrial control systems for more than 520 customers including chemical, refining and power generation companies.

April 11, 2017
After $40 million capital raise, Houston cybersecurity firm outlines growth plans

Houston-based PAS Global LLC announced April 11 it has raised $40 million in its first capital raise as it plans to triple its headcount over the next three years. PAS is a cybersecurity company that largely services the oil and gas industry. Founded in Clear Lake in 1993, the company now has roughly 150 employees.

April 11, 2017
PAS Raises $40M in New Funding to Secure Industrial Control Systems

Securing Industrial Control Systems (ICS) is a growing market for cybersecurity vendors, which is why Houston-based PAS announced on April 11 that it is raising a new $40 million round of funding. The new funding was led by Tincum L.P. The new money will be used by PAS to help grow the company's go-to-market efforts as well as its technology development.

April 11, 2017
Industrial IoT Security Company PAS Raises $40 Million Funding

Houston's PAS, a security firm focused on industrial control systems, has raised $40 million as the company looks to expand its channel program for operational technology (OT) security. PAS, which provides security for industrial control systems – including distributed control systems, programmable logic controllers, turbo machinery controls, and compressor control systems – wants to broaden its sales approach and invol...

April 1, 2017
The Future Is Now: Connected Power Plants Are Here

While there are undeniably potential security risks related to connecting a power plant’s systems, that should not necessarily be a deterrent to doing so, according to Mark Carrigan, COO of PAS Inc. The potential benefits of integrating IIoT technology into a plant’s operation can outweigh the cybersecurity risks, as long as the plant operator addresses the risks, he said.

February 23, 2017
Trump Gets Mixed Reviews on Cybersecurity, One Month In

There is some debate on whether a 60-day cybersecurity review is worthwhile. Let's not miss the irony of a leaked executive order as a proof point that our federal government needs better security around information. Can officials perform such a review in time to provide solid recommendations? Many departments can as they've performed this exercise previously.

January 23, 2017
Overhyped Media Reports Bad For ICS Security: Experts

Overblown media reports describing critical infrastructure incidents can have a negative impact on cybersecurity in the industrial control systems (ICS) sector, experts have warned. The number of attacks aimed at ICS has reportedly increased in the past year and several incidents have been disclosed to the public. However, some of the mainstream media reports covering these attacks have been sensationalized or inaccurate.

January 17, 2017
Critical Infrastructure Security: Risks Posed by IT Network Breaches

There have been several incidents recently where a critical infrastructure organization’s IT systems were breached or became infected with malware. SecurityWeek has reached out to several ICS security experts to find out if these types of attacks are an indicator of a weak security posture, which could lead to control systems also getting hacked.

January 10, 2017
Molecular Cybersecurity Vs. Information Cybersecurity

When it comes to industrial processes, security begins at the molecular level. Not all cybersecurity risk is created equal. Case in point: when Sony was hacked, information was stolen, systems were wiped, and society was temporarily deprived of a Seth Rogan movie. These were mostly bad outcomes, and Sony certainly suffered a significant financial loss.

December 20, 2016
The State of Nation-State Attacks

Attacks on government and private sector targets are rampant. Experts are skittish when it comes to attribution, reports Larry Jaffee. Electric grids remain a target for cyberattacks, notes David Zahn, general manager of the cybersecurity business unit for PAS, a Houston-based provider of process safety, cybersecurity and asset services for the energy, power, and process industries.

December 15, 2016
Security Companies Seek Information Sharing, Standards From Trump Administration

Operations management and cybersecurity company PAS anticipates an uptick in cybersecurity regulation, but warns that doesn’t always lead to tightened security. “Federal regulation is a double-edged sword,” says David Zahn, general manager of cybersecurity at PAS. “On one side, it forces nationwide attention and, more importantly, investment that might otherwise happen too slowly. Unfortunately, good compliance does not...

December 2016
ICS Cybersecurity: Futurism vs. Here and Now

(Page 27) Dire prognostications make for great headlines, but not every crystal ball gives an accurate picture of the future. If we want to find existential threats in the here and now, we need look no further than cybersecurity within industrial facilities and power plants. Unlike breaches that lead to financial or information loss, a breach within an industrial site can bring injury to people and environment as well as...

December 12, 2016
German Industrial Giant Victim of Cyber Espionage

Data stolen from ThyssenKrupp may not yield hackers a huge payday, but instead enable them to cause significant damage to future operations of the company, according to David Zahn, general manager of PAS, an industrial control system cybersecurity firm. “Instead of making a large cash withdrawal, hackers could disrupt production or worse; cause significant physical damage to production equipment, the environment or even ...

October 2016
Safety Lifecycle Management

PAS rolls out IPL Assurance software with real-time predictive analytics that monitor the health and availability of Independent Protection Layers which enable operators to ascertain the overall risk profile of a facility. The safety structure of complex process control systems is designed in multiple layers in order to ensure an equipment “event” is caught way before it starts. This multi-tiered set up is based on Safet...

October 2016
Schneider Electric Plugs Gaping Hole in Industrial Control Kit

David Zahn, general manager at PAS, Inc, a provider of industrial control systems cybersecurity technology, added that further flaws along the lines of the one successfully resolved by Schneider are inevitable because industrial control technology was never designed with security in mind. “It is good that cybersecurity companies are disclosing these vulnerabilities and following good ethical disclosure practices, but no...

October 2016
Another Warning of a Vulnerability in Industrial Control Systems

David Zahn, general manager at PAS, Inc., a provider of ICS cybersecurity, was at the session and said in an email that it is good that cybersecurity companies are disclosing these vulnerabilities and following good ethical disclosure practices. But, he added, no one should be surprised that such vulnerabilities exist.

October 2016
Process Analytics Safety Tool Launches

Safety risk remains a top priority for all companies in the process industries, but knowing if and when an incident may occur is not so cut and dried. Along those lines, PAS Inc. launched a tool Wednesday that can not only provide visibility into what is going on, it can also offer real-time predictive analytics on the health and availability of the safety instrumented systems (SIS), alarm management systems, and other I...

October 2016
How to Keep Shutdowns from Becoming Disasters

In process industries like oil and gas and chemicals, the ability to identify shifts in patterns that could eventually cause problems is critical. That’s because a seemingly simple issue, like a pump malfunction, could result in a not so natural disaster. From oil spills to gas leaks and fires, manufacturing incidents are still fairly frequent. And when death, injury and environmental destruction are involved, company ex...

October 2016
You Cannot Secure What You Cannot See

In industrial facilities, cyber incidents typically result from three basic scenarios: a malicious attack from an outside individual or group; a cyber incident that results from an engineer making a mistake that alters a control process or diminishes safe operations; or the work of a disgruntled employee or ex-employee. No matter which of these scenarios you believe is real or presents the most risk, companies must take ...

September 2016
Combatting the Insider Threat

Visibility into a facility’s proprietary control system configurations is a prerequisite for cybersecurity. According to IBM’s 2016 Cyber Security Intelligence Index report, 44.5 percent of all cyberattacks in 2015 — up from 31.5 percent the previous year — were perpetrated by malicious insiders. An additional 15.5 percent resulted from inadvertent actors. Process plants are not immune to these attacks.

March 2016
Interview: Eddie Habibi, CEO of PAS at the ARC Industry Forum

Founder and CEO of PAS interviews with the ARC Advisory Group at the 2016 ARC Industry Forum. ARC Advisory Group is the leading technology research and advisory firm for industry and infrastructure. Their coverage of technology and trends extends from business systems to product and asset lifecycle management, Industrial IoT, Industry 4.0, supply chain management, operations management, energy optimization and automation...

March 2016
Understand and Cure High Alarm Rates

Modern distributed control systems (DCS) and supervisory control and data acquisition (SCADA) systems are highly capable at controlling chemical processes. However, when incorrectly configured, which is often the case, they also excel at another task - generating alarms. It is common to find alarm rates that exceed thousands per day or per shift at some chemical process industries (CPI) facilities. This is a far greater...

January 2016
Taking Abnormal Situation Management to the Outer Limits

As the plant floor becomes more connected, so do abnormal situations—which can originate from anywhere in the enterprise. To help operators navigate this new universe of anomalies, suppliers are turning to artificial intelligence and machine learning technologies that enable proactive situational awareness vs. reactive alarm management.

January 2016
Industrial IIOT: An Opportunity for Fast-Moving Innovators; a Threat to Slow-Moving...

The Industrial Internet of Things (IIoT) presents a unique opportunity to speed up the slow-moving technology adoption lifecycle that is inherent to the industrial sector for operational technologies (OT). This is a sector that – for all the right reasons related to safety, security, and continuity – is relatively slow to adopt new technologies.

December 2015
Using Process Graphics to Maximize Operator Effectiveness

For three decades, the process industries have been using sophisticated Distributed Control Systems (DCS) or Site Control And Data Acquisition (SCADA) systems for process control. These use real-time process control graphics as the Human-Machine Interface (HMI) for the operator. But when we installed these systems, there were no available guidelines as to what constituted a “good” graphic.

November 2015
Securing Industrial Control Systems from the Inside and Out

For the last several months, officials from PAS have been traveling the globe talking to manufacturing executives about best practices for securing industrial control systems (ICS). A few years ago these trips were focused on educating companies on the vulnerabilities of the ICS. But today, interestingly, CIOs and cybersecurity professionals understand that the safeguards currently in place only scratch the network surface.

November 2015
A New Take On ICS Cybersecurity

Industrial Control Systems (ICS) Cybersecurity risks have become so public that CEOs and Board members are sponsoring projects within their companies and raising visibility of the issue. PAS Inc. CEO Eddie Habibi and General Manager of Cybersecurity and CMO David Zahn shared that news with me during a conversation this week regarding the release of a new version of PAS Cyber Integrity (5.0).

November 2015
IT/OT Convergence Rolls On

PAS, which is well known for its Integrity software, has perhaps solved the problem with its new release of Cyber Integrity 5.0, a part of the PAS Integrity Software Suite, according to David Zahn, general manager of the cyber security business unit at PAS. PAS Cyber Integrity is based upon the proven PAS Integrity platform, and it automates internal and regulatory compliance reporting while reducing associated efforts b...

July 2015
Pick the Real Culprit

Standards on alarm management have continued to evolve since the June 2009 publication of ISA-18.2, the first true standard on alarm management applicable to U.S. companies. Alarm management standards went global in October 2014 with the release of the international standard IEC 62682.

May 2015
PAS Adds Cybersecurity Business Unit

Recognizing the need for a bulletproof security framework for industrial control systems, PAS Inc., a provider of asset and configuration management for distributed control systems (DCS), has formed a new Cyber Security Business Unit focused on providing products and services to protect the core configuration of the control system. In addition to the announcement of a new division, PAS rolled out the latest version of it...

May 2015
Security Evolution at PAS

Cyber security issues continue to grow throughout the manufacturing automation sector and that is becoming clearer with new players trying to capitalize on the latest buzzwords to garner a foothold, but sometimes the answer to a problem has been in front of you all along. At least that is what PAS believes as the Houston-based asset reliability provider today launched a new cyber security business unit focused on configu...

April 2015
Technology Toolbox: Security Inside and Out

Protecting industrial plants and their machines, networks, information systems, and personnel from threats is a management duty. New tools are designed to help companies comply with NERC’s Critical Infrastructure Protection (CIP) requirements, OSHA’s Process Safety Management (PSM) standards, the ISA/IEC-62443 standards, and other external and internal security measures. Following are products meant to help companies man...

February 2015
Modern Age Plant Safety: Are We Pulling a Car with an Old Horse?

Human error ties to all industrial accidents in one shape or form. “Hold on! Pumps fail and cause incidents all the time,” you might say. Yet, why do pumps fail? Often it is due to improper maintenance. Sometimes it might be because of shoddy design. Even with the pump failing to perform, there is still often an opportunity to avoid an incident if a console operator takes timely corrective actions. No matter the situatio...

January 2015
Interest Builds in State-Based Control

State-based control isn’t new but chemical companies now are showing increasing interest in the approach, according to vendors such as ABB, PAS, ProSys and Siemens. This has much to do with the 2010 launch of the ISA106 committee on Procedure Automation for Continuous Process Operations by the International Society for Automation, Research Triangle Park, N.C. Prior to this, only a small number of chemical companies, nota...

July 2014
Upgrading that '70s Interface

The move to distributed control systems that deliver data in a digital format made old interfaces obsolete. But what some thought were improvements were actually obstacles. Today, understanding human error and ability, as well as industrial processes, helps engineers think like operators when it comes to redesigning control rooms and alarm-management systems. BASF and Southern Company explain what they’ve done.

June 2014
PAS: The Little Engine that Could! PAS Technical Conference 2014

PAS is celebrating their 20th anniversary. Founder Eddie Habibi and his team threw a much larger party for the PAS Technology Conference 2014 than you'd expect from the company size. It was a respectable sized User Group meeting, too, with over 130 people from several countries in attendance. The conference keynotes by Eddie Habibi and FBI Special Agent Angela Haun were proceed by a press conference in which PAS CEO Habi...

February 2014
Integrated Platform Boosts Human Response

When you think about the automation, asset reliability and mechanical reliability we’ve been investing in our plants for the past 40 years, it’s no wonder we’ve designed in some pretty amazing technologies to boost overall plant reliability. While the mechanical side has seen an upturn, the human side of reliability needs some work.

December 2013
Next Frontier: Operator-Automation Relationship

Preclude operator error, improve safety and profitability. Industrial control systems are ocmplex designs, but they do not give much consideration to the needs of the human operator. This oversight has caused serious and costly accidents. By empowering operators with the right hman-automation relationship tools, companies will achieve and exceed their goals.

October 2013
As Built Documentation Goes Real-Time, Supports Cyber Security & Greater Efficiency

Anyone in the automation profession has experienced frustration in troubleshooting a problem or adding something new to control systems where the “as built” documentation does not match the installed system. This gap in documentation results in a significant amount of wasted man-hours and increased MTTR (Mean Time To Repair). In addition, cyber security requirements and regulations require up-to-date “as built” documenta...

October 2013
Process Safety Futures

Conventional control systems are inherently limited in their ability to make cognitively complex decisions. Most operations are based on central operator consoles that require training and need close attention. They display too much data and too little relevant information. In crisis situations, with many hundreds and even thousands of simultaneous alarms, physical cooperation and communications become overwhelming and h...

May 2013
Trend Watch: Cyber Security Dashboards for NERC CIP Compliance

Southern Company’s approach to NERC CIP compliance holds lessons for the manufacturing and processing industries as cybersecurity becomes a business imperative. For Southern Company, cybersecurity is not optional. They are required to address NERC cybersecurity standards, which, according to Southern Company’s systems analyst Larry Spoonemore, includes: maintaining an inventory of all assets and cyber devices/systems at ...

May 2013
Trend Watch: Operator HMI Development

Industry conferences frequently offer a great chance to see new technologies up close along with the opportunity to hear various end users talk about their experience with those technologies. Less frequently, however, do you catch a bit of insight that could harbinger technology applications across industry.

April 2013
Barriers to Human Reliability

The PAS conference in Houston last week primarily focused on the concept of Human Reliability, which, in essence, is the science of minimizing human error in service of greater safety, compliance and, ultimately, profitability. Highlighting the fact that this idea is not simply a pet concept of PAS—which is rebranding itself as “The Human Reliability Company”—the PAS conference featured a number of end user presenters fr...

April 2013
The Human-Automation Intersection

It may not be a new concept, considering its roots can be found in H.W. Heinrich’s study of industrial safety in the 1930s, but the idea of “Human Reliability” certainly seems to be catching on across industry. Beyond the benefits of increased safety and improving the appeal of industrial work to new and existing employees, Human Reliability is also being lauded for its positive impact on productivity. A showcase example...

April 2013
PAS: Visibility Across Enterprise

Visibility of control system data remains a top priority for refineries these days as the entire enterprise needs to see what is going on throughout the process. “We are constantly getting pressure to get the data as visible and transparent as possible to a variety of different groups,” said Jason Bottjen, manager of control systems engineering at Valero Energy Corp., during his talk Tuesday at the PAS Technical Conferen...

April 2013
PAS: One Way Communications Works

That is why there were two companies – Waterfall Security Solutions and Owl Computing — talking differing technologies at the PAS Technical Conference in Houston, but saying one way communication is a very effective security tool. ake the Shamoon attack this past August. RasGas suffered from the attack last August and it forced the company to disconnect completely from the network.

April 2013
PAS: Security a Productivity Enhancer

Larry Spoonemore knows the advantages of cyber security go beyond just securing the plant. He knows it can be a productivity enhancer. “You will find if you manage the issues and over a period of time, you will improve productivity,” said Spoonemore, the control system integrity coordinator at energy provider Southern Company during his talk Tuesday on Automated Management of Cyber Security Assets at the PAS Technical Co...

Aprpil 2013
PAS: Human Reliability

It is time to focus on human reliability. “We have done a fantastic job in improving productivity, let’s try to prevent human error,” said Eddie Habibi, chief executive and founder of PAS, during his keynote address Tuesday at the PAS Technical Conference in Houston. “Human error is to human reliability as pump failure is to asset reliability.” In these days of faster, better, more, the reliance on technology is becoming...

May 2012
To Err is Human

Using Technology to Try to Solve the Problem is Equally Human. Humans are wonderful, complex beings. That our very name, homo sapiens, can be translated to wise man, is an indication of our intelligence. We have the ability and capacity to do so much and, along with our advanced language capability, we can reason, problem-solve, introspect and quickly adapt to current conditions around us. But we are not infallible.

December 2011
Qatargas Selects PAS For Site-wide Alarm System Improvement Project

PAS, a supplier of human reliability software and services to the power and processing industries worldwide, has announced that Qatargas, the world’s largest liquefied natural gas (LNG) producer, has chosen PAS’ PlantState Suite alarm management software and engineering services for an improvement project across all their units.

June 2011
A Modern Era for HMIs and Alarm Management Systems

Iconon any company, an employee’s performance affects its productivity, profitability, and reputation. In manufacturing, the link is immediately apparent because the process is directly controlled by the real-time actions of a console operator. If that operator makes a critical mistake, the entire company may be adversely affected.

May 2011
A Human Focus

In most process industries, manufacturing is directly controlled by the real-time actions of a console operator. If that operator makes a critical mistake, the entire company and its shareholders may be adversely affected. The disciplines of Human Factors and Ergonomics explore the way humans interact within their work environment. Every individual’s job performance directly impacts safety, production, and profitability ...

January 2011
Hard-won experience of alarm management

This alarm management problem leads on to a look at the practical and pragmatic approach adopted in the second edition of “The Alarm Management Handbook,” by Bill Hollifield, Principal Alarm Management Consultant for PAS, and Eddie Habibi, founder and ceo of PAS: incidentally Hollifield is also co-author of “The High Performance HMI Handbook.”

September 2010
Protecting knowledge improves processes

As a leading player in the field of automation and information technology decreasing the time to implement automation and information projects while reducing risk are key priorities for Invensys Operations Management. Recently, Invensys has adopted PAS’ Integrity Software in order to automate the capture and management of the highly complex configuration of process automation assets, from field devices to advanced applic...

June 2010
High Performance HMIs

A new era of the human-machine interface (HMI) is upon us. Harsher safety and compliance standards have persuaded many operating companies to replace their “traditional” graphics with high-performance HMIs – a move that is sure to make life easier for plant operators everywhere. When graphic operator display capabilities were first introduced into distributed control systems (DCS) in the late 1970s, there were no guideli...

September 2009
PAS Improves Operations and Automation Effectiveness

PAS provides Operations and Automation Effectiveness solutions to the process industries. PAS improves operations effectiveness by maximizing operators’ situational awareness; enabling them to take the most beneficial actions during both steady state operations and abnormal situations. PAS’ Integrity software improves automation effectiveness by mapping and managing configuration for the ever-increasing number of complex...

August 2009
PAS sets out to map the Automation Genome

PAS sets out to map the ‘Automation Genome’ Process automation users increasingly find themselves between the Scylla of growing complexity and the Charybdis of diminishing resource. OK, pretentious, but at least rather less cliché ridden than a rock and a hard place!

November 2007
Stop Designing for Failure

"All accidents are preventable." This is a powerful statement that inspires professional men and women in their quest for a safer working environment. We believe it to be true because otherwise we would have to accept failure. And when it comes to human life, failure is not an acceptable option. But is it true? Reality seems at odds with our belief.

September 2006
Alarm Systems Greatly Affect Offshore Facilities Amid High Oil Prices

By following seven key steps, operators can create highly effective, reliable alarm systems to optimize offshore production facilities' operation. Reliability of oil and gas production facilities has never been more important. Poorly performing alarm systems negatively impact reliability and production. They can interfere with, rather than assist, the operator in handling an abnormal situation.

PAS in the News

December 3, 2019 6 IoT Security Predictions for 2020

November 25, 2019 13 Security Pros Share Their Most Valuable Experiences

November 16, 2019 The Energy Industry Practices for a ‘Black Swan’ Cyberattack That Could Take Down the Grid

November 4, 2019 Security and Distributed Resources: An Attacker 'Will Eventually Get In'

November 1, 2019 Solar, Wind Power Utility Disrupted in Rare Cyberattack

November 1, 2019 Energy Company Hit With DoS Attack Last Spring Identified as sPower

October 28, 2019 5 Things the Hoodie & the Hard Hat Need to Know About Each Other

September 27, 2019 US Electric Grid More Vulnerable to Cyberattacks as DERs Increase Potential Targets, GAO Finds

September 24, 2019 Phishing Campaign Continues to Target Utilities, Evolves Attack Techniques

August 22, 2019 Texas Ransomware Attacks Show Big Gaps in Cyber Defenses

August 20, 2019 PAS CMO Answers 7 Questions on the State of the Industry

July 9, 2019 DOE, Industry Collaborate to Defend Power Utilities

July 5, 2019 DOE Teams with Industry on Pipeline Cybersecurity

July 3, 2019 Promise and Peril Line Utilities' Path to Cloud Computing

June 27, 2019 7 Ways to Mitigate Supply Chain Attacks

May 30, 2019 Executive Interview with Eddie Habibi of PAS

May 16, 2019 Operational Technology is Underrepresented in Cybersecurity

May 9, 2019 Putting the Pieces Together for a Secure Industry

April 15, 2019 TRITON Attacks Underscore Need for Better Defenses

April 12, 2019 Industry Reactions to New Triton Attacks on Critical Infrastructure

April 11, 2019 Trisis Malware Discovered at Additional Industrial Facility

April 11, 2019 Triton/Trisis Attacks Another Victim

April 10, 2019 Second Triton/Trisis Critical Infrastructure Attack Spotted

April 10, 2019 New TRITON/TRISIS Cyberattack Reported at Critical Infrastructure Facility

March 29, 2019 Combat Cybersecurity Threats To Process Safety

March 21, 2019 Video Interview: PAS Founder & CEO Eddie Habibi at the ARC Industry Forum 2019

February 26, 2019 Is Your Data Center Power System Protected from Cyberattacks?

February 21, 2019 In Search of Industrial Cybersecurity Experts

January 16, 2019 Malware Built to Hack Building Automation Systems

January 15, 2019 PAS Global Expert on How Best to Approach OT Cybersecurity

January 15, 2019 How to Mitigate Risks Caused by Supply Chain Software

January 14, 2019 Cybersecurity Predictions for 2019

January 9, 2019 Safety, Physical, Cyber Security Triangle Converging

December 26, 2018 Cybersecurity Experts Ponder Looming 2019 Threats

December 21, 2018 FBI Warns Industry that Hackers Could Probe Vulnerable Connections in Building Systems

December 6, 2018 Industrial Cybersecurity Co. to Hire, Expand Clear Lake Headquarters

November 2018 Viewpoint - Industry 4.0: Demystifying the Next Big Thing in Oil and Gas

November 5, 2018 Energy Sector's IT Networks in the Bulls-Eye

November 5, 2018 How the Oil Industry Can Avoid Unseen Dangers in Operational Technology

November 1, 2018 Cybersecurity Viewed As Extension of Alarms and Safety Systems

October 24, 2018 There’s No Technological Panacea to Save ICS From Cyber Threats- You Need Strong Foundations

October 23, 2018 Industrial Control Systems: Securing The Heartbeat of Critical Infrastructure

October 15, 2018 Grid Mod: Transactive and Distributed Tech Demand a New Approach

October 11, 2018 U.S. Weapon Systems Cybersecurity Failing, GAO Report Says

October 9, 2018 Industrial Control Systems: How to Approach OT Cybersecurity

October 3, 2018 From the ICS Frontlines: Approaching OT Cybersecurity

September 26, 2018 Edge Computing is the Place to Address a Host of IoT Security Concerns

September 14, 2018 Does the United States Need a National Cybersecurity Agency?

September 5, 2018 Meeting the Security Challenges for ICS, OT

August 24, 2018 National Women's Equality Day a Reminder of Inequality in Cybersecurity

August 24, 2018 Black Hat 2018: The ICS Conversation

August 20, 2018 The Oil Industry’s Unseen Dangers: OT Cyber Vulnerabilities

August 14, 2018 Def Con Voting Machine Hacks Ruffle Feathers

August 13, 2018 How Nation-State Attacks Impact Businesses

August 8, 2018 Security Guy TV: Live Black Hat 2018 Interview

August 7, 2018 Utilities Prepare for Increased Cyberattacks on the Electric Grid

August 3, 2018 Russian Attacks on U.S. Industry Continue

July 25, 2018 Podcast: The Industrial World is Facing a Security Crisis

July 25, 2018 Political Ploy or Not, Industry Needs to Act

March 1, 2018 A Cybersecurity Platform for Multi-Vendor Automation Systems

June 25, 2018 The Right Remedy for OT Vulnerability

June 18, 2018 D.C. Distributed Energy Proposal Draws Concerns of Increased Cybersecurity Risks

June 4, 2018 Security's Role in Manufacturing Automation

June 1, 2018 DOE Cybersecurity Report Reveals 7 'Gaps' in Power Sector Defense Capabilities

May 29, 2018 What Lies Beneath - Avoiding the Unseen Dangers of OT Vulnerabilities

May 21, 2018 Five Ways the Utility Industry Can Mitigate Cyber Incidents

April 19, 2018 Critical Infrastructure Needs Shoring Up after U.S., U.K. Blame Russia for Attacks

April 18, 2018 U.S., UK OT Alert on Russians Hackers

April 13, 2018 Can the Law Stop Ransomware?

April 13, 2018 Managing the Consequences of Cyber Threats

April 11, 2018 PAS: Avoid Unintended Consequences

April 11, 2018 PAS: Cyber a New Domain

March 28, 2018 The Infiltration of U.S. Control Systems

March 19, 2018 8 Questions to Ask About Your Industrial Control Systems Security

March 12, 2018 MuddyWater APT Campaign Flowing Again

February 22, 2018 Anatomy of an Attack on the Industrial IoT

February 19, 2018 Cross-Industry Collaboration at Heart of Cybersecurity Agreement

February 15, 2018 Making Sense of the ICS Cybersecurity Market

February 7, 2018 ICS Connected to Net: Beware of Hype

December 3, 2019
6 IoT Security Predictions for 2020

November 25, 2019
13 Security Pros Share Their Most Valuable Experiences

November 16, 2019
The Energy Industry Practices for a ‘Black Swan’ Cyberattack That Could Take Down the Grid

November 4, 2019
Security and Distributed Resources: An Attacker 'Will Eventually Get In'

November 1, 2019
Solar, Wind Power Utility Disrupted in Rare Cyberattack

November 1, 2019
Energy Company Hit With DoS Attack Last Spring Identified as sPower

October 28, 2019
5 Things the Hoodie & the Hard Hat Need to Know About Each Other

September 27, 2019
US Electric Grid More Vulnerable to Cyberattacks as DERs Increase Potential Targets, GAO Finds

September 24, 2019
Phishing Campaign Continues to Target Utilities, Evolves Attack Techniques

August 22, 2019
Texas Ransomware Attacks Show Big Gaps in Cyber Defenses

August 20, 2019
PAS CMO Answers 7 Questions on the State of the Industry

July 9, 2019
DOE, Industry Collaborate to Defend Power Utilities

July 5, 2019
DOE Teams with Industry on Pipeline Cybersecurity

July 3, 2019
Promise and Peril Line Utilities' Path to Cloud Computing

June 27, 2019
7 Ways to Mitigate Supply Chain Attacks

May 30, 2019
Executive Interview with Eddie Habibi of PAS

May 16, 2019
Operational Technology is Underrepresented in Cybersecurity

May 9, 2019
Putting the Pieces Together for a Secure Industry

April 15, 2019
TRITON Attacks Underscore Need for Better Defenses

April 12, 2019
Industry Reactions to New Triton Attacks on Critical Infrastructure

April 11, 2019
Trisis Malware Discovered at Additional Industrial Facility

April 11, 2019
Triton/Trisis Attacks Another Victim

April 10, 2019
Second Triton/Trisis Critical Infrastructure Attack Spotted

April 10, 2019
New TRITON/TRISIS Cyberattack Reported at Critical Infrastructure Facility

March 29, 2019
Combat Cybersecurity Threats To Process Safety

March 21, 2019
Video Interview: PAS Founder & CEO Eddie Habibi at the ARC Industry Forum 2019

February 26, 2019
Is Your Data Center Power System Protected from Cyberattacks?

February 21, 2019
In Search of Industrial Cybersecurity Experts

January 16, 2019
Malware Built to Hack Building Automation Systems

January 15, 2019
PAS Global Expert on How Best to Approach OT Cybersecurity

January 15, 2019
How to Mitigate Risks Caused by Supply Chain Software

January 14, 2019
Cybersecurity Predictions for 2019

January 9, 2019
Safety, Physical, Cyber Security Triangle Converging

December 26, 2018
Cybersecurity Experts Ponder Looming 2019 Threats

December 21, 2018
FBI Warns Industry that Hackers Could Probe Vulnerable Connections in Building Systems

December 6, 2018
Industrial Cybersecurity Co. to Hire, Expand Clear Lake Headquarters

November 2018
Viewpoint - Industry 4.0: Demystifying the Next Big Thing in Oil and Gas

November 5, 2018
Energy Sector's IT Networks in the Bulls-Eye

November 5, 2018
How the Oil Industry Can Avoid Unseen Dangers in Operational Technology

November 1, 2018
Cybersecurity Viewed As Extension of Alarms and Safety Systems

October 24, 2018
There’s No Technological Panacea to Save ICS From Cyber Threats- You Need Strong Foundations

October 23, 2018
Industrial Control Systems: Securing The Heartbeat of Critical Infrastructure

October 15, 2018
Grid Mod: Transactive and Distributed Tech Demand a New Approach

October 11, 2018
U.S. Weapon Systems Cybersecurity Failing, GAO Report Says

October 9, 2018
Industrial Control Systems: How to Approach OT Cybersecurity

October 3, 2018
From the ICS Frontlines: Approaching OT Cybersecurity

September 26, 2018
Edge Computing is the Place to Address a Host of IoT Security Concerns

September 14, 2018
Does the United States Need a National Cybersecurity Agency?

September 5, 2018
Meeting the Security Challenges for ICS, OT

August 24, 2018
National Women's Equality Day a Reminder of Inequality in Cybersecurity

August 24, 2018
Black Hat 2018: The ICS Conversation

August 20, 2018
The Oil Industry’s Unseen Dangers: OT Cyber Vulnerabilities

August 14, 2018
Def Con Voting Machine Hacks Ruffle Feathers

August 13, 2018
How Nation-State Attacks Impact Businesses

August 8, 2018
Security Guy TV: Live Black Hat 2018 Interview

August 7, 2018
Utilities Prepare for Increased Cyberattacks on the Electric Grid

August 3, 2018
Russian Attacks on U.S. Industry Continue

July 25, 2018
Podcast: The Industrial World is Facing a Security Crisis

July 25, 2018
Political Ploy or Not, Industry Needs to Act

March 1, 2018
A Cybersecurity Platform for Multi-Vendor Automation Systems

June 25, 2018
The Right Remedy for OT Vulnerability

June 18, 2018
D.C. Distributed Energy Proposal Draws Concerns of Increased Cybersecurity Risks

June 4, 2018
Security's Role in Manufacturing Automation

June 1, 2018
DOE Cybersecurity Report Reveals 7 'Gaps' in Power Sector Defense Capabilities

May 29, 2018
What Lies Beneath - Avoiding the Unseen Dangers of OT Vulnerabilities

May 21, 2018
Five Ways the Utility Industry Can Mitigate Cyber Incidents

April 19, 2018
Critical Infrastructure Needs Shoring Up after U.S., U.K. Blame Russia for Attacks

April 18, 2018
U.S., UK OT Alert on Russians Hackers

April 13, 2018
Can the Law Stop Ransomware?

April 13, 2018
Managing the Consequences of Cyber Threats

April 11, 2018
PAS: Avoid Unintended Consequences

April 11, 2018
PAS: Cyber a New Domain

March 28, 2018
The Infiltration of U.S. Control Systems

March 19, 2018
8 Questions to Ask About Your Industrial Control Systems Security

March 12, 2018
MuddyWater APT Campaign Flowing Again

February 22, 2018
Anatomy of an Attack on the Industrial IoT

February 19, 2018
Cross-Industry Collaboration at Heart of Cybersecurity Agreement

February 15, 2018
Making Sense of the ICS Cybersecurity Market

February 7, 2018
ICS Connected to Net: Beware of Hype

January 29, 2018
PAS Releases Cyber Integrity 6.0