-
How do we fix industrial control systems cybersecurity? Experts say better visibility is essential to improving ICS/SCADA security. But infosec teams will never gain that visibility until they stop trying to observe ICS environments through the eyes of IT professionals. There are fundamental differences in IT and OT (operational technology) gear, processes, and people, say experts.
See more >
-
In an example of just how persistent modern cyberthreats can be, automaker Honda Motors had to temporarily stop production at its Sayama plant in Japan this week after being hit by WannaCry, a malware threat the company thought it had mitigated just one month ago. The nearly 48-hour shutdown impacted production of about 1,000 vehicles at the facility, which does engine production and assembly for a line of vehicles incl...
See more >
-
Researchers described some theoretical attack scenarios involving this malware and warned that the threat could be adapted for attacks on other countries, including the U.S., and other sectors. Contacted by SecurityWeek, industry professionals shared some thoughts on the threat posed by CrashOverride/Industroyer, and provided recommendations on how organizations can protect their systems.
See more >
-
There is a piece of malware believed to have been used in the December Ukraine substation attack that targeted power grids, researchers said. The malware ended up discovered by ESET, which called it Industroyer. The company also shared some data with ICS cybersecurity company Dragos, which tracks it as CRASHOVERRIDE and the attacker that uses it as ELECTRUM.
See more >
-
Possibly the biggest cybersecurity news item to come across the wires since Stuxnet was last week’s news about WannaCry. WannaCry is a type of malware referred to as ransomware because it blocks access to the infected computer’s data until a ransom is paid to regain access. It began infecting Windows-based computers worldwide on Friday, May 12, 2017, through phishing emails and a self-propagating worm feature in the malw...
See more >
-
Last week Wanna Cry cyberattack infected tens of thousands of computers, from manufacturing to hospitals and big industrial organizations, a great opportunity for ICS players to talk about their products/solutions as there were no catastrophic damages yet. In the first phase, the majority of players expressed their opinion about the consequences that such an attack might have on OT. What is the solution to protect a fact...
See more >
-
WannaCry hit over 200,000 computers, from manufacturing to medical, in at least 174 countries starting Friday and through the beginning of this week and this ransomware attack could easily be prevented if manufacturers just follow some basic steps. The malicious code relied on victims opening a zip file emailed to them and from there the ransomware package used a patched flaw in the Microsoft operating system software to...
See more >
-
U.S. President Donald Trump signed an executive order on Thursday in an effort to improve the protection of federal networks and critical infrastructure against cyberattacks. The executive order states that the heads of departments and agencies will be held accountable for managing cybersecurity risk. They are required to use NIST’s Framework for Improving Critical Infrastructure Cybersecurity to manage risk, and they m...
See more >
-
The reviews of President Donald Trump’s Executive Order (EO) on cybersecurity were coming in within hours of its signing yesterday afternoon, and they were most definitely mixed. There was general agreement that the intent of the EO – delayed more than three months from late-January, when it was originally scheduled to be signed – was good.
See more >
-
The cybersecurity executive order contains suggestions considered good ideas by experts, including holding agency heads accountable for cybersecurity. “President Trump’s cybersecurity executive order (EO) addresses the right areas of concern – updated federal systems, critical infrastructure, deterrence, workforce education, and more,” said Eddie Habibi, chief executive and found of Houston-based PAS. “Thankfully, the ex...
See more >
-
Cyberespionage is now the most common type of attack seen in manufacturing, the public sector and now education, warns the Verizon 2017 Data Breach Investigations Report, which was published a week ago. Much of this is due to the high proliferation of propriety research, prototypes, and confidential personal data, which are hot-ticket items for cybercriminals. Nearly 2,000 breaches were analyzed in this year's report and...
See more >
-
The 2017 Verizon Verizon Data Breach Investigation Report both highlighted big threats of which the industry is already aware, such as ransomware, as well as under-the-radar threats like pretexting, which can be extremely dangerous in certain situations. The data in the 2017 Verizon Data Breach Investigation Report (DBIR) was gathered from 65 organizations across the world, including analysis of 42,068 incidents and 1,93...
See more >
-
Companies are flying blind when it comes to 80% of the cyber assets that exist within an industrial process facility. They lack sufficient visibility into what assets they have and how they are configured. Without this data, basic cybersecurity questions remain difficult to answer. For example, did an unauthorized change occur, where are my vulnerabilities, and can I recover quickly if the worst case scenario happens? W...
See more >
-
PAS Global mentioned in eWeek. VC Cash Infusion Helping Security Vendors Bolster Efforts. Securing industrial control systems is a growing market for cybersecurity vendors, which is why Houston-based PAS announced on April 11 that it raised $40 million in a new round of funding. The new funding was led by Tinicum L.P.
See more >
-
The takeaway from the 10th annual Verizon Data Breach Investigations Report is depressingly familiar: Of the 1,935 breaches analyzed, 88 percent were accomplished using a familiar list of nine attack vectors, meaning they could probably have been prevented by a few simple cyber-hygiene measures.
See more >
-
“Weapons of mass destruction don’t have to be physical bombs that move from one location to another—they can be these ticking bombs in these control systems that …cause severe damage and bring down the critical infrastructure of a country.” says Eddie Habibi, founder and CEO of the Houston-based ICS security firm PAS.
See more >
-
You’ve likely noticed an increase in the number of new entrants into the industrial control system (ICS) cybersecurity field over the past year or so. Even longstanding companies in this space have been expanding their cybersecurity-related products and services. Further evidence of the increasing interest in this space can be seen in the outside investments being made here. A case in point is the investment of $40 milli...
See more >
-
PAS, a provider of ICS cybersecurity, process safety, and asset reliability solutions for the energy, power, and process industries, announced a $40 million growth investment by Tinicum, L.P. and certain affiliated funds managed by Tinicum Incorporated (“Tinicum”). Tinicum is a private investment partnership focused on late stage investments in manufacturing, energy, technology, media, and infrastructure.
See more >
-
With deep roots in software solutions for process safety and asset reliability for industrial firms, Houston, TX-based PAS announced this week that it has taken a $40 Million investment that will be used to fuel its Industrial control system (ICS) cybersecurity business. PAS has been around for 23 years and says its solutions are deployed in more than 1,100 facilities globally in more than 70 countries.
See more >
-
PAS gained a $40 million growth investment from Tinicum, L.P. This funding round is a move to expand PAS sales and marketing as well as increase research and development for its security software product, Cyber Integrity. Cyber Integrity protects critical infrastructure from risks associated with rising Industrial Internet of Things (IIoT) adoption, malicious cyber attacks, and insider threats.
See more >
-
PAS Global, LLC, a maker of software for industrial businesses, secured a $40 million growth investment from Tinicum. The Houston-based company sells software that monitors the security and safety of industrial control systems for more than 520 customers including chemical, refining and power generation companies.
See more >
-
Houston-based PAS Global LLC announced April 11 it has raised $40 million in its first capital raise as it plans to triple its headcount over the next three years. PAS is a cybersecurity company that largely services the oil and gas industry. Founded in Clear Lake in 1993, the company now has roughly 150 employees.
See more >
-
Securing Industrial Control Systems (ICS) is a growing market for cybersecurity vendors, which is why Houston-based PAS announced on April 11 that it is raising a new $40 million round of funding. The new funding was led by Tincum L.P. The new money will be used by PAS to help grow the company's go-to-market efforts as well as its technology development.
See more >
-
Houston's PAS, a security firm focused on industrial control systems, has raised $40 million as the company looks to expand its channel program for operational technology (OT) security. PAS, which provides security for industrial control systems – including distributed control systems, programmable logic controllers, turbo machinery controls, and compressor control systems – wants to broaden its sales approach and invol...
See more >
-
While there are undeniably potential security risks related to connecting a power plant’s systems, that should not necessarily be a deterrent to doing so, according to Mark Carrigan, COO of PAS Inc. The potential benefits of integrating IIoT technology into a plant’s operation can outweigh the cybersecurity risks, as long as the plant operator addresses the risks, he said.
See more >
-
There is some debate on whether a 60-day cybersecurity review is worthwhile. Let's not miss the irony of a leaked executive order as a proof point that our federal government needs better security around information. Can officials perform such a review in time to provide solid recommendations? Many departments can as they've performed this exercise previously.
See more >
-
Overblown media reports describing critical infrastructure incidents can have a negative impact on cybersecurity in the industrial control systems (ICS) sector, experts have warned. The number of attacks aimed at ICS has reportedly increased in the past year and several incidents have been disclosed to the public. However, some of the mainstream media reports covering these attacks have been sensationalized or inaccurate.
See more >
-
There have been several incidents recently where a critical infrastructure organization’s IT systems were breached or became infected with malware. SecurityWeek has reached out to several ICS security experts to find out if these types of attacks are an indicator of a weak security posture, which could lead to control systems also getting hacked.
See more >
-
When it comes to industrial processes, security begins at the molecular level. Not all cybersecurity risk is created equal. Case in point: when Sony was hacked, information was stolen, systems were wiped, and society was temporarily deprived of a Seth Rogan movie. These were mostly bad outcomes, and Sony certainly suffered a significant financial loss.
See more >
-
Attacks on government and private sector targets are rampant. Experts are skittish when it comes to attribution, reports Larry Jaffee. Electric grids remain a target for cyberattacks, notes David Zahn, general manager of the cybersecurity business unit for PAS, a Houston-based provider of process safety, cybersecurity and asset services for the energy, power, and process industries.
See more >
-
Operations management and cybersecurity company PAS anticipates an uptick in cybersecurity regulation, but warns that doesn’t always lead to tightened security. “Federal regulation is a double-edged sword,” says David Zahn, general manager of cybersecurity at PAS. “On one side, it forces nationwide attention and, more importantly, investment that might otherwise happen too slowly. Unfortunately, good compliance does not...
See more >
-
(Page 27) Dire prognostications make for great headlines, but not every crystal ball gives an accurate picture of the future. If we want to find existential threats in the here and now, we need look no further than cybersecurity within industrial facilities and power plants. Unlike breaches that lead to financial or information loss, a breach within an industrial site can bring injury to people and environment as well as...
See more >
-
Data stolen from ThyssenKrupp may not yield hackers a huge payday, but instead enable them to cause significant damage to future operations of the company, according to David Zahn, general manager of PAS, an industrial control system cybersecurity firm. “Instead of making a large cash withdrawal, hackers could disrupt production or worse; cause significant physical damage to production equipment, the environment or even ...
See more >
-
PAS rolls out IPL Assurance software with real-time predictive analytics that monitor the health and availability of Independent Protection Layers which enable operators to ascertain the overall risk profile of a facility. The safety structure of complex process control systems is designed in multiple layers in order to ensure an equipment “event” is caught way before it starts. This multi-tiered set up is based on Safet...
See more >
-
David Zahn, general manager at PAS, Inc, a provider of industrial control systems cybersecurity technology, added that further flaws along the lines of the one successfully resolved by Schneider are inevitable because industrial control technology was never designed with security in mind. “It is good that cybersecurity companies are disclosing these vulnerabilities and following good ethical disclosure practices, but no...
See more >
-
David Zahn, general manager at PAS, Inc., a provider of ICS cybersecurity, was at the session and said in an email that it is good that cybersecurity companies are disclosing these vulnerabilities and following good ethical disclosure practices. But, he added, no one should be surprised that such vulnerabilities exist.
See more >
-
Safety risk remains a top priority for all companies in the process industries, but knowing if and when an incident may occur is not so cut and dried. Along those lines, PAS Inc. launched a tool Wednesday that can not only provide visibility into what is going on, it can also offer real-time predictive analytics on the health and availability of the safety instrumented systems (SIS), alarm management systems, and other I...
See more >
-
In process industries like oil and gas and chemicals, the ability to identify shifts in patterns that could eventually cause problems is critical. That’s because a seemingly simple issue, like a pump malfunction, could result in a not so natural disaster. From oil spills to gas leaks and fires, manufacturing incidents are still fairly frequent. And when death, injury and environmental destruction are involved, company ex...
See more >
-
In industrial facilities, cyber incidents typically result from three basic scenarios: a malicious attack from an outside individual or group; a cyber incident that results from an engineer making a mistake that alters a control process or diminishes safe operations; or the work of a disgruntled employee or ex-employee. No matter which of these scenarios you believe is real or presents the most risk, companies must take ...
See more >
-
Visibility into a facility’s proprietary control system configurations is a prerequisite for cybersecurity. According to IBM’s 2016 Cyber Security Intelligence Index report, 44.5 percent of all cyberattacks in 2015 — up from 31.5 percent the previous year — were perpetrated by malicious insiders. An additional 15.5 percent resulted from inadvertent actors. Process plants are not immune to these attacks.
See more >
-
Founder and CEO of PAS interviews with the ARC Advisory Group at the 2016 ARC Industry Forum. ARC Advisory Group is the leading technology research and advisory firm for industry and infrastructure. Their coverage of technology and trends extends from business systems to product and asset lifecycle management, Industrial IoT, Industry 4.0, supply chain management, operations management, energy optimization and automation...
See more >
-
Modern distributed control systems (DCS) and supervisory control and data acquisition (SCADA) systems are highly capable at controlling chemical processes. However, when incorrectly configured, which is often the case, they also excel at another task - generating alarms. It is common to find alarm rates that exceed thousands per day or per shift at some chemical process industries (CPI) facilities. This is a far greater...
See more >
-
As the plant floor becomes more connected, so do abnormal situations—which can originate from anywhere in the enterprise. To help operators navigate this new universe of anomalies, suppliers are turning to artificial intelligence and machine learning technologies that enable proactive situational awareness vs. reactive alarm management.
See more >
-
The Industrial Internet of Things (IIoT) presents a unique opportunity to speed up the slow-moving technology adoption lifecycle that is inherent to the industrial sector for operational technologies (OT). This is a sector that – for all the right reasons related to safety, security, and continuity – is relatively slow to adopt new technologies.
See more >
-
For three decades, the process industries have been using sophisticated Distributed Control Systems (DCS) or Site Control And Data Acquisition (SCADA) systems for process control. These use real-time process control graphics as the Human-Machine Interface (HMI) for the operator. But when we installed these systems, there were no available guidelines as to what constituted a “good” graphic.
See more >
-
For the last several months, officials from PAS have been traveling the globe talking to manufacturing executives about best practices for securing industrial control systems (ICS). A few years ago these trips were focused on educating companies on the vulnerabilities of the ICS. But today, interestingly, CIOs and cybersecurity professionals understand that the safeguards currently in place only scratch the network surface.
See more >
-
Industrial Control Systems (ICS) Cybersecurity risks have become so public that CEOs and Board members are sponsoring projects within their companies and raising visibility of the issue. PAS Inc. CEO Eddie Habibi and General Manager of Cybersecurity and CMO David Zahn shared that news with me during a conversation this week regarding the release of a new version of PAS Cyber Integrity (5.0).
See more >
-
PAS, which is well known for its Integrity software, has perhaps solved the problem with its new release of Cyber Integrity 5.0, a part of the PAS Integrity Software Suite, according to David Zahn, general manager of the cyber security business unit at PAS. PAS Cyber Integrity is based upon the proven PAS Integrity platform, and it automates internal and regulatory compliance reporting while reducing associated efforts b...
See more >
-
Standards on alarm management have continued to evolve since the June 2009 publication of ISA-18.2, the first true standard on alarm management applicable to U.S. companies. Alarm management standards went global in October 2014 with the release of the international standard IEC 62682.
See more >
-
Recognizing the need for a bulletproof security framework for industrial control systems, PAS Inc., a provider of asset and configuration management for distributed control systems (DCS), has formed a new Cyber Security Business Unit focused on providing products and services to protect the core configuration of the control system. In addition to the announcement of a new division, PAS rolled out the latest version of it...
See more >
-
Cyber security issues continue to grow throughout the manufacturing automation sector and that is becoming clearer with new players trying to capitalize on the latest buzzwords to garner a foothold, but sometimes the answer to a problem has been in front of you all along. At least that is what PAS believes as the Houston-based asset reliability provider today launched a new cyber security business unit focused on configu...
See more >
-
Protecting industrial plants and their machines, networks, information systems, and personnel from threats is a management duty. New tools are designed to help companies comply with NERC’s Critical Infrastructure Protection (CIP) requirements, OSHA’s Process Safety Management (PSM) standards, the ISA/IEC-62443 standards, and other external and internal security measures. Following are products meant to help companies man...
See more >
-
Human error ties to all industrial accidents in one shape or form. “Hold on! Pumps fail and cause incidents all the time,” you might say. Yet, why do pumps fail? Often it is due to improper maintenance. Sometimes it might be because of shoddy design. Even with the pump failing to perform, there is still often an opportunity to avoid an incident if a console operator takes timely corrective actions. No matter the situatio...
See more >
-
State-based control isn’t new but chemical companies now are showing increasing interest in the approach, according to vendors such as ABB, PAS, ProSys and Siemens. This has much to do with the 2010 launch of the ISA106 committee on Procedure Automation for Continuous Process Operations by the International Society for Automation, Research Triangle Park, N.C. Prior to this, only a small number of chemical companies, nota...
See more >
-
The move to distributed control systems that deliver data in a digital format made old interfaces obsolete. But what some thought were improvements were actually obstacles. Today, understanding human error and ability, as well as industrial processes, helps engineers think like operators when it comes to redesigning control rooms and alarm-management systems. BASF and Southern Company explain what they’ve done.
See more >
-
PAS is celebrating their 20th anniversary. Founder Eddie Habibi and his team threw a much larger party for the PAS Technology Conference 2014 than you'd expect from the company size. It was a respectable sized User Group meeting, too, with over 130 people from several countries in attendance. The conference keynotes by Eddie Habibi and FBI Special Agent Angela Haun were proceed by a press conference in which PAS CEO Habi...
See more >
-
When you think about the automation, asset reliability and mechanical reliability we’ve been investing in our plants for the past 40 years, it’s no wonder we’ve designed in some pretty amazing technologies to boost overall plant reliability. While the mechanical side has seen an upturn, the human side of reliability needs some work.
See more >
-
Preclude operator error, improve safety and profitability. Industrial control systems are ocmplex designs, but they do not give much consideration to the needs of the human operator. This oversight has caused serious and costly accidents. By empowering operators with the right hman-automation relationship tools, companies will achieve and exceed their goals.
See more >
-
Anyone in the automation profession has experienced frustration in troubleshooting a problem or adding something new to control systems where the “as built” documentation does not match the installed system. This gap in documentation results in a significant amount of wasted man-hours and increased MTTR (Mean Time To Repair). In addition, cyber security requirements and regulations require up-to-date “as built” documenta...
See more >
-
Conventional control systems are inherently limited in their ability to make cognitively complex decisions. Most operations are based on central operator consoles that require training and need close attention. They display too much data and too little relevant information. In crisis situations, with many hundreds and even thousands of simultaneous alarms, physical cooperation and communications become overwhelming and h...
See more >
-
Southern Company’s approach to NERC CIP compliance holds lessons for the manufacturing and processing industries as cybersecurity becomes a business imperative. For Southern Company, cybersecurity is not optional. They are required to address NERC cybersecurity standards, which, according to Southern Company’s systems analyst Larry Spoonemore, includes: maintaining an inventory of all assets and cyber devices/systems at ...
See more >
-
Industry conferences frequently offer a great chance to see new technologies up close along with the opportunity to hear various end users talk about their experience with those technologies. Less frequently, however, do you catch a bit of insight that could harbinger technology applications across industry.
See more >
-
The PAS conference in Houston last week primarily focused on the concept of Human Reliability, which, in essence, is the science of minimizing human error in service of greater safety, compliance and, ultimately, profitability. Highlighting the fact that this idea is not simply a pet concept of PAS—which is rebranding itself as “The Human Reliability Company”—the PAS conference featured a number of end user presenters fr...
See more >
-
It may not be a new concept, considering its roots can be found in H.W. Heinrich’s study of industrial safety in the 1930s, but the idea of “Human Reliability” certainly seems to be catching on across industry. Beyond the benefits of increased safety and improving the appeal of industrial work to new and existing employees, Human Reliability is also being lauded for its positive impact on productivity. A showcase example...
See more >
-
Visibility of control system data remains a top priority for refineries these days as the entire enterprise needs to see what is going on throughout the process. “We are constantly getting pressure to get the data as visible and transparent as possible to a variety of different groups,” said Jason Bottjen, manager of control systems engineering at Valero Energy Corp., during his talk Tuesday at the PAS Technical Conferen...
See more >
-
That is why there were two companies – Waterfall Security Solutions and Owl Computing — talking differing technologies at the PAS Technical Conference in Houston, but saying one way communication is a very effective security tool. ake the Shamoon attack this past August. RasGas suffered from the attack last August and it forced the company to disconnect completely from the network.
See more >
-
Larry Spoonemore knows the advantages of cyber security go beyond just securing the plant. He knows it can be a productivity enhancer. “You will find if you manage the issues and over a period of time, you will improve productivity,” said Spoonemore, the control system integrity coordinator at energy provider Southern Company during his talk Tuesday on Automated Management of Cyber Security Assets at the PAS Technical Co...
See more >
-
It is time to focus on human reliability. “We have done a fantastic job in improving productivity, let’s try to prevent human error,” said Eddie Habibi, chief executive and founder of PAS, during his keynote address Tuesday at the PAS Technical Conference in Houston. “Human error is to human reliability as pump failure is to asset reliability.” In these days of faster, better, more, the reliance on technology is becoming...
See more >
-
Using Technology to Try to Solve the Problem is Equally Human. Humans are wonderful, complex beings. That our very name, homo sapiens, can be translated to wise man, is an indication of our intelligence. We have the ability and capacity to do so much and, along with our advanced language capability, we can reason, problem-solve, introspect and quickly adapt to current conditions around us. But we are not infallible.
See more >
-
PAS, a supplier of human reliability software and services to the power and processing industries worldwide, has announced that Qatargas, the world’s largest liquefied natural gas (LNG) producer, has chosen PAS’ PlantState Suite alarm management software and engineering services for an improvement project across all their units.
See more >
-
Iconon any company, an employee’s performance affects its productivity, profitability, and reputation. In manufacturing, the link is immediately apparent because the process is directly controlled by the real-time actions of a console operator. If that operator makes a critical mistake, the entire company may be adversely affected.
See more >
-
In most process industries, manufacturing is directly controlled by the real-time actions of a console operator. If that operator makes a critical mistake, the entire company and its shareholders may be adversely affected. The disciplines of Human Factors and Ergonomics explore the way humans interact within their work environment. Every individual’s job performance directly impacts safety, production, and profitability ...
See more >
-
This alarm management problem leads on to a look at the practical and pragmatic approach adopted in the second edition of “The Alarm Management Handbook,” by Bill Hollifield, Principal Alarm Management Consultant for PAS, and Eddie Habibi, founder and ceo of PAS: incidentally Hollifield is also co-author of “The High Performance HMI Handbook.”
See more >
-
As a leading player in the field of automation and information technology decreasing the time to implement automation and information projects while reducing risk are key priorities for Invensys Operations Management. Recently, Invensys has adopted PAS’ Integrity Software in order to automate the capture and management of the highly complex configuration of process automation assets, from field devices to advanced applic...
See more >
-
A new era of the human-machine interface (HMI) is upon us. Harsher safety and compliance standards have persuaded many operating companies to replace their “traditional” graphics with high-performance HMIs – a move that is sure to make life easier for plant operators everywhere. When graphic operator display capabilities were first introduced into distributed control systems (DCS) in the late 1970s, there were no guideli...
See more >
-
PAS provides Operations and Automation Effectiveness solutions to the process industries. PAS improves operations effectiveness by maximizing operators’ situational awareness; enabling them to take the most beneficial actions during both steady state operations and abnormal situations. PAS’ Integrity software improves automation effectiveness by mapping and managing configuration for the ever-increasing number of complex...
See more >
-
PAS sets out to map the ‘Automation Genome’ Process automation users increasingly find themselves between the Scylla of growing complexity and the Charybdis of diminishing resource. OK, pretentious, but at least rather less cliché ridden than a rock and a hard place!
See more >
-
"All accidents are preventable." This is a powerful statement that inspires professional men and women in their quest for a safer working environment. We believe it to be true because otherwise we would have to accept failure. And when it comes to human life, failure is not an acceptable option. But is it true? Reality seems at odds with our belief.
See more >
-
By following seven key steps, operators can create highly effective, reliable alarm systems to optimize offshore production facilities' operation. Reliability of oil and gas production facilities has never been more important. Poorly performing alarm systems negatively impact reliability and production. They can interfere with, rather than assist, the operator in handling an abnormal situation.
See more >