• ICS Vulnerability Management

    Reduce ICS Cyber Risk: Find and Remediate Hidden ICS Vulnerabilities

    February 28, 2018

    11:00 AM EST | 10:00 AM CST | 8:00 AM PST (17:00:00 UTC)  Attacks on ICS systems are rapidly escalating in terms of both frequency and sophistication. 2017 saw 193 new published ICS-CERT advisories – that is a 1035% jump from the 17 vulnerabilities published in 2010. ICS systems (Level 1 and 0) are the endpoints that matter most, as they are the endpoints primarily responsible for safety and production in power generation plants, chemical facilities, and refineries. However, far too many organizations lack vi... View >

  • Recorded: Effective ICS Vulnerability Management

    The Debate Over When, Where, and How to Invest. Even with a good ICS vulnerability management process, most companies struggle to keep up with the myriad ICS alerts and advisories issued by ICS-CERT and automation vendors each month. Typically lacking automated inventory capabilities, industrial process companies struggle to identify new risks to systems responsible for process reliability and safety. It is tough to remediate a vulnerability when you don’t know what you have. Without effective, automated processes... View >

  • Making a Big Dent in Nuisance Alarms

    Recorded Webinar: Making a Big Dent in Nuisance Alarms

    An important, early step for improving an alarm system is to identify and fix nuisance alarms. By working on a very few alarms – usually ten to thirty – you can achieve major increases in alarm system performance. This can be done quickly, and with low cost and low impact on internal resources. In this webinar, Bill Hollifield, co-author of The Alarm Management Handbook, discusses how you can jumpstart your alarm management project and immediately show a major improvement by reducing nuisance alarms. He will cover the variou... View >

  • Recorded Webinar: The Power of Regulation Versus Well-Oiled Industry Standards

    It has become an ongoing debate – does government or self-regulation work better to secure an industry? The power industry is currently on NERC CIP Version 6 of its regulatory requirements with future regulations expected on supply chain security. Oil & Gas (O&G) has no such regulatory regime, but does have standards that it uses to reduce cybersecurity risk, such as NIST 800-82 and IEC 62443. For O&G, compliance is an internally generated activity. Which of these two different drivers for industrial control system ... View >

  • Recorded Webinar: What You Need to Know About the 18.2 Technical Reports Starting with TR1

    (1 in series of 3) What are the seven ISA 18.2 Technical Reports, and what do they mean to you? In this session, we’ll begin with a quick summary of ISA 18.2-2009, IEC 62682-2014, and ISA-18.2 standards and their differences followed by an introduction to the ISA Technical Report (TR); covering the intent of the reports, what is allowed in a Technical Report versus a Standard, and how you can get access to the reports. Finally, we’ll dive into TR1: Alarm Philosophy Document, covering mandatory requirements in the Standard, new ... View >

  • Recorded Webinar: What You Need to Know About ISA-18.2 TR5, TR2 and TR3

    (2 in series of 3) What are the ISA-18.2 Technical Reports, and what do they mean to you? In this session, we'll explore TR5: Alarm System Monitoring, Assessment, and Auditing; TR2: Alarm Identification and Rationalization; and TR3: Basic Alarm Design. We'll discuss mandatory requirements in the Standard, new content in the Technical Reports, and what you need to know based on best practices discussed in the PAS Alarm Management Handbook.   View >

  • Recorded Webinar: What You Need to Know About ISA-18.2 TR4, TR6, and TR7

    (3 in series of 3) What are the seven ISA 18.2 Technical Reports, and what do they mean to you? In this session, we’ll explore and TR3 (Basic Alarm Design), TR4 (Enhanced and Advanced Alarm Methods, TR6 (Alarm Systems for Batch and Discrete Processes), and TR7 (Alarm Management when Utilizing Packaged Systems); covering mandatory requirements in the Standard, new content in the Technical Reports, and what you need to do now based on best practices discussed in the PAS Alarm Management Handbook.    View >

  • Recorded Webinar: See Through the Noise with Industrial Control System Configuration Baselines

    Industrial process control facilities need baselines to secure both production- and IT-centric endpoints. Baselines allow facilities to monitor more easily the configuration changes that impact security, compliance, governance, and operations. By focusing on the configuration data deemed most critical, Cyber Integrity’s enhanced baseline capabilities significantly reduce the time that engineering and cybersecurity personnel spend investigating and pinpointing configuration changes.   Cyber Integrity uniquely addresses the p... View >

  • Recorded Webinar: Are We Safe to Run the Plant?

    The fundamental question every operations manager needs to answer is “Are we safe to run the plant?” While it sounds simple, many variables help answer this question including understanding the operational state of your safety instrumented systems (SIS) and other independent protection layers (IPL). Companies often struggle with real-time visibility into the state of IPL because critical information is trapped within multiple systems and spreadsheets. Most employ manual processes to gather necessary data and build a profile of plant ope... View >

  • Recorded Webinar: Alarm Management - 7 Steps in 45 Minutes

    Poorly performing alarm systems - plagued by high alarm rates, periodic alarm floods, nuisance alarms, and uncontrolled alarm suppression - diminish operator situation awareness and impact plant production and safety. An effective alarm system optimization strategy combines proven methodology, knowledgeable plant personnel, and standards-based automation technology.  In this session, we present a 45-minute condensed review of the PAS 7-Step Alarm Management Methodology. We provide step-by-step highlights and take a closer look at S... View >

  • Recorded Webinar: Understanding High Performance HMI Principles and Best Practices

    Find out about principles and best practices for process control systems with a computer-based HMI. Foundational to understanding the recently revised ANSI/ISA-101 standard requirements, we'll explore HPHMI principles and best practices.   View >

  • Recorded Webinar: Developing a Plan of Action: Guidelines for Implementing an HPHMI Strategy

    In this follow-up to our first webinar in the series, we'll review practical methods to implement a High Performance HMI strategy. We'll examine the evolving ANSI/ISA-101 standard, summarizing exactly what you need to know.   View >

  • Recorded Webinar: Pushing Process Limits Without Compromising Safety

    How can operating teams push processes to their optimal limits while maximizing safety and minimizing environmental impact?  While operating inside safe boundaries sounds simple, modern control systems (DCS, SCADA, etc.) are not designed to track boundaries other than process alarms. Indeed, alarms limits and activation rates are enough of a challenge to control; visualization, management and control of operational boundaries is even more complex although very much interwoven with these alarms. Consolidating operatio... View >

  • Recorded Webinar: Introducing PlantState Suite 8.0

    Featuring the industry's first operational risk dashboard, PSS 8.0 provides plant managers and operators with centralized alarm system, control loop, boundary, and other operational analytics for improved situation awareness, plant safety, and profitability. PSS 8.0 also features operational boundary-based opportunity cost tracking and advanced event analytics. In this session, we'll provide an overview of the new PSS 8.0 features, including:Operational Risk Dashboard: Provides opera... View >