Kaspersky has just published the videos from the Kaspersky Industrial CyberSecurity 2018 conference. This video shows Kenexis CEO Ed Marszal presenting the Security PHA Review concept using a pump station as an example. https://www.youtube.com/watch?v=QnfBRlgBaHg&t=239s
This post contains additional information related to the Kenexis Safety Integrity Level Verification training courses. In this post the reader will find links to files that are used in exercises in the training course. Exercise 1 - Test DataDownload
While I'm certain that all of you have all of the strengths and limitations of the different voting arrangements tatooed in your memory, I know that you also have to explain these strengths and limitations to others. For instance, a manager might be insisting that 2oo2 voting is superior to 2oo3 voting, because it has [...]
On 20 Sep 2018, Kenexis CEO Ed Marszal presented at the 2018 Kaspersky Industrial Cyber-Security conference in Sochi, Russia. The topic of the presentation was Security PHA Review (SPR). The presentation provides a brief overview of the topic while highlighting a specific application - a oil pipeline pumping station. This example was chosen because an [...]
While reading the Wired article, titled The Untold Story of NotPetya, the Most Devastating Cyberattack in History, I thought a lot about backups. Backing up your data and systems in order to maintain critical services is a cornerstone of any disaster recovery program (DRP). I hadn’t realized how fast NotPetya spread through some organizations. From [...]
There's a lot of confusion about Systematic Safety Integrity in new IEC61511. We are starting to see devices certified for SIS applications to have a rated Systematic Capability (SC) of 2. What does this mean? Is this yet another hurdle I need to jump over to meet a SIL target? Let's shine some light on Systematic [...]
Pipeline Cybersecurity Risks What happens if a hacker takes control remotely of a pump station and spoofs the pressure indicator, so the logic controller does not shut-down the booster pump, and then closes a discharge valve – blocking the pump in and over-pressuring the downstream piping? When you are focused on designing safety requirements for [...]
We are please to announce that Kenexis was chosen by Enterprise Security as one of the top 10 SIEM solution providers recently. This was based on our work over the last few years implementing SIEM solutions in highly regulated industries on legacy control system environments with mediocre network architectures. Enterprise Security saw us filling a [...]
Industrial Control Systems or Operational Technology cybersecurity risk calculations are typically based on threat, vulnerability, and consequence in an equation similar to the one below: risk = threat x vulnerability x consequence If we assign numbers, like 1 to 5, and define each number in the range for each variable, we can probably solve the [...]
Kenexis Open PHA integrated software for performing process hazards analysis (PHA) such as HAZOP and LOPA includes features that allow a Security PHA Review (SPR) to be performed. Open PHA utilizes an open and standardized data structure that includes all of the fields that end users in the process industries determined should be included in [...]
Reducing the Attack Surface with Group Policy You should be constantly working to reduce your attack surface using reasonable low cost methods and your existing equipment. Reducing your attack surface, often referred to as hardening, is the most cost-effective way to increase your security. In this brief article, we will examine using Microsoft Active Directory [...]
A month ago I was on my way into Istanbul from the Middle East. I filled out the online form for a Visa to enter the country and received an email that had malware attached to the link for my Visa. That one got me and took down my email for a couple hours why [...]
Making the decision to migrate from an existing software platform to a newer more powerful one isn’t always easy. Organizations often have large bases of installed software and may have made large financial commitments based on the best available information at the time of the commitment. However, if there is one [...]
2-factor authentication Most of the people I work with know how I feel about password security. I’m well aware of the password management burden we all face, so I’m always promoting the use of password managers and two-step authentication for any account that supports it. I recently read an article posted on The Register in which a [...]
Open PHA has been upgraded to include the ability to perform a Security PHA Review (SPR - pronounced 'spur') directly in the PHA study. The advantages of this approach is that it allows for cyber security concerns to be addressed during a PHA study without expending excessive team time and the documentation of the SPR [...]
Earlier this week, we enabled a powerful function in Open PHA™ Premium that allows you to translate all of your work or a site's work into almost any language. This makes it easy for someone at headquarters to read a HAZOP from a site even though the site performed the work in their local language. Now [...]
During Layer of Protection Analysis (LOPA) of high hazard scenarios, we often rely on a diversity of protections including instrumented and non-instrumented safeguards. Invariably, we run into situations where instrumented safeguards must bear the full weight of risk reduction. Of course, we never want to design a Safety Instrumented Function to a SIL 4 or [...]
The Open PHA Development team is proud to announce the release of a new feature available to Open PHA users with a premium subscription, the Open PHA Premium Report Generator. If you have used Open PHA you're probably familiar with the quick print options to generate Microsoft Excel files from tables or grids created by [...]
FREE HAZOP/LOPA Software! Now that I've got your attention... Kenexis has developed a best-in-class software application for the facilitation and recording of process hazards analysis (PHA) studies. This software, called Open PHA™, is a leap forward in a category that has been stagnating over the past decade. Most traditional PHA software vendors have not really [...]
Have you ever wondered where the equations that are used to calculate probability of failure on demand for SIL verification came from? In this video, Kenexis CEO Ed Marszal goes the white board to show you. This video will demonstrate how all of the equations are based on the fundamental definitions of availability and reliability. [...]
We are pleased to announce the addition of the Safety Instrumented Systems Overview and Awareness to the Kenexis Online Training Center. This course provides an online self-paced overview and awareness level of SIS design that is appropriate for all personnel that interact with SIS in any way. The course includes informative examples that highlight [...]
Network appliances like firewalls and switches, have software (commonly referred to as firmware) on them that monitor and log security events. Unfortunately, the logs are rarely read by anyone. In fact, most people have never logged into their home router to look at the logs or change the administrator password. If the firmware was compromised, [...]
Testing of the safety instrumented system (SIS) is a critical lifecycle task that ensures the proper operation of functional safety devices, identifies component failures that can be repaired and tracked, allows tolerable risk goals of the organization to be achieved, and maintains compliance with functional safety standards and safety regulations. While testing of functional devices [...]
We were recently asked about placing Hydrogen Sulfide (H2S) gas detectors in an area of the process where no H2S gas is normally present. Does the possibility for process upset conditions to abnormally result in the presence of toxic gas give rise to a requirement for detection? There was no way to simply answer the [...]
Dispersion of an elevated release Often atmospheric dispersion models are needed to determine the potential for a gas release to impact workers or the public. This is typically encountered during Fire & Gas Mapping. There are quite a few decisions that go into a well-designed dispersion model, not the least of which are [...]
