Kaspersky has just published the videos from the Kaspersky Industrial CyberSecurity 2018 conference. This video shows Kenexis CEO Ed Marszal presenting the Security PHA Review concept using a pump station as an example. https://www.youtube.com/watch?v=QnfBRlgBaHg&t=239s
This post contains additional information related to the Kenexis Safety Integrity Level Verification training courses. In this post the reader will find links to files that are used in exercises in the training course. Exercise 1 - Test DataDownload
While I'm certain that all of you have all of the strengths and limitations of the different voting arrangements tatooed in your memory, I know that you also have to explain these strengths and limitations to others. For instance, a manager might be insisting that 2oo2 voting is superior to 2oo3 voting, because it has [...]
On 20 Sep 2018, Kenexis CEO Ed Marszal presented at the 2018 Kaspersky Industrial Cyber-Security conference in Sochi, Russia. The topic of the presentation was Security PHA Review (SPR). The presentation provides a brief overview of the topic while highlighting a specific application - a oil pipeline pumping station. This example was chosen because an [...]
While reading the Wired article, titled The Untold Story of NotPetya, the Most Devastating Cyberattack in History, I thought a lot about backups. Backing up your data and systems in order to maintain critical services is a cornerstone of any disaster recovery program (DRP). I hadn’t realized how fast NotPetya spread through some organizations. From [...]
There's a lot of confusion about Systematic Safety Integrity in new IEC61511. We are starting to see devices certified for SIS applications to have a rated Systematic Capability (SC) of 2. What does this mean? Is this yet another hurdle I need to jump over to meet a SIL target? Let's shine some light on Systematic [...]
We are please to announce that Kenexis was chosen by Enterprise Security as one of the top 10 SIEM solution providers recently. This was based on our work over the last few years implementing SIEM solutions in highly regulated industries on legacy control system environments with mediocre network architectures. Enterprise Security saw us filling a [...]
Industrial Control Systems or Operational Technology cybersecurity risk calculations are typically based on threat, vulnerability, and consequence in an equation similar to the one below: risk = threat x vulnerability x consequence If we assign numbers, like 1 to 5, and define each number in the range for each variable, we can probably solve the [...]
Kenexis Open PHA integrated software for performing process hazards analysis (PHA) such as HAZOP and LOPA includes features that allow a Security PHA Review (SPR) to be performed. Open PHA utilizes an open and standardized data structure that includes all of the fields that end users in the process industries determined should be included in [...]
Reducing the Attack Surface with Group Policy You should be constantly working to reduce your attack surface using reasonable low cost methods and your existing equipment. Reducing your attack surface, often referred to as hardening, is the most cost-effective way to increase your security. In this brief article, we will examine using Microsoft Active Directory [...]
Open PHA has been upgraded to include the ability to perform a Security PHA Review (SPR - pronounced 'spur') directly in the PHA study. The advantages of this approach is that it allows for cyber security concerns to be addressed during a PHA study without expending excessive team time and the documentation of the SPR [...]
During Layer of Protection Analysis (LOPA) of high hazard scenarios, we often rely on a diversity of protections including instrumented and non-instrumented safeguards. Invariably, we run into situations where instrumented safeguards must bear the full weight of risk reduction. Of course, we never want to design a Safety Instrumented Function to a SIL 4 or [...]
The Open PHA Development team is proud to announce the release of a new feature available to Open PHA users with a premium subscription, the Open PHA Premium Report Generator. If you have used Open PHA you're probably familiar with the quick print options to generate Microsoft Excel files from tables or grids created by [...]
Have you ever wondered where the equations that are used to calculate probability of failure on demand for SIL verification came from? In this video, Kenexis CEO Ed Marszal goes the white board to show you. This video will demonstrate how all of the equations are based on the fundamental definitions of availability and reliability. [...]
Network appliances like firewalls and switches, have software (commonly referred to as firmware) on them that monitor and log security events. Unfortunately, the logs are rarely read by anyone. In fact, most people have never logged into their home router to look at the logs or change the administrator password. If the firmware was compromised, [...]
Testing of the safety instrumented system (SIS) is a critical lifecycle task that ensures the proper operation of functional safety devices, identifies component failures that can be repaired and tracked, allows tolerable risk goals of the organization to be achieved, and maintains compliance with functional safety standards and safety regulations. While testing of functional devices [...]
We were recently asked about placing Hydrogen Sulfide (H2S) gas detectors in an area of the process where no H2S gas is normally present. Does the possibility for process upset conditions to abnormally result in the presence of toxic gas give rise to a requirement for detection? There was no way to simply answer the [...]
Dispersion of an elevated release Often atmospheric dispersion models are needed to determine the potential for a gas release to impact workers or the public. This is typically encountered during Fire & Gas Mapping. There are quite a few decisions that go into a well-designed dispersion model, not the least of which are [...]
In todays oil and chemicals market, time and budgets are strained to remain operational with a slight profit. Many facilities are making difficult operational and turnaround decisions to survive while possibly putting their operation at risk at the same time. There might be a significant way to reduce time and cost during operations and [...]
New US CSB video summarizing the events that led to the FCC unit explosion. New Video: https://www.youtube.com/watch?v=JplAKJrgyew Reuters Article: http://www.reuters.com/article/us-refinery-blast-exxon-idUSKBN0LM1VR20150218
Today, we remember the 1947 Texas City industrial accident. The picture in our office, reminds us daily that Kenexis exist to prevent these. Learn more at https://en.wikipedia.org/wiki/Texas_City_disaster
The mechanism for the bypass needs to meet the requirements of the IEC 61511 (ISA 84) standard. The relevant sections from the 2016 version of IEC 61511 are as follows: 11.7.2.1 Where the SIS operator interface is via the BPCS operator interface, account shall be taken of credible failures that may occur in the BPCS [...]
After reading an ISA article related to the application of Security PHA Review (SPR) for the determination of required security levels for Industrial Control Systems (ICS), as required in IEC 62443 [ISA 99], a Kenexis customer had some questions related to whether or not some cyber safeguarding measures make a scenario "non-hackable", and if not, what [...]
Achilles JQS Registered Supplier Kenexis Consulting Corporation is pleased to announce that it is a registered, verified, and compliant supplier on Achilles Joint Qualification System (JQS) for the Oil and Gas Industry in Norway and Denmark. Achilles creates and manages a global network of collaborative industry communities, allowing trading partners to share high quality, structured, [...]
Recently, Jim Gilsinn presented at BSides DC 2016 about cybersecurity work on Industrial Control Systems (ICS) and SCADA (Supervisory Control And Data Acquisition). His presentation was titled: "What's the Big Deal with Assessing ICS/SCADA?" If you are considering a career in ICS Cybersecurity, this might persuade you to go back to law school. YouTube Link
