Real-World HMI Design Considerations for Improved Safety

Jun 30, 2017 8:45:00 AM | Posted by Bruce Billedeaux

Real-world scenarios need to be taken into account when designing HMI. There should be no unnecessary functions that can potentially cause safety issues like they did for an airliner at Nashville International Airport in 2015.

Read More →

Protecting HMIs from Ransomware Threats

Apr 14, 2016 2:06:01 PM | Posted by Bruce Billedeaux

When it comes to industrial cyber security issues, a good backup is the best defense. This is especially true as companies are being targeted more and more by ransomware threats from hackers.

Read More →

Fear of darkness: Integrating automation systems to a more complex protocol convertor

Apr 15, 2015 4:22:00 AM | Posted by Bruce Billedeaux

As data collection becomes a larger task, it may be time to see if you need an automation system that lasts longer and makes system integration easier.

One task I am commonly asked to perform is to redesign a system to eliminate the aptly named “black box”. As most readers of this blog know a “black box” is the generic term for a protocol convertor. Originally, these devices only converted electrical protocols, for example RS-232 to RS-485. They were named because no one knew how the magic took place in the “black box”. If these boxes remained solely electrical protocol convertors, I don’t think that my services would have much value to our clients. These original “black boxes” ran for years without any user intervention or maintenance requirements.

Read More →

Balancing secure networks and process control systems access

Sep 17, 2014 8:33:00 AM | Posted by Bruce Billedeaux

What are automation engineers to do to enhance security while ensuring the need for barrier-free access to the process control system?

Our friends in the information technology (IT) field that take care of the business networks talk a lot about security. I am sure that most people reading this blog had to log in to their workstation with a company provided username and a password that has to be changed every 90 days. The IT folks further program the networks to limit access to the minimal amount of data that is required to get each employee’s job done. Some firms even go as far as limiting which websites can be accessed from a company workstation. All this for a workstation already physically located inside a building with controlled access.

Read More →

Cyber security: Trusting your source for drivers, software tools

Jun 24, 2014 8:53:23 AM | Posted by Bruce Billedeaux

Some of the most published cyber security events have been traced back to malicious content embedded on a trusted user's laptop through an e-mail or downloaded document. Is your process control network safe?

Read More →

Red and Blue Team Training Brings ICS Cyber Security Weaknesses To Light

Apr 23, 2013 4:09:00 AM | Posted by Bruce Billedeaux

As a follow up to last week’s discussion on five industrial control system cyber security mistakes, I want to talk about a cyber security exercise I participated in at the ICS Cyber security (301) Training I attended recently. The five-day event featured hands-on training in cyber security and the week concluded with a red team / blue team exercise that took place within an actual control system environment.

Read More →

5 Industrial Control System Cyber Security Mistakes

Apr 16, 2013 9:33:00 AM | Posted by Bruce Billedeaux

Recently, I attended ICS Cyber Security (301) Training at the U.S. DHS CERT facility in Idaho Falls, Id. The five-day event featured hands-on training in discovering who and what is on the network, identifying vulnerabilities, learning how those vulnerabilities may be exploited, and learning defensive and mitigation strategies for ICSs (industrial control systems). Here are five key takeaways from that training.

Read More →