Instsignpost's Blog

Achilles Certification With cyber terrorism and critical infrastructure security and protection becoming a major topic in the media, the Wurldtech team is pleased to announce the 15th industrial control system to achieve the internationally recognized benchmark for system security and robustness. The official press release is included below and can be viewed online. What Does This Mean? As cyber security risks to global critical infrastructure grow in frequency and sophistication, delays in industry standards and government regulation continue, and the economic and public safety risks associated with cyber terrorism increase,leading end-users and suppliers have created and adopted their own commonly accepted cyber security standard to improve the reliability of network components that control and automate the worlds critical infrastructures. – The private sector is taking action on their own, even in the absence of any standard or government regulation which should demonstrate how serious this problem is – The worlds largest energy companies such as Shell, BP, Total and many national and state electric utilities are forcing this standard on their suppliers – The world’s largest suppliers are embracing the benchmark and getting their products tested and certified. – This has resulted in one of the largest and quantifiable reductions in cyber security risks in decades thus ensuring that the electricity and energy products we’ve come to rely on, are there when we need them. – Government research and development initiatives and regulation efforts have proven costly and ineffective compared to a industry led effort. – Wurldtech, the creator of the program is a small 25 person company located in Canada and now the trusted cyber security advisor to the worlds largest companies and government agencies The I/A ZCP 270 is the fourth from Invensys to meet the Achilles certification criteria, along with the I/A FCP 270, Triconex Trident and TriconexTricon controllers, and joins a long series of certified products that have made the Achilles Certified designation the standard for cyber security certification in the industrial automation industry Supporting Feedback “Given the risks, it is unacceptable for any device, system or software application that is found on a critical infrastructure networks to be deployed without going through rigorous security testing andcertificationfrom true experts such as Wurldtech” said Greg Garcia, former Assistant Secretary for Cyber Security from the U.S. Department of Homeland Security and who will be a speaker at the forthcoming ISAExpo (7th October 2009). “Shell has worked closely with Wurldtech to expand the Achilles certification program and will continue to subject our suppliers to the program criteria as it evolves,” says Ted Angevaare, Shell Global Solutions’ global manager of process control security and architecture. “Operators in all sectors and in all countries must continue to drive improvements themselves by insisting that their suppliers get their products tested and certified. If we choose not to embrace the means available to us to help protect our critical systems, then we can’t blame anyone else but ourselves when our plants go down from cyber issues.”

Wurldtech Security Technologies has announced the 15th Achilles-certified control system, this time from Invensys Operations Management. The I/A ZCP 270 is the now the fourth control system from Invensys to meet the Level 1 criteria, along with the I/A FCP 270, Triconex Trident andTriconexTricon controllers, and joins a long series of certified products that have made the Achilles Certified designation the standard for cyber security certification in the industrial automation industry.

“The security and robustness of our automation and control solutionsis of critical importance” said Ernie Rakaczky, Principal Security Architect for Invensys Operations Management. “By integrating the Achilles certification program requirements into the development lifecycle of our product portfolio, we are able to validate product robustness from design through deployment and help our customers maintain safe, secure and reliable industrial operations.”

Leading By Example: Raising The Bar For All SuppliersOf Industrial Network Infrastructure
As industry awareness continues to evolve, cyber security risks to process control networks grow in frequency and sophistication, and the costs associated with patch management and unexpected downtime increase, end-users of critical infrastructure continue to demand Achilles certified products as a simple, cost-effective way of improving the reliability of their industrial operations.

“We congratulate Invensys Operations Management on another certified product in their control solutions portfolio,” said Tyler Williams, President of Wurldtech Security Technologies. “It is absolutely fantastic to see a manufacturer proactively demonstrating such a strong commitment to cyber security best practices, something we feel is absolutely mandatory for any supplier of critical industrial control solutions.”

From FUD To Fact: One Small Step Really Is A Giant Leap
Earlier this week, Wurldtech released a white paper on the benefits of industrial cyber security certification that provided a startling look at the overall landscape for what until now has been an relatively overlooked issue of critical network stack vulnerabilities in embedded devices – SCADA PLC’s, Distributed Control Systems, Safety Integrated Systems and emerging technologies such as Smart Meters. The analysis reviewed the obfuscated testing results of 43 embedded controllers and then compared the results with those having achieved Level 1 certification. The results were astounding, with sometimes up to a 75% percent reduction in actual identified vulnerabilities in a given device just by meeting the certification criteria. The paper went on to show how leading end-users such as BP and Shell are reacting to this information anddriving improvements through their supply chain by requiring Achilles-certified systems.

“It is clear that operators can reduce their cyber risk exposure significantly by simply insisting that their suppliers meet this globally recognized and commonly accepted benchmark for system robustness,” said Dr. Nate Kube, CTO of Wurldtech. “It is cheap, easy and demonstrable, and it would be a shame to watch the advancements in automation and control made possible by the adoption of Industrial Ethernet crippled by preventable issues when something as simple as getting certified could have prevented it from happening. The risks are too high, and we can’t afford to wait, especially when we have such a compelling solution today.”

Currently, the Achilles certification is available for all industrial control systems, whether wired or wireless, and certification tests are being developed for every category of IP-enabled network infrastructure.