Avoid keeping sensitive info in a code repo – how to remove files from git version history

One of the vulnerabilities that are really easy to exploit is when people leave super-sensitive information in source code - and you get your hands on this source code. In early prototyping a lot of people will hardcode passwords and certificate keys in their code, and remove it later when moving to production code. Sometimes… Continue reading Avoid keeping sensitive info in a code repo – how to remove files from git version history

Integrating power grids: what does it do to cyber resilience?

There are two big trends in the power utilities business today – with opposing signs: Addition of micro-producers and microgrids, making consumers less bound to the large grid operators Increasing integration of power grids over large distances, allowing mega-powerplants to serve enormous areas Both trends will have impact on grid resilience; the microgrids are usually… Continue reading Integrating power grids: what does it do to cyber resilience?

Do SCADA vulnerabilities matter?

Sometimes we talk to people who are responsible for operating distributed control systems. These are sometimes linked up to remote access solutions for a variety of reasons. Still, the same people do often not understand that vulnerabilities are still found for mature systems, and they often fail to take the typically simple actions needed to… Continue reading Do SCADA vulnerabilities matter?

New security requirements to safety instrumented systems in IEC 61511

IEC 61511 is undergoing revision and one of the more welcome changes is inclusion of cyber security clauses. According to a presentation held by functional safety expert Dr. Angela Summers at the Mary Kay Instrument Symposium in January 2015, the following clauses are now included in the new draft – the standard is planned issued… Continue reading New security requirements to safety instrumented systems in IEC 61511

What is the difference between software and hardware failures in a reliability context?

Reliability engineers have traditionally focused more on hardware than software. There are many reasons for this; one reason is that traditionally safety systems have been based on analog electronics, and although digitial controls and PLC's have been introduced throughout the 1990's, the actual software involved was in the beginning very simple. Today the situation has… Continue reading What is the difference between software and hardware failures in a reliability context?

Does safety engineering require security engineering?

Safetey critical control systems are developed with respect to reliability requirements, often following a reliability standard such as IEC 61508 or CENELEC EN 50128. These standards put requirements on development practices and activities with regard to creating software that works the way it is intended based on the expected input, and where availability and integrity… Continue reading Does safety engineering require security engineering?