An old player in the security industry is starting up a new unit focused purely on industrial cyber security.
Greenville, SC-bsed aeSolutions is launching their Industrial Cybersecurity line of business. While the company has already been providing these services, the creation of this new division is a response to increased market demand.
Companies recognize a strong relationship between safety and cyber security, and value partners who can provide a holistic approach to help them address these issues. Incorporating Cybersecurity Lifecycle services into the aeSolutions service portfolio will solidify the depth and breadth of aeSolutions services and increase the value of their partnerships with their clients.
With the start of the new line of business, aeSolutions hired John Cusimano CFSE, CISSP, as director of industrial cybersecurity to launch and manage this new line of business. Cusimano, formerly of exida, brings considerable experience and a strong reputation.
Cusimano is an industrial control systems cyber security and functional safety expert with more than twenty years of experience. He has performed numerous control system cyber security vulnerability and cyber risk assessments in the oil & gas, chemical, water/wastewater, and power industries per ISA/IEC 62443 and NERC CIP standards. He has also overseen and participated in the security testing and certification of several control and safety systems per the ISASecure and Achilles security certification programs.
A leader in the development of ICS cyber security standards and best practices, Cusimano is chairman of ISA 99 WG4 TG2 Zones & Conduits committee and co-chair of ISA 99 WG4 TG6 Product Development committee.
“We are not new to industrial cyber security, but with the addition of John and others to our team, we increase our ability to serve our clients’ cyber security needs throughout the entire process safety lifecycle,” said Brian Merriman, chief executive of aeSolutions. “Our customers have been asking for our help in identifying and quantifying their cyber risk, in implementing countermeasures to reduce that risk, and in developing and institutionalizing policies and procedures that will encourage a cyber security culture. With this new line of business, we will be able to address those needs at this critical time in industry.”
Much like process safety, there is a defined lifecycle model for Industrial Cybersecurity and aeSolutions provides the following cyber security services in each phase of the process safety lifecycle:
• Assess & Define Phase — Cyber security vulnerability assessments, cyber security risk assessments, network architecture diagrams, zone & conduit modeling, cyber security requirements specification development, cost/benefit analysis, strategy development
• Design, Implement, & Construct Phase — System network architecture design, access control and remote access design, system hardening, cyber security test plan development and acceptance testing, firewall design and commissioning
• Operate & Maintain Phase — Intrusion Detection Design/Implementation, Patch management, vulnerability management, change management, backup/restore, cyber security audits, and training