OT Cybersecurity - Resilience.

Papers welcomed from the OT Cybersecurity Community.

The ISA Ireland OT Cybersecurity Conference is scheduled for next November 2025 in Mullingar (IRL). It is being held in partnership with Cyber Ireland.The theme for this years conference is "OT Resilience: Incident prevention, response and recovery."

Papers are currently being sourced and invitations have been issued to end-users, professionals, researchers and experts in the area of cybersecurity in Ireland to contribute their insights and experiences. Preference for speaking slots will be given to end-users.

Suggested topics include:

• Segmentation Strategies
• Defence in Depth
• Disaster Recovery Plans for OT Environments
• Incident Recovery Plans
• Developing an OT-Centric Incident Response Plan
• Collaborating with IT and Cybersecurity Teams During
• OT Incidents
• Best Practices for Incident Investigation in OT Systems
• Operational Continuity
• Importance and Benefits of Cyber Insurance
• Cybersecurity Post-Incident Analysis
• Building a resilient OT Infrastructure

Guidelines: • Authors are requested to submit an abstract of their paper by Friday 29th August. • The committee will review abstracts by Friday 26th September. • Authors of accepted abstracts shall prepare detailed presentation slides and submit them for the final review of the Conference Technical Committee by Friday 24th October. • Final presentations, incorporating the Committee's feedback, shall be submitted by Monday 3rd November. Submissions and enquires to ISA Ireland

---

@IrelandISA @CyberIreland @ISA_Automation. #PAuto #Cybersecurity #Ireland

Goverenance risk complience -

Implementation from the cybersecurity auditor's point of view. 

"Practical GRC - Implementation - Cybersecurity Auditor's View" has been jointly authored by Santosh Desai and Gauri Saple. The book presents a practical IS and IT-OT audit and implementation approach which will benefit both experienced GRC professionals and freshers in the field.

"Cyber GRC auditors and auditees , need to adopt a structured approach towards building, implementing and maintaining organization's digital systems security posture, while addressing associated risks, threats and vulnerabilities", said co-author Santos Desai*. Organisations need to adopt a unified and integrated audit framework and run the security governance program as managed GRC as a service.

---

*Desai invites automation professionals to share thoughts, exchange views in the ongoing e-session which are planned on different topics around GRC on his LinkedIn Group, GRCaaS (GRC as a Service). 

@shroffpub #PAuto #Cybersecurity

Security assurance scheme.

The upcoming rollout of the ISASecure® Industrial Automation Control System Security Assurance (ACSSA) inspection and certification scheme was revealed recently by the International Society of Automation. ISASecure program manager Dr. Mark DeAngelo shared early details on the new initiative at the ISA OT Cybersecurity Summit last month in Brussels (B).

The ISASecure ACSSA inspection and certification scheme will offer a common industry-vetted method for evaluating conformity of an industrial automation and control system (IACS) to the ISA/IEC 62443 series of standards, which includes all policies and procedures, service providers and technical security controls.

“ISASecure is proud to announce our newest program, the ACSSA inspection and certification scheme,” DeAngelo said. “ACSSA’s consistent approach benefits everyone — including asset owners, insurance providers, product suppliers, service providers, conformity assessment bodies and government bodies — allowing all to share a common understanding of facility risk.”

ACSSA was formulated to help bridge lingering gaps in operational site assurance. Despite the comprehensive nature of ISASecure and cybersecurity expert programs, asset owners have relied on a patchwork of internal policies and third-party audits that vary across sites, leading to inconsistent security postures, compliance gaps, increased risk exposure, increased liability and regulatory non-compliance. ACSSA aligns all stakeholders around a consistent, standards-based program, contributing to a more secure and resilient environment for asset owners.

ISASecure’s ACSSA evaluates conformity to the ISA/IEC 62443 requirements by verifying processes, procedures, support from service providers and the configuration and utilization of control systems capabilities. As the ISA/IEC 62443 framework offers a risk-based approach, ACSSA evaluation begins with reviewing the asset owner’s risk assessment process and the results of that process.

The first three-day training course for ACSSA will be launched in early fall 2025 at ISA headquarters in Durham, North Carolina. An online version of the course will be offered in late 2025. ISA is accredited by the International Accreditors for Continuing Education and Training (IACET). Anyone interested in learning more about upcoming ACSSA training courses as they are announced may sign up here .

---

@ISA_Automation @ISA_Secure @automation_com #ISAOTCYBER #PAuto #Cybersecurity

Hardware-based security in South Korea

Xiphera has entered into a strategic partnership with South Korea–based Austin Electric Co., Ltd. This collaboration will extend Xiphera’s advanced cryptographic IP core solutions to a broader customer base in South Korea, especially in the aerospace, industrial automation, critical infrastructure, IoT, and automotive sectors.

This partnership is an important milestone in the company's international growth and reinforces the company’s commitment to delivering robust, transparent, and future-proof cryptographic solutions to customers around the world.

Xiphera designs and develops all its cryptographic solutions entirely in-house. Its mission is to help customers secure their systems against the growing spectrum of cybersecurity threats—including those emerging from the era of quantum computing.

“At Xiphera, we focus on building highly secure and optimised cryptographic IP cores for ASICs and FPGAs,” said Tommi Lampila, Chief Revenue Officer at Xiphera. “Our hardware-based security solutions are engineered to protect critical systems from data breaches, unauthorized access, and the evolving threat landscape. Through our partnership with Austin Electric, we can now serve the South Korean market more effectively with trusted, high-performance security technology.”

Driving secure semiconductor innovation in South Korea.
South Korea’s semiconductor industry—valued at USD 115.7 billion in 2024—is one of the most advanced in the world and is expected to more than double by 2034. As a key player in chip manufacturing, South Korea plays a pivotal role in driving secure digital infrastructure. Xiphera contributes to this ecosystem by offering cryptographic IP cores that embed security directly into silicon—ensuring that protection is foundational, not an add-on.

Austin Electric, a well-established electronics company based in South Korea, will represent Xiphera locally and support the integration of its cryptographic IP solutions across Korean industry verticals.

“Korea is a technology leader in IT, automotive, and semiconductor industries, and recently entered the Industrial 4.0 revolution, so we believe that Xiphera's semiconductor (hardware) based encryption and cyber security IP solutions will play a great role across AI, military defense, IoT, smart home appliances, and smart factory industries, and we are confident that the Korean market will be a stepstone for us to expand globally.” said Kenny Yoon, CMO of Austin Electric.

---

• See also: Innovation in cybersecurity. (22/5/2025) 

@xiphera #AustinElectric #PAuto #Cybersecurity #Korea

Observability.

Features for Real User Monitoring (RUM) and Synthetic Transaction Monitoring (STM).

Centreon has announced the acquisition of Quanta.io, a French software company renowned for its expertise in Web Performance and Green IT. With this move, it is claimed that Centreon becomes the only private and independent vendor to offer an end-to-end observability platform covering infrastructure, application, and real user experience monitoring.

By integrating Quanta’s technologies, Centreon enhances its offerings with advanced Digital Experience Monitoring (DEM) capabilities: Synthetic Transaction Monitoring (STM), Real User Monitoring (RUM), and Digital Sobriety metrics. This step enables organisations to monitor digital performance at every level—correlating data across infrastructure, applications, and end-user behaviour to anticipate performance bottlenecks or usage spikes.

In a landscape where digital performance and user experience directly influence business success, businesses require sharp, data-driven insights to guarantee optimal uptime and efficiency across critical and e-commerce platforms.

“Acquiring Quanta aligns perfectly with our vision for 360° visibility across the digital ecosystem. It empowers us to advance further by integrating IT and OT infrastructure monitoring with advanced web performance analytics and digital sobriety metrics at the core of our platform,” said Julien Mathis, CEO of Centreon.

A web performance specialist.
Founded in 2012, Quanta has become a key player in web and e-commerce performance monitoring and the reduction of digital carbon footprints. Its customer base includes leading brands such as Cultura, Le Monde, Reworld Media, and Orange, which rely on Quanta’s solutions to enhance performance with fast load times, smooth navigation, and a lower digital footprint.

“Joining Centreon elevates our technology and vision to a new level. From its inception, Quanta has been built on a fundamental belief: user experience is central to digital performance. With Centreon, it becomes a new standard for IT. Together, we’re delivering a complete, high-performance, and accessible solution to address the critical needs of IT and business leaders alike,” said Guillaume Thibaux and Romain Lamaison, co-founders of Quanta.

Real User Monitoring (RUM) capabilities.
As a Digital Experience Monitoring platform, Quanta enables the observation of actual user interactions as they access applications or websites. These RUM features are now integrated into Centreon’s platform. RUM captures real-time experience metrics, application by application, device by device. In contrast to synthetic tests, it measures performance in the real world.

For businesses, RUM thus becomes a vital tool for detecting hidden issues, prioritising resolutions, and aligning IT with business expectations. It also provides an objective assessment of the performance of third-party cloud or web service providers. In a hyper-digitalised environment, RUM is critical for ensuring a seamless, reliable, and continuous user experience. Monitoring is no longer confined to the datacenter—it follows the user.

Enabling Synthetic Transaction Monitoring (STM).
Quanta’s DEM platform also incorporates Synthetic Transaction Monitoring (STM) into Centreon’s capabilities. STM proactively simulates key user journeys—such as logging in, product searches, or checkout flows—to detect slowness or errors before they impact real users.

This allows 24/7 performance monitoring and validation of service availability at all points of presence. STM is a crucial incident-prevention and service-quality tool, particularly for e-commerce sites, business applications, and SaaS platforms. It empowers IT teams to detect, diagnose, and resolve issues before they affect end users.

Achieving cost-effective observability.
With Quanta’s integration, Centreon strengthens its mission: delivering a comprehensive observability platform that connects technical monitoring layers with user-perceived performance indicators. This integration of infrastructure, application, and user experience establishes a basis for more intelligent, proactive, and business-aligned IT.

In a rapidly evolving market, Centreon bolsters its position as a credible, independent European alternative committed to an observability approach that is open, cost-effective, and value-driven.

“Observability shouldn't be a privilege restricted to a select few. It must be accessible, actionable, and in line with business priorities. By merging the strengths of Centreon and Quanta, we’re delivering a platform that creates immediate value to customers of both companies—improve visibility, increased control, and ultimately, a better capacity to anticipate, diagnose, and enhance digital performance where it truly matters,” added Julien Mathis.

---

@CentreonFR @quanta_io #PAuto #IT #OT

Cybersecurity in Ireland.

Ireland and Northern Ireland are recognised individually as strong international locations for cybersecurity business. The opportunity now exists to leverage the individual strengths and work together to position the All-Island Cybersecurity Sector as an international leader. This all-Island collaboration will ensure greater cyber resilience and realise all-island growth opportunities.

Cyber|Ireland and NI Cyber, the island’s cybersecurity cluster organisations, have come together to realise the island’s cybersecurity sector potential. With support from InterTradeIreland’s Synergy Programme they commissioned a research project led by Perspective Economics to assess the current state and future potential of the all-island cybersecurity sector.

The All-IslandCyber Security Sector Research Report employed a comprehensive approach, including analysis of company data, web analysis, a survey of 76 cybersecurity businesses, and secondary data analysis. The report maps the size and scale of the all-island cyber security sector, including key metrics such as the number of companies, revenue, employment, and investment. It identifies the key cybersecurity providers serving the Irish and Northern Irish markets, as well as companies operating in both regions. It estimates the potential growth of the all-island cyber security sector based on current trends and future projections and identifies the barriers.

The report was supported by InterTradeIreland and delivered by Perspective Economics, finding that the all-island cyber sector is a leader in Europe with:
• 632 plus companies
• 10,600 professionals
• €3.2 billion (£2.9bn) in sector annual revenue & 13.4% annual sector growth
• €1.5 billion (£1.3bn) in Gross Value Added (GVA)

This report provides key findings and recommendations to support evidence-based decision-making and help shape strategies to support the growth and competitiveness of the sector, ultimately contributing to the economic development and improved cyber resilience of organisations across Ireland and Northern Ireland, and the organisations they serve globally.

Following the report launch, Cyber Ireland and NI Cyber have agreed a landmark Memorandum of Understanding (MoU) to align activities, deepen cross-border collaboration and unlock new opportunities.

---

@CyberIreland @NICyber @Inter_Trade @isaireland #Cybersecurity #Ireland

Cybersecurity partnership joined.

The Utilities Technology Council (UTC) has officially joined ISASecure®, the globally recognized certification program assuring the cybersecurity of industrial automation control systems by validating conformance to the ISA/IEC 62443 series of standards.

UTC is a global association focused on the intersection of telecommunications and utility infrastructure. Through advocacy, education and collaboration, it works to create a favorable business, regulatory and technological environment for organizations that own, manage or provide critical utility telecommunications systems. The new partnership between ISASecure and UTC reinforces their strong mutual commitment to safeguarding operational technology (OT) systems from cyber threats.

“It is an honor to welcome the Utilities Technology Council into the ISASecure program,” said ISASecure program manager Mark DeAngelo. “UTC recognizes that today’s critical infrastructure needs a comprehensive and rigorously validated cybersecurity strategy. We look forward to working with them as we advance our mission of industry collaboration, certification and standards-based product development to achieve an intrinsically secure world.”

Furthermore, through the partnership with UTC, ISASecure certificates will be recognized in the UTC ARMOR™ program to enhance awareness of vendors’ conformance to the ISA/IEC 62443 series of OT cybersecurity standards.

“The Utilities Technology Council is excited to join ISASecure in facilitating adoption of the ISA/IEC 62443 series of standards,” said Cordell Briggs, vice president of advocacy and cybersecurity at UTC. “Our partnership aligns with UTC’s strategic plan — key areas of focus include engagement with the utilities industry around security and critical infrastructure protection, as well as educating the industry on cybersecurity requirements and issues.”

UTC recently collaborated with the ISA Global Cybersecurity Alliance (ISAGCA), which advances cybersecurity awareness, education, readiness and knowledge sharing to underscore the broad applicability of the ISA/IEC 62443 series of standards. In 2024, UTC, Cumulys and ISAGCA prepared a report titled “North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and ISA/IEC 62443 Comparative Analysis.” 

UTC has also hosted webinars with ISAGCA to socialise the report’s findings.

---

@UTCNow @ISA_Automation @automation_com #Standards #PAuto #Cybersecurity

Innovation in cybersecurity.

The hardware-based security technology company Xiphera has been awarded the ECSO STARtup Award 2025, following the European finals held in The Hague (NL). Organized by the European Cyber Security Organisation (ECSO)*, the award recognized Xiphera’s hardware-based cryptographic solutions as the most outstanding innovation among the finalists.

This recognition highlights the growing importance of hardware-level cybersecurity in securing critical infrastructure such as energy, telecommunications, and other systems. The jury selected Xiphera after a day of finalist pitches and expert discussions.

“This is a great recognition for our entire team. It strengthens our belief that there is a real demand for the solutions we’re building—both in Europe and globally,” said CEO and Co-founder Matti Tommiska.

---

* ECSO is a non-profit organisation driving collaboration between public and private stakeholders in the European cybersecurity landscape. The STARtup Award showcases Europe’s most promising cybersecurity start-ups and provides them with visibility, access to investors, and opportunities for growth and international partnerships.

@xiphera @ecso_eu #PAuto #Europe

Collaboration bridges the IT/OT divide.

Enhancing predictive insights and real-time monitoring to boost asset performance and operational visibility .

ABB and Red Hat have announced an extended collaboration to develop automation systems for the future of industrial IT, enabling more secure and modular deployment of control applications for process industries. The collaboration builds on ABB’s automation leadership and Red Hat’s industry-leading enterprise open source platforms, combining industrial innovation and digital capabilities – including data analytics and artificial intelligence – to help pave the way towards autonomous operations.

Their process automation system architecture consists of two interconnected yet distinct environments: a robust and secure control environment that helps ensure stable, real-time management of critical processes, and a digital environment designed for flexible and scalable introduction of digital solutions.

Previously, ABB and Red Hat collaborated on the digital environment infrastructure for a more rapid scalable deployment of advanced analytics, artificial intelligence and cloud-based applications, without disrupting core control operations. Now, the two companies are expanding their collaboration to include the control environment, delivering enhanced operational consistency and stability to meet the most demanding security and process requirements.

Built on Red Hat platforms such as Red Hat Device Edge and Red Hat OpenShift this dual approach will allow customers to introduce innovations incrementally, protecting operational integrity and existing investments while maintaining high levels of cybersecurity. Additionally, Red Hat technologies provide a reliable and secure foundation for system lifecycle services within the process automation system.

“Ongoing industry collaboration is essential to shaping the future of automation. Together with Red Hat, we’re advancing modular, scalable solutions that align with global frameworks and deliver long-term value to customers across process industries,” said Stefan Basenach, Senior Vice President, Process Automation Technology, ABB. “The dual-layered architecture, built on open source platforms, creates a robust foundation for the industry to progress towards autonomous operations. We look forward to building on this momentum together as we continue to drive open, resilient and secure automation that supports industry both now and in the future.”

“This extended collaboration with ABB marks a significant milestone for the industry at large, as we empower manufacturers with the tools and solutions they need to transform to better meet the demands of today’s increasingly complex industrial landscape,” said Francis Chow, vice president and general manager, Red Hat In-Vehicle Operating System and Edge, Red Hat. “Red Hat platforms, including Red Hat Device Edge and Red Hat OpenShift, provide a durable and consistent foundation for process automation and industrial controls, helping to address the strict security and uptime requirements of industrial use cases. We look forward to continuing our work with ABB to deliver modern automation powered by open source technologies.”

Aligned with global industry standards and frameworks, ABB and Red Hat's collaboration supports secure adoption across multi-vendor environments, allowing customers to embrace digital transformation with greater confidence.

---

@ABBgroupnews @abb_automation @ABBMeasurement @RedHat #PAuto #AI

Effortless integration of AI and automation technologies.

To modernise and seamlessly integrate the industrial automation technology stack.

A new pioneering software-defined enterprise operations platform – dubbed Project Beyond – that will fundamentally change today’s approach to industrial automation has been announced by Emerson.

"Leading Automation into a New Era!"

Project Beyond will deliver the industry’s first software-defined, OT-ready digital platform that seamlessly integrates and optimises industrial operations. Leveraging innovations in software-defined control, data management, zero-trust cybersecurity and artificial intelligence (AI), Emerson’s new platform will help automation investments deliver value without adding complexity.

The speed of technology and industrial AI advancements, combined with increased computing power needs and the unprecedented volume and complexity of siloed data generated across industrial assets, requires a new, cost-efficient way for companies to leverage automation across the enterprise while protecting existing investments.

Emerson’s Project Beyond will tackle this challenge by creating a flexible, scalable and secure platform that connects today’s existing automation installed base with modern technologies to empower continuous, enterprise-wide visibility, optimisation and, eventually, autonomous operations. Project Beyond will also provide a consistent platform to deploy and manage new AI applications and models, along with contextualised data, to unlock unimagined flexibility, safety, sustainability and performance for essential industries such as energy, power, life sciences, chemical and mining.

“Companies are eager to modernise automation and keep pace with the promise of new technologies like AI without ripping and replacing their existing infrastructure or dealing with the pain and costs of integrating new applications and millions of fragmented data points,” said Ram Krishnan, chief operating officer at Emerson. “Project Beyond will use the power of software-defined control to introduce an entirely new, scalable, seamlessly integrated infrastructure with automated data contextualisation to turn trapped data into powerful operational efficiencies.”

Evolved from its industry-leading DeltaV™ distributed control system, AspenTech’s leading software portfolio and Boundless Automation^SM vision, Emerson’s new connected industrial technology platform will reduce the costly and complex technology integration required to move data across different operational technology (OT) systems and applications, helping customers deploy and scale new capabilities faster.

“By combining Emerson’s automation capabilities with AspenTech’s deep software expertise – from modelling and optimisation to machine learning and AI – we’re embedding artificial intelligence into our systems, turning information into insights that will help our customers along their journey toward optimised autonomous operations,” Krishnan said.

The building blocks of Project Beyond include:

• Modern Computing Environments: Project Beyond will unify the latest in on-premises edge computing with the power of the cloud to deliver unparalleled data analytics.
• Networking & Connectivity: Secure connectors, APIs and software interfaces that allow connectivity of existing OT systems, devices and legacy I/O to the platform as well as the ability to connect the platform to IT environments.
• DataOps: A powerful data fabric weaving together all OT assets, from devices to entire systems, turning contextualised data and codified knowledge into digital intelligence around operations.
• App Marketplace: A catalogue of state-of-the-art applications, curated for an organisation’s unique needs, collected in a single marketplace for easy access and deployment.
• AI Orchestration: An orchestration engine that will manage the deployment and lifecycle of AI agents enabling the future human/AI hybrid workforce.
• Zero-Trust Security Architecture: A security plane that secures every access, device, application, connection and data within the platform.

Designed as a data-centric platform, the enterprise operations platform enables a more flexible deployment of even more powerful mission-critical functionality, such as the new DeltaV IQ Controller. This software-defined controller will run on commercial, off-the-shelf servers, bringing increased scalability, flexibility, resiliency and extensibility to enterprise operations.

“Emerson has never been content to incrementally improve on current offerings, especially today with the tremendous opportunities around industrial AI,” said Krishnan. “Project Beyond is designed to make it easier and more cost-effective to access the data you need to unleash new AI applications and future-proof your industrial automation investments.”

---

@EmersonExchange @Emerson_News @EMR_Automation @HHC_Lewis #PAuto #AI

Cybersecurity conformance accreditation.

Full accreditation to certify products to ISA/IEC 62443 cybersecurity conformance.

The International Society of Automation (ISA) has announced that UL Solutions has received full accreditation from the International Accreditation Service (IAS) and ANSI National Accreditation Board (ANAB) to serve as an ISO/IEC 17065 accredited certification body for ISASecure®.

The ISASecure certification program certifies conformance to the ISA/IEC 62443 series of internationally adopted industrial security standards. UL Solutions is now accepting product submittals for ISASecure certification. UL Solutions contact details can be found here on the ISASecure website. 

ISASecure assesses automation and control products and systems to ensure they are robust against network attacks, free from known vulnerabilities and meet the security capabilities defined in the ISA/IEC 62443 standards. All ISASecure certifications are conducted by globally recognized ISO/IEC 17065 accredited certification bodies.

UL Solutions, a global leader in applied safety science, transforms safety, security and sustainability challenges into opportunities for customers in more than 100 countries. UL Solutions delivers testing, inspection and certification services, together with software products and advisory offerings, that support their customers’ product innovation and business growth.

“UL Solutions is honored to achieve ISASecure accreditation, a significant accomplishment that reflects our unwavering commitment to helping our customers achieve a strong cybersecurity posture and underscores our proactive approach to addressing the escalating risks within the cybersecurity landscape,” said Nicholas Alexiades in the UL Solutions Cybersecurity Center of Excellence group. “By obtaining ISASecure certification, a crucial prerequisite for key cybersecurity regulations, we are empowering our customers with the essential foundation to confidently navigate evolving threats and regulatory requirements.”

The ISASecure program — which currently has ISO/IEC 17065 accredited certification bodies in the U.S., Japan, Taiwan, Singapore, Italy, Germany and India — is rapidly expanding its global reach through additional agreements with certification bodies around the world.*

"We are pleased to have UL Solutions join the ISASecure program as an accredited ISASecure Certification Body. UL Solutions has a long and recognized history in the United States with global offices," said Dr. Mark P. DeAngelo, Program Manager of ISASecure.

---

* In the third quarter of 2025, ISASecure will release the ACSSA assessment scheme which evaluates asset owner's control systems to the ISA/IEC 62443-2-1, 2-4, 3-2 and 3-3 asset owner OT cybersecurity standards.

@ISA_Automation @UL_Solutions @automation_com #Standards #PAuto #Cybersecurity

Communication system security in avionics.

Thales has selected TrustInSoft Analyser to reinforce the cybersecurity and reliability of its future avionics and communication systems. As software complexity grows within safety- and mission-critical environments, ensuring the absence of memory vulnerabilities and runtime errors becomes paramount. By leveraging TrustInSoft’s code analysis technology, Thales is strengthening its software assurance processes to meet the highest standards of safety and cybersecurity compliance.

TrustInSoft Analyser provides mathematical guarantees of the absence of critical software defects—such as buffer overflows, uninitialised memory access, and integer overflows—through advanced formal methods. This capability helps organisations like Thales verify software robustness with full path and context sensitivity across all execution scenarios.

“Supporting an industry leader like Thales demonstrates the strategic value of mathematically verified software in high-assurance sectors such as aerospace and defence,” said Caroline Guillaume, CEO of TrustInSoft. “Our technology empowers engineering teams to achieve compliance and deliver software that is demonstrably safe, secure, and free from critical vulnerabilities.”

By integrating seamlessly into existing Agile and V-model workflows, TrustInSoft Analyser enables engineering teams to accelerate validation timelines, reduce the cost of error detection, and support certification efforts under DO-178C, DO-326A, and other rigorous regulatory standards.

---

@TrustInSoft @thalesgroup @NapierPR #Communications #Cybersecurity

OT data mobility out of the box.

Combines the power of edge computing with the flexibility of a cloud platform

DeltaV™ SaaS SCADA with Edge Connect has been announced by Emerson. This is a flexible, preconfigured edge solution engineered to deliver more seamless operational technology (OT) data mobility out of the box. Designed to connect existing field devices to the cloud-hosted DeltaV SaaS Supervisory Control and Data Acquisition (SCADA) system in minutes, the DeltaV SaaS SCADA with Edge Connect edge solution eliminates much of the traditional engineering work necessary to bring critical operational data into the control system for better visibility and safer, more flexible and reliable control.

Unlocks secure communication to all field devices using their native protocols.

“DeltaV SaaS SCADA with Edge Connect advances Emerson’s Boundless Automation vision of seamless data mobility from the intelligent field, through the edge, and into the cloud,” said Nina Golder, vice president of Emerson’s Guardian software and solutions business. “Designed with open protocols and preconfigured with the most advanced edge technology stack available, the DeltaV SaaS SCADA with Edge Connect edge solution empowers users to remotely monitor and configure their field assets, bringing visibility and operations online in minutes while still providing powerful capabilities to customise their experience.”

Built on Emerson’s PACEdge™ software for edge computing, the DeltaV SaaS SCADA with Edge Connect edge solution can communicate with all field devices – remote terminal units, flow computers, valves, sensors and more – in their native protocols using an Emerson-tested third-party polling engine that eliminates the need for additional conversion or adapters. PACEdge provides an IIoT application enablement platform designed to integrate information technology and OT domains without disrupting OT assets, architectures or systems.

All software necessary to connect and run the edge solution is preinstalled on the device, and additional applications can be added via a built-in marketplace. In addition, users can also build and add their own custom containerised applications with built-in Node-RED, a low-code programming platform for event-driven applications.

Built in alignment with International Society of Automation (ISA) 62443 standards and the European Union’s Cyber Resilience Act, the DeltaV SaaS SCADA with Edge Connect edge solution provides a secure platform for industrial operations. It also provides report by exception capabilities, allowing the device to automatically switch polling frequencies for increased communication when a new value is registered from a device in the field, helping teams maintain critical visibility without increasing bandwidth and communication costs. 

Data buffering features allow the DeltaV SaaS SCADA with Edge Connect edge solution to store data during communication outages and send it when communication is restored so no data is lost. Dynamic polling resolution automatically changes polling rates when events occur, helping ensure all critical data is delivered promptly.

---

• The DeltaV SaaS SCADA with Edge Connect edge solution will be on display at Emerson Exchange Americas 2025, being held May 19-22 in San Antonio (TX USA).

@EmersonExchange @Emerson_News @EMR_Automation @HHC_Lewis #PAuto #Cybersecurity

 

Best-in-Class Automation Events.

The International Society of Automation (ISA) has announced wins in multiple categories in the annual Eventeer Awards. The wins recognize two ISA events — the Automation Summit & Expo and the OT Cybersecurity Summit — and mark the third year in a row that Society events have been awarded.

The Eventeer Awards are presented by vFairs, a leading software provider for event management. The awards spotlight the public’s favorite events of the year for categories highlighting strengths in graphics, content, logistical construction, gaming and mobile app usage. The awards are then voted on publicly and announced after a voting period.

ISA events placed in the following categories:

• Best Summit — OT Cybersecurity Summit*
• Best Networking Event — OT Cybersecurity Summit
• Best In-Person Event — Automation Summit & Expo
• Best Mobile App Design — Automation Summit & Expo
• Best Event: North America — Automation Summit & Expo
• Runner-Up Best Conference— OT Cybersecurity Summit
• Runner-Up Best Tech Industry Event— OT Cybersecurity Summit
• Runner-Up Best Event: Europe Middle East and Africa (EMEA) — OT Cybersecurity Summit

Networking at the OT Cybersecurity Summit in London (June 2024)

“ISA is honoured to be recognized a third time for the high quality of our events,” said Claire Fallon, CEO and executive director of ISA. “These awards are an ongoing testament to attendees’ enthusiasm for our high-quality content, engaging experiences and productive networking opportunities. We look forward to delivering another compelling slate of ISA events in 2025¹. I am incredibly proud of the ISA team’s dedication to captivating our audience each year and driving continued growth for our events."

---

*See our report on the OT Cybersecurity Summit 2024 here.

¹ Registration is now open for:
• The OT Cybersecurity Summit, to be held 18-21 June in Brussels, and
• The Automation Summit & Expo, to be held 5-7 October in Lake Buena Vista, FL. 

@ISA_Automation @vfairs @ISA_EU @England_ISA #Cybersecurity #PAuto 

Next generation secure terminal servers.

Legacy serial devices made network-ready for deployment on Industrial IP-based Ethernet LANs .

The next generation of RS-232/422/485 secure terminal servers, the NPort 6100-G2/6200-G2 Series has been developed by Moxa. The servers are in accordance with the cybersecurity best practices of IEC 62443-4-1. Because of their IEC 62443 certification, the new terminal servers provide reliable defense against cyberthreats when used to connect legacy serial devices to modern Ethernet TCP/IP networks. Deploying these terminal servers not only eliminate the expense of replacing serial field devices, such as sensors, actuators, HMIs, data loggers, and PLCs, but also helps enterprises avoid the time-consuming build-out of complex security solutions.

Legacy serial communications present significant security challenges to ICS as the protocols were devised before modern cyber threats existed. To address this issue, Moxa NPort 6100-G2/6200-G2 terminal servers support the TLS and SSH protocols that securely encrypt data before sending it over private or public networks. Support of SSL certificate signing by RSA-4096 / ECC-521 also heightens security against modern decryption attempts, while Secure Boot permits only firmware authorized by Moxa to run on the servers.

Consistent with the trend for smaller systems and easier setup, Moxa NPort 6100-G2/6200-G2 secure terminal servers support side-mount installation as an option, alongside desktop, DIN-rail or wall mounting choices. Two-sided LEDs are visually accessible in a variety of installation scenarios. In addition, software-configurable pull high/low resistors and a terminator function eliminate the need to open the chassis to adjust the pull high/low resistors or terminators, making it convenient to install serial devices at field sites. The NPort 6100-G2/6200-G2 Series also comes with a one-click log collection function to enable logging of data, which can provide the information that a technical support team needs to quickly troubleshoot system issues.

Moxa is offering NPort 6100-G2/6200-G2 secure terminal servers in four models with a choice of one or two serial ports, up to 2TB SD card support, and operating temperatures of either -10 to 60°C or -40 to 75° C.

---

@Moxa_Europe  @OConnellPR #PAuto #Cybersecurity

Easy upgrade for 5G private networks.

Today's manufacturers rely on real-time system monitoring for uninterrupted operations. Standard practice is to deploy edge computers to gather and transmit data to distributed control systems via cables. As networks expand, however, operators of cable-based infrastructures face mounting challenges with installation, maintenance and flexibility, leading to higher costs. Additionally, data transmission can slow due to increased latency.

---

Free Moxa white paper

"Enabling Smart Manufacturing With Private 5G"

As a solution, manufacturers are shifting to 5G private wireless networks. These dedicated, self-contained mobile networks are owned and operated by the enterprise. Utilizing 5G technology, the networks offer high-speed, low latency connectivity. Being private, they also give the enterprise the flexibility to control network access and prioritize different applications.

Private 5G networks made easy.
Moxa has made upgrading to 5G private wireless networks easy with its UC-4400A computer. The UC-4400A is an Arm Cortex-A53 quad-core 64-bit computer that comes equipped with built-in LTE/5G and Wi-Fi 6E capabilities, offering an all-in-one solution combining data collection, processing, and wireless connectivity. It simplifies network infrastructure and enables hassle-free relocation or expansion of equipment without additional wiring. The UC-4400A reduces the complexity of legacy physical networks, improves scalability, and future-proofs industrial operations to meet evolving needs.

Enhanced cybersecurity.
Cyber attacks are always a concern for industrial networks. Moxa UC-4400A computers are embedded with robust security features compliant with IEC 62443-4-2 SL2, safeguarding against evolving security threats. The computers run on Moxa Industrial Linux 3 (MIL3), offering longterm support and security, and are compliant with SEMI E187 cybersecurity standards for semiconductor equipment.

---

@Moxa_Europe  @OConnellPR #PAuto #Cybersecurity

Voltage regulator achieves cybersecurity approval.

Classification society DNV has granted ABB UNITROL® 1000 excitation system Cyber Security Type Approval - becoming the first automatic voltage regulator to achieve it. This facilitates maritime operators in meeting the new IACS UR E26 requirements more efficiently and contribute to the security of their vessels against cyber threats.

In the maritime sector, ABB UNITROL 1000 excitation system is used for a variety of applications on synchronous machines ranging from 100 kVA to 80 MVA. To help ensure resilience in the face of potential cyber threats, UNITROL 1000 has been certified as of November 2024 for compliance with the DNV Cyber Security Profile 1 (IACS UR E27), which is based on industry standard IEC 62443-3-3 security level 1. DNV, also known as Det Norske Veritas, is headquartered in Norway and is the world’s leading classification society, as well as a recognised advisor to the maritime industry.*

The primary purpose of a synchronous generator on a vessel is to supply the necessary electrical power for various on-board systems, including lighting, machinery, navigation, communication and propulsion. The UNITROL 1000 excitation system ensures stable control of the synchronous generator voltage, providing rapid response to load changes and maintaining required voltage levels, even in harsh environments. This reliability makes it a crucial component for efficient and consistent power generation, and safety of the vessel.

DNV type approval speeds up ship specific certification.
UNITROL 1000 is the first automatic voltage regulator to comply with the IACS UR E27 requirements, which involves “Cyber Resilience of On-Board Systems and Equipment”. The new certification is especially relevant for the maritime sector, which is currently accelerating its digitalization with more connectivity to onboard equipment. Digitalization brings many benefits but, at the same time, it can expose vessels to new cyber threats.

To reduce cyber risk, it has been mandatory for all new ships contracted from 1 July 2024 to comply with IACS UR E26 for “Cyber Resilience of Ships”. Having assets certified according to IACS UR E27 for the on-board systems provides important support for vessel owners, designers and yards in achieving full compliance with IACS UR E26.

Werner Pretorius, UNITROL 1000 Global Product Manager at ABB Energy Industries, explains the situation. “The main purpose of these standards is to lower the risk of cyber security threats and reduce downtime in case of potential cyber-attacks. To ensure compliance with regulations, each vessel must undergo a system evaluation by the classification society. With a Cyber Security Type Approval certificate, ABB simplifies the certification process for their customers, allowing them to focus on configuration and installation rather than re-testing pre-approved security barriers."

In line with IMO safeguards.
With the DNV certification ABB mitigates the occurrence of, and downtime caused by, cyber incidents due to potential cyber-attacks. Moreover, DNV accreditation supports vessel operators, offshore operators and marine OEMs in demonstrating the resilience of their systems. This not only streamline the certification processes but also enhances overall cyber security awareness. Additionally, DNV recognition aligns well with the International Maritime Organization’s (IMO) resolution MSC.428(98), which focuses on safeguarding power and automation systems on board ships, as well as ensuring the confidentiality and integrity of data in remote connections.

Jarle Coll Blomhoff, DNV Head of Section for Digital Ship Systems, comments on the importance of gaining this security classification. “Adhering to IACS UR E27 and IEC62443 contributes to safer and more secure on-board systems and equipment, thus reducing the risk of power outages and other safety threats due to malicious attacks. We appreciate that ABB takes lead with ABB UNITROL 1000 system being the first of its kind to be DNV Cyber Secure compliant according to IACS UR E27 and supporting a more efficient certification process.”

---

* More about DNV Cyber Secure Class Notation.

@ABBgroupnews @ABBMeasurement @abb_automation  @admiralpr #Marine #Cybersecurity

Cybersecurity initiative commended.

An initiative by the US Cybersecurity and Infrastructure Security Agency (CISA) to identify and address key security practices for enhancing the quality and safety of software products, particularly across industries has been commended by TrustInSoft (TIS).

They cited a document recently published by the U.S. Department of Homeland Security on product security bad practices (docket CISA-2024-0028), in particular areas pertaining to memory-unsafe languages like C and C++ and offered constructive comments to help inform ongoing cybersecurity developments.

“While memory-related vulnerabilities indeed remain a major security concern, we would like to highlight the continued relevance of C and C++,” wrote Benjamin Monate, Chief Technical Officer, TrustInSoft (pictured right). “C and C++ languages have a vast repository of well-established libraries that are extensively used across numerous industries. Many organisations rely on these libraries to deliver robust functionality, and transitioning to a new programming language would demand significant cost and effort, especially for regulated sectors requiring specific certifications and compliance.”

He added that modern, next-generation sound and exhaustive static analysers such as TrustInSoft Analyser (TISA) support CISA's software security efforts by offering tools that mathematically prove the absence of memory-related vulnerabilities in software written in C and C++.

These tools are capable of scaling large codebases and offer comprehensive detection of undefined behaviours, including memory safety vulnerabilities. Such analysers have matured to a level where they can be incorporated at various stages of the software development lifecycle (SDLC) and can be invaluable for the vast number of organisations that rely on C and C++.

TISA differs from other tools on the market due to its ability to provide mathematical guarantees of software safety, which goes beyond the heuristic-based detection offered by traditional static or dynamic analysers. Recognised by the U.S. National Institute of Standards and Technology (NIST) for leveraging advanced formal methods, including abstract interpretation, TrustInSoft can mathematically guarantee analysed software is free of critical runtime errors and vulnerabilities.

In his comments, Monate went on to acknowledge that while memory-safe languages like Rust offer promising alternatives, their toolchains do not yet fully support the full range of embedded microcontrollers used across critical industries. For many organisations, C and C++ remain the most viable options, given the available and reliable toolchains compatible with diverse hardware platforms.

It was also suggested that the CISA provide further clarity around the definition of “product” scope, as outlined by the European Union in the Cyber Resilience Act, which would help organisations to ensure adherence with CISA guidelines.

In view of these considerations, Monate recommended additions to the CISA that could be included in the final CISA document.

He said, “When using memory-unsafe languages (e.g., C/C++) or unsafe features of a memory-safe language, it is advisable to employ sound and exhaustive static analysers that use formal verification techniques. These tools can ensure thorough coverage and identify memory-related bugs, enhancing the security of codebases.
“A dedicated security activity should be embedded within the SDLC, leveraging state-of-the-art tools (sound static analyser) and processes during development, testing, and maintenance phases. This aligns with the Shift Left paradigm, which advocates for early integration of security measures.
“Continuous Integration/Continuous Deployment (CI/CD) pipelines should incorporate security checks as part of automated workflows, ensuring regular and consistent assessments.
“And for high-criticality products or sensitive libraries - based on threat models - organisations should conduct third-party security assessments before product release. Depending on product criticality, such assessments could range from detailed bug reporting by sound and exhaustive static analysers to physical testing, e.g., penetration testing and security certifications by accredited security labs.”

---

@TrustInSoft @CISAgov @CRAConference #PAuto #IoT #Cybersecurity

Certified for secure product development.

Endress+Hauser has received the ISA/IEC 62443-4-1 certification for the secure development of products, thus laying a further building block for compliance with the European Cyber Resilience Act.

Product security managers of the Endress+Hauser product centres (LtoR Manfred Niederer, Karsten Traub, Dr Claudia Nowak, Mirko Brcic, Simon Merklin and Sushil Siddesh all of whom played a key role in achieving ISA/IEC 62443-4-1 certification. 

TÜV Rheinland, the German Technical Inspection Association in the Rhineland (D) has certified the secure product development process at Endress+Hauser in accordance with the ISA/IEC 62443-4-1 security standard, maturity level 3. Five product centers have received the certification and thus meet the requirements for the life cycle of the products.

The Council of the European Union passed the Cyber Resilience Act (CRA) in October 2024*. This stipulates that products must demonstrate a high level of cybersecurity throughout their entire life cycle. Appropriate measures and methods must be implemented as early as the product development stage. Endress+Hauser follows this “Security by Design” approach to provide customers with the best possible support in protecting their systems.

“We are particularly proud of this certificate as it recognizes our many years of effort to achieve the highest level of security in our product centers. This level of structured approach across many different development sites shows the importance Endress+Hauser places on cybersecurity,” says Mirko Brcic, Product Security Officer at Endress+Hauser.

One visible result of the cybersecurity measures is the development of secure access to Endress+Hauser measuring devices via Bluetooth. Even the internet standardization body IETF now recommends the CPace protocol used in the Endress+Hauser SmartBlue app for password-protected access.

Standard affects various aspects.
In principle, a company that aligns its processes with IEC 62443-4-1 must prove that cybersecurity is incorporated throughout the entire life cycle of a product. As part of the group certification, the certifying body checks the following aspects, among others:

• Risk and threat analyses
• Security by design
• Security testing
• Vulnerability management
• Customer security manual

“With the IEC 62443-4-1 certification, we have jointly laid the foundation for supplying secure products in the future and being prepared for regulations such as the CRA,” says Mr Brcic. Five of the Group’s competence centers were certified: Endress+Hauser Flow, Endress+Hauser Level+Pressure, Endress+Hauser Liquid Analysis, Endress+Hauser Temperature+System Products, and Endress+Hauser Digital Solutions.

---

* Cyber resilience act: Council adopts new law on security requirements for digital products

@Endress_Hauser @Endress_IN @Endress_UK @Endress_US @TUVRheinlandNA #PAuto #Cybersecurity

#CINC24 Cyber conference report.

The biggest ever Cyber Ireland National Conference with over 450 attendees, was held in Kilkenny (IRL) in Septermber 2024.

It featured distinguished international keynote speakers:

🌍 Seán Doyle from the World Economic Forum shared insights into WEF's cybersecurity initiatives and moderated a panel discussion on the crucial role of public-private partnerships in enhancing cybersecurity.

🧠 Prof. Mary Aiken, a leading expert in cyberpsychology, explored the human impact of technology, the emerging global Safety Tech market, and how enterprises can leverage offensive cyberpsychology strategies to defend against threats.

🇪🇺The conference also hosted the European Cyber Security Organisation (ECSO) Cyber Solutions Day, where CalQRisk and CyberDesk emerged victorious in the pitch competition, advancing to the European CISO Award Final. Gerard Joyce & Dr. Tobias Lieberum.

The "Cyber Security Sector Snapshot 2024" report was published, providing a comprehensive update on the baseline data from 2022 regarding the size, operations, and economic contributions of the cybersecurity sector in Ireland.

Brian Honan is Cyber Ireland's new chairperson. He emphasized that the strength of their Cyber Meitheal (collaboration) is its greatest asset He succeeds outgoing chair Pat Larkin, who has led Cyber Ireland since 2022.

---

@CyberIreland @IrelandISA @ISA_EU #PAuto #Cybersecurity #CINC24 #Ireland