PAS Adds Cybersecurity Business Unit

May 17, 2015
The company-- rooted in process control system configuration management-- is leveraging its unique ability to identify changes at the engineering core to thwart malicious industrial control system attacks.

Recognizing the need for a bulletproof security framework for industrial control systems, PAS Inc., a provider of asset and configuration management for distributed control systems (DCS), has formed a new Cyber Security Business Unit focused on providing products and services to protect the core configuration of the control system.

In addition to the announcement of a new division, PAS rolled out the latest version of its Cyber Integrity security software which adds more in-depth risk profile management and compliance reporting.

While PAS has offered a cybersecurity offering for many years, the increasing threats on industrial control systems (ICS)—which experienced a sixfold surge from 2010 to 2014, PAS officials say—and the growing sophistication of the attacks, prompted the company to take a more formal approach to the problem. According to David Zahn, chief marketing officer at PAS and general manager for the new business unit, attacks are playing out in a multilevel manner. First, the hackers gather information on the control system and then they exert control.

Most continuous process companies are investing heavily in security systems, Zahn says. “Even with oil and gas prices down we are seeing that the budgets around cybersecurity remain intact.” In fact, PAS estimates the current ICS cybersecurity market to be about $2.8 billion worldwide.

The problem, however, has been where the investments have been made to date, Zahn says. There’s a lot of investment at the perimeter in the form of firewalls, intrusion prevention, and anti-malware scanning. And, there is some anti-malware protection at the middle layer for the HMI and local area network. But there is no protection at the programming level of the automation systems including the controller and instrumented bus network.

The reason being is that you can’t protect what you don’t know. “We’ve been doing configuration management for a long time, and inventory is always the first step,” says Zahn, pointing out that PAS can identify changes at the control system layer, including hardware, software, I/O, ports, and services.

While other DCS vendors may offer their own cybersecurity product, they are focused on the Windows side, not the proprietary protocols on the backend, says PAS CEO Eddie Habibi. “The difference between what we do and what everyone else does is that we go deep into the proprietary configuration of those systems for configuration management and overall cyber-attack protection,” he says. For example, that proprietary layer is the programming that tells the system how to read sensor data and process it. “And this is exactly where a hacker would go to create a disturbance and break down systems."

PAS has always had the ability to manage these core configuration layers with its Integrity Software Suite, but was prompted to develop the security layer when asked by a customer to create workflow processes for cybersecurity.

The latest version of Cyber Integrity enables industrial companies to gather and maintain an accurate inventory of cyber assets; establish a cybersecurity configuration management policy; manage change by monitoring for unauthorized updates to cyber asset configurations; and, implement a program for system backup and recovery.

“If something bad happens that couldn’t be prevented you need the last line of defense, which is good backup of information so that you are able to recover,” Zahn says. “That is an essential part of what we offer and is included in our best practices.”

In addition, not every asset has the same risk profile, so the latest version of Cyber Integrity provides the user with the ability to categorize assets and assign risk levels, including response controls. Despite the difference in assets, users can see everything from a single view. And, the company has added additional compliance reporting to meet new critical infrastructure protection (CIP) standards.

The cyber security division is expected to contribute new revenue opportunities for PAS, which experienced a 27% increase in revenue last year. “We’ve had good steady growth,” Habibi says, “but we will be on a hyper growth path over the next three-to-five years. We expect to quadruple revenue by 2020.”

About the Author

Stephanie Neil | Editor-in-Chief, OEM Magazine

Stephanie Neil has been reporting on business and technology for over 25 years and was named Editor-in-Chief of OEM magazine in 2018. She began her journalism career as a beat reporter for eWeek, a technology newspaper, later joining Managing Automation, a monthly B2B manufacturing magazine, as senior editor. During that time, Neil was also a correspondent for The Boston Globe, covering local news. She joined PMMI Media Group in 2015 as a senior editor for Automation World and continues to write for both AW and OEM, covering manufacturing news, technology trends, and workforce issues.

Companies in this Article

Sponsored Recommendations

Why Go Beyond Traditional HMI/SCADA

Traditional HMI/SCADAs are being reinvented with today's growing dependence on mobile technology. Discover how AVEVA is implementing this software into your everyday devices to...

4 Reasons to move to a subscription model for your HMI/SCADA

Software-as-a-service (SaaS) gives you the technical and financial ability to respond to the changing market and provides efficient control across your entire enterprise—not just...

Is your HMI stuck in the stone age?

What happens when you adopt modern HMI solutions? Learn more about the future of operations control with these six modern HMI must-haves to help you turbocharge operator efficiency...

AVEVA™ System Platform: Smarter, Faster Operations for Enhanced Industrial Performance

AVEVA System Platform (formerly Wonderware) delivers a responsive, modern operations visualization framework designed to enhance performance across all devices with context-aware...