aeSolutions™ announces the launch of their Industrial Cybersecurity line of business to help clients protect their control systems from both intentional and unintentional cyber-initiated events. aeSolutions has been providing these services for many years, and the creation of this new division is a response to increased market demand.
Companies recognize a strong relationship between safety and cybersecurity, and value partners who can provide a holistic approach to help them address these issues. Incorporating Cybersecurity Lifecycle services into the aeSolutions service portfolio will solidify the depth and breadth of aeSolutions services and increase the value of their partnerships with their clients.
New Team Member
aeSolutions hired John Cusimano CFSE, CISSP, as Director of Industrial Cybersecurity to formally launch and manage this new line of business. Cusimano brings considerable experience and a strong reputation in this emerging field, allowing aeSolutions to rapidly expand and enhance their cybersecurity solutions.
Cusimano is an industrial control systems cybersecurity and functional safety expert with more than twenty years of experience. He has performed numerous control system cybersecurity vulnerability and cyber risk assessments in the Oil & Gas, Chemical, Water/Wastewater, and Power industries per ISA/IEC 62443 and NERC CIP standards. He has also overseen and participated in the security testing and certification of several control and safety systems per the ISASecure™ and Achilles™ security certification programs.
A leader in the development of ICS cybersecurity standards and best practices, Cusimano is Chairman of ISA 99 WG4 TG2 Zones & Conduits committee and co-chair of ISA 99 WG4 TG6 Product Development committee. He was instrumental in the development of the ISASecure certification scheme and was recently appointed as US Expert to the IEC TC65 WG10 committee. He is also the lead course developer and instructor for the ISA IC32 training course, “Using the ANSI / ISA 62443 Standards to Secure Your Industrial Control System.”
“We are not new to industrial cybersecurity, but with the addition of John and others to our team, we increase our ability to serve our clients’ cybersecurity needs throughout the entire process safety lifecycle,” notes Brian Merriman, CEO, aeSolutions. “Our customers have been asking for our help in identifying and quantifying their cyber risk, in implementing countermeasures to reduce that risk, and in developing and institutionalizing policies and procedures that will encourage a cybersecurity culture. With this new line of business, we will be able to address those needs at this critical time in industry.”
New Industrial Cybersecurity Service Offerings
Much like process safety, there is a defined lifecycle model for Industrial Cybersecurity. aeSolutions now provides the following cybersecurity services in each phase of the process safety lifecycle.
Assess & Define Phase — Cybersecurity vulnerability assessments, cybersecurity risk assessments, network architecture diagrams, zone & conduit modeling, cybersecurity requirements specification development, cost/benefit analysis, strategy development
Design, Implement, & Construct Phase — System network architecture design, access control and remote access design, system hardening, cybersecurity test plan development and acceptance testing, firewall design and commissioning
Operate & Maintain Phase — Intrusion Detection Design/Implementation, Patch management, vulnerability management, change management, backup/restore, cybersecurity audits, and training
Filed Under: ALL INDUSTRIES, Factory automation, Cybersecurity