Cimation’s Austin Scott Wins SANS 2015 Difference Makers Award

After a very ‘rewarding’ fall in which Cimation received numerous awards and recognitions for its work in automation, systems integration, and cyber security, the wins just keep on coming. Yesterday, the SANS Institute1 announced the winners of its 2015 Difference Makers Award, an annual award that (according to the official press release) “celebrates those individuals whose innovation, skill and effort have driven real advances in information security.” Among this year’s list of 11 recipients was Cimation’s own Austin Scott, former founder and CEO of Calgary’s Synergist SCADA and current leader in our well-established ICS cyber security practice. He is currently working as a Cimation representative on the Shell PCD IT Security program, a global program to standardize cybersecurity technology and processes across the company’s international assets.

Read More

The Benefits of Application Whitelisting for Industrial Environments

In recent years, advances in technology have allowed companies throughout the energy industry to significantly enhance the automation, monitoring, and control of their operations. This digital shift was marked by the introduction of the Industrial Internet of Things (IIoT)  into process control environments, where connected devices revolutionized the way operators and enterprise personnel interact with and analyze Industrial Control Systems (ICS). These increased capabilities of IIoT-enabled devices and their further integration with the enterprise network have provided operators with a wide range of benefits across the entire value chain. However, they have also come with an important trade-off that shouldn’t be taken lightly: increased exposure to vulnerabilities.

In light of this digital shift, endpoint security for ICS, whether in the form of firewalls, host intrusion prevention systems (HIPS), patch management, or any of the myriad of technologies designed to keep endpoints secure, has become increasingly important. Application whitelisting (AWL) is another, specific form of endpoint security that’s proved to be a safe and reliable option for a wide range of production environments. As both the volume and variety of malware threats continue to increase, the advantages it can provide over other endpoint security measures are becoming more and more evident.

Read More

Key Takeaways from KPMG and Cimation Calgary’s ICS Security Presentation

Recently, KPMG and Cimation met with about thirty members of the Calgary business community to discuss industrial control system (ICS) security. Over breakfast and a brief presentation, we discussed the challenges organizations are facing as they try to develop, implement, and actively demonstrate the return on their cyber security strategies. Often these conversations focus on intentional cyber incidents; however, our conversation was dominated by a number of comments related to accidental infractions, which could be mitigated as well through increased governance and improved processes.

Read More

Abnormal Situation Management (ASM) Basics for High Performance Human Machine Interfaces (HMIs)

Sometimes, things just don’t work the way that they should. This is especially true in the chemical and petrochemical refining industries, where processes, often consisting of hundreds and sometimes even thousands of pieces of equipment and control systems, have to work in sync to achieve a very specific outcome. When one of these systems or pieces of equipment goes awry, the process enters what’s known as an “abnormal situation” – which as defined by the Abnormal Situation Management Consortium as “a disturbance or series of disturbances in a process that cause plant operations to deviate from their normal operating state.”

Though in some instances, the impact that an abnormal situation can have on a process is minimal, the dynamic nature of process control environments means that even the smallest of problems can potentially evolve into something catastrophic. In any case, regardless of its severity, an abnormal situation often results in more downtime, less productivity, and most importantly, reduced safety. But by using HMI graphics that embrace the ASM standards, operators can reduce the costly impacts associated with abormal situations through clear and decisive action. 

Read More

Cimation Rakes in the Rankings this Fall

As any organization will tell you, the last twelve months have been a rollercoaster as oil and gas prices dropped, rebounded slightly, and dropped again. With companies struggling to maintain their revenue amidst a slew of corporate layoffs extending from the largest operators to the smallest service providers, it’s been a tumultuous twelve months for all of us. Which is why celebrating the wins (both big and small) is so important.

This month, Cimation racked up a number of company accolades thanks to our continued success providing consulting, engineering and system integration services for energy companies throughout Houston and around the world. 

Read More

The Importance of Meter Proving for Measurement Accuracy and Reliability

When it comes to custody transfer, flow meters are the cash registers used to verify every business transaction. Because of this, measurement accuracy and reliability are of the utmost importance. Regardless of product type or price, inaccurate and/or inconsistent measurement of volume transfer – even by the smallest of margins – can result in lost profits, reduced safety, and costly issues with regulatory compliance.

Take for instance a gathering station that’s designed to pump 20,000 gallons per minute. If the measured volume of product passing through the facility is off by just 0.05%, it can translate into a loss (or gain depending on if the measurement is under or over) of more than 340 barrels per day. At $50 per barrel, that’s $119,000 per week and over $6 million per year, assuming no action is taken to correct the problem.

Given its impact on the bottom line, it’s no wonder that companies have taken more proactive steps to ensure the accuracy and reliability of their measurement instrumentation. 

Read More

5 Ways to Improve Personal Security during Cyber Security Awareness Month

October is Cyber Security Awareness Month in both the United States and Canada. In preparation for Cyber Security Awareness Month, we will be looking at why and how five fairly simple tactics can help improve your personal cyber security posture against the threats faced in 2015. Cimation is highly focused on Industrial Automation and Control System (IACS) Cyber Security (ICS Cyber Security) and critical infrastructure Cyber Security. However, we recognize that people are the weakest link any Cyber Security paradigm. Educating your workforce, encouraging them to be cyber aware, and ensuring that they employ cyber secure practices in their day-to-day activities is an important part of reducing cyber risk.

Read More

How to Establish a Sustainable Life Cycle Measurement Program

Flow measurement is critically important to the energy industry. The process of accurately measuring the flow of produced oil and gas products – whether they are liquid hydrocarbons or gas – is of fundamental importance to all oil and gas companies, upstream midstream, and downstream alike. After all, it is by measuring and recording product volumes and analyzing samples for quality that companies determine their selling prices and ultimately make money. No matter the market price of oil, companies cannot monetize their products without first quantifying them.

A comprehensive Measurement Program is designed to optimize a company’s investments over the life cycle of their asset rather than only when things go wrong. Many times, organizations aren’t even aware that there is an issue until an ugly problem rears its head, and often these issues could have been avoided through regular system calibration and maintenance checks.  A Life Cycle Measurement Programs is also designed to maintain existing infrastructure over the entire life cycle of the asset, reducing unexpected and costly system issues, decreasing the risk for unscheduled downtime, and ensuring accurate measurement to protect revenue and guard against accidental losses. 

Read More

The Pros and Cons of Modbus

Since its introduction in the late-1970s, Modbus has been the most widely used network protocol in the world. Commonly deployed in industrial settings, the Modbus messaging structure uses a basic master-slave concept to connect devices, sensors, and instruments with programmable logic controllers (PLCs), Remote Terminal Units (RTUs), or other controllers. The master has full communication on the bus, recording output and reading inputs from its slaves, which only respond when spoken to.

As is the case with any communications protocol, Modbus has distinct advantages and disadvantages that make it more or less suitable for use in specific applications. Because operators today have a wide range of protocol options to choose from (EtherNet/IP, PROFIBUS, ControlNet, etc.), understanding the strengths and weaknesses of each option is critical to making the proper selection.
Read More

Shell Selects Cimation for Global Cybersecurity Program Roll-Out

Houston, TX – [For Immediate Release]

Cimation has been selected by Shell as a key provider of industrial cybersecurity consulting, network engineering, endpoint remediation, and system hardening for the Shell Process Control Domain (PCD) IT Security Program, a global program to standardize cybersecurity technology and processes across the company’s global assets.

Cimation, an operations consulting company focused on industrial control system (ICS) security, will assist in the planning, deployment, and commissioning of the multi-year program in collaboration with other Shell suppliers.  Currently, Cimation’s industrial control system cybersecurity experts hold key delivery and technical roles on the Shell PCD IT Security Program team.

Read More