Industrial safety and cyber security are increasingly being considered together these days. And exida (www.exida.com), a Sellersville, Pa.-based safety certification and services firm, appears to be moving quickly to position itself for the trend. In a pair of back-to-back announcements last month, the company said it is picking up new cyber security capabilities and expertise to augment its safety business.
The most recent announcement came on March 31, when exida unveiled its acquisition of Byres Research Inc., a Lantzville, British Columbia, Canada-based provider of critical infrastructure cyber security services. The deal forms what exida calls “the world’s first company offering functional safety and security certification and consultation.”
Byres Research will operate as a wholly owned subsidiary of exida, with Chief Technology Officer Eric Byres and other Byres staff providing cyber security expertise to exida’s global staff of about 60 consultants, who are already involved in safety services and certification, says John Cusimano, exida director of security services. exida is keeping the Byres Research name, adds Cusimano, “to make sure that people understand that Eric has not left the organization, and that the expertise of Eric and the rest of the Byres Research team stays with the acquisition.”
Eric Byres, a former researcher at the British Columbia Institute of Technology (BCIT), is well known in industrial cyber security circles. In addition to his new job with exida, Byres will maintain his association with Byres Security Inc. (www.byressecurity.com), a separate company that sells cyber security products based on intellectual property acquired from BCIT. Byres Security was not part of the exida acquisition.
Word of the exida/Byres Research deal came on the heels of another announcement just two weeks earlier, when exida unveiled a partnership with Wurldtech Security Technologies Inc. (www.wurldtech.com), a cyber security testing and certification firm based in Vancouver, British Columbia, Canada. Under terms of that agreement, exida is licensing Wurldtech’s Achilles cyber security certification program, and plans to add cyber security certification to its safety certification capabilities. Wurldtech, likewise, will add safety certification to its services list.
While exida’s Byres Research acquisition and its partnership with Wurldtech have similar goals, they differ in their market focus, says Cusimano. The arrangement with Wurldtech will enable exida to provide product certification services in both safety and cyber security to automation vendors, while the exida deal is aimed at providing consulting services in both disciplines to end-users, such as oil and gas, and chemical companies, as well as energy generation facilities, Cusimano explains.
Under one roof
The concept is ringing bells with end-users such as Eric Cosman, engineering solutions consultant at The Dow Chemical Co., in Midland, Mich., who also serves as co-chair for the International Society for Automation’s ISA99 Committee on Control System Security. “The philosophy of Secure by Design is broadening to Safe and Secure by Design,” said Cosman in quote from the press release announcing exida’s Byres Research acquisition. “Rather than putting Band-Aids on systems after the fact, the trend now is to design security and safety in at the beginning. This announcement makes perfect sense because it brings safety and IT security together under one roof.”
Eric Byres agrees. “Safety and security are two sides of the same coin,” he contends, and can share many of the same kinds of approaches. A concept known as “minimum time to compromise” that Byres uses in his cyber security practice, for example, was developed by borrowing ideas from the concept of mean time to failure used by safety engineers, he points out.
While industrial safety is now a mature discipline with well-established processes and procedures, cyber security is still in its early stages of development, and can benefit greatly through the adoption of safety rigors and processes, Byres believes. “There is much to learn from safety engineering on how to provide sound security analysis and services,” Byres says. “It is a perfect synergy—a mature market joining with an evolving market to get the best from both worlds.”
Byres Security Inc.
Wurldtech Security Technologies Inc.