It appears to be a big few days for Wurldtech. Yesterday, HIMA declared itself the 13th vendor to standardize on the Achilles platform for security testing during and throughout the product development lifecycle. Today it is Invensys.
Here's the entire text of the release:
The Achilles Industrial Cyber Security Certification Program Goes Mainstream
Wurldtech Announces 14th Certified Control System & Program Expansion To Address Emerging Cyber Security Challenges Faced By Critical Infrastructure Industries
Vancouver, BC, Canada, Wednesday July 15, 2009 -Wurldtech Security Technologies, provider of the award-winning Achilles Platform and other cyber security testing and certification solutions for critical infrastructure industries, today announced the 14th Achilles-certified control system, this time from Invensys Operations Management - the I/A FCP 270. The FCP 270 is the third system from Invensys to meet the Level 1 criteria and joins a long series of certified products that have made the Achilles Certified designation the standard for cyber security certification in industrial automation.
"Invensys has standardized our cyber security robustness testing and certification efforts around Wurldtech's Achilles Satellite technology and their associated certification program” said Ernie Rakaczky, Principal Security Architect for Invensys Operations Management. "By integrating the testing platform into the development lifecycle of our various Triconex and Foxboro critical control solutions, we are able to validate product robustness from design through deployment and get new versions certified and to market quickly"
"Invensys Operations Management is an excellent example of a vendor doing it right and we congratulate them on their latest certification." said Tyler Williams, President of Wurldtech Security Technologies. "By adopting proactive security and robustness testing into their product development culture, end-users can have confidence that Invensys Operations Management products will improve the reliability of their critical control and process automation operations."
From Product To Practices: The Future Of Cyber Security Certification For Critical Infrastructure Industries
In the past two months, Wurldtech has made some exciting new announcements regarding their Achilles industrial cyber security certification program with new criteria for devices like smart meters and industrial connectivity applications such as OPC, and an expansion beyond the traditional product robustness certification into vendor development, site acceptance testing and on-going security audit best practices.
"The goal of our certification program is to facilitate what we call functional security," says Dr. Nate Kube, CTO. "An end-to-end solution that validates security from products to practices"
Since the program was announced in the fall of 2007, Wurldtech has now certified fourteen process control and safety systems from the likes of major suppliers like ABB, Honeywell, Emerson, Hima and Invensys, making it arguably one of the most successful cyber security efforts in the industrial automation industry.
"We are extremely pleased with the program’s success to date, but in my opinion, it's not good enough. The only way we can start to see widespread adoption across multiple sectors, in different countries, and in the absence of a clearly defined international standard is to align the stakeholder community and entire ecosystem," says Williams. “This is not an easy feat, but if operators continue to insist on certified products, vendors recognize the value of building security into their products, and government agencies focus on coordinating information between sectors to accelerate adoption, we will make a huge improvement in a short period of time.
It is clear that operators are getting the message and are lining up behind Wurldtech’s initiative. Major global energy giants such as Shell, BP and Total have required Achilles certificates for their critical process control and safety systems since 2008, and today more and more end-users in all sectors are choosing to work only with vendors that have clearly demonstrated a commitment to improving product resilience by investing in cyber security certification.
"Shell has worked closely with Wurldtech to expand the Achilles certification program and will continue to subject our suppliers to the program criteria as it evolves," says Ted Angevaare, Shell Global Solutions' global manager of process control security and architecture. "Operators in all sectors and in all countries must continue to drive improvements themselves by insisting that their suppliers get their products tested and certified. If we choose not to embrace the means available to us to help protect our critical systems, then we can’t blame anyone else but ourselves when our plants go down from cyber issues."
Key officials are also getting behind the effort in an attempt to make the allocation of tax-payer dollars on security efforts more efficient and effective.
"Government and industry should be embracing and supporting private sector practices that have been developed, accepted and implemented by industry." says Greg Garcia, former Assistant Secretary for Cyber Security from the U.S. Department of Homeland Security. There's no more time to waste reworking it and making the perfect the enemy of the effective."