Security CERT Global
- CISA and ENISA enhance their Cooperation
- VU#811862: Image files in UEFI can be abused to modify boot behavior
- CISA Releases Joint Guide for Software Manufacturers: The Case for Memory Safe Roadmaps
- CERTFR-2023-AVI-0998 : Multiples vulnérabilités dans Google Chrome (06 décembre 2023)
- CERTFR-2023-AVI-0997 : Vulnérabilité dans SolarWinds Serv-U (06 décembre 2023)
- CERTFR-2023-AVI-1000 : Multiples vulnérabilités dans Progress MOVEit Transfer (06 décembre 2023)
- CERTFR-2023-AVI-1001 : Vulnérabilité dans Atlassian Confluence (06 décembre 2023)
- CERTFR-2023-AVI-0999 : Vulnérabilité dans ElasticSearch pour Hadoop (06 décembre 2023)
- Kritisk RCE-sårbarhet i Confluence-produkter
- Warfare and Geopolitics are Fuelling Denial-of-Service Attacks
- Oracle Security Update
- SUSE Security Update
- Lenovo Security Update
- Red Hat Security Update
- Mageia Security Update
- Chrome Security Update
- MediaTek Security Update
- Ubuntu Security Update
- IBM Security Update
- Dell Security Update
- Android Security Update
- JVN: Zebra Technologies製ZTCプリンターにおける代替パスまたはチャネルを使用した認証回避の脆弱性
- JVN: 複数のCODESYS Control製品におけるOSコマンドインジェクションの脆弱性
- JVN: FXC製無線LANルータ「AE1021PE」および「AE1021」におけるOSコマンドインジェクションの脆弱性
- お知らせ:制御システムセキュリティカンファレンス 2024参加登録開始
- FXC wireless LAN routers "AE1021PE" and "AE1021" vulnerable to OS command injection
- ESB-2023.7260 - [RedHat] OpenShift Container Platform 4.14.5: CVSS (Max): 7.5
- ESB-2023.7265 - [Ubuntu] Linux kernel: CVSS (Max): 8.8
- ESB-2023.7261 - [Appliance] Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d: CVSS (Max): 5.4
- ESB-2023.7257 - [Ubuntu] Redis: CVSS (Max): 8.8
- ESB-2023.7263 - [RedHat] postgresql:12: CVSS (Max): 8.8
- ESB-2023.7258 - [Ubuntu] HAProxy: CVSS (Max): 7.5
- ESB-2023.7264 - [Cisco] Cisco Systems: CVSS (Max): 4.1
- ESB-2023.7259 - [RedHat] Service Registry: CVSS (Max): 8.1
- ESB-2023.7266 - [Ubuntu] Linux kernel (OEM): CVSS (Max): 7.0
- ESB-2023.7262 - [Win][UNIX/Linux] Google Chrome: CVSS (Max): None
- Weekly Report: 複数のApple製品に脆弱性
- Weekly Report: JPCERT/CCが「ICS脆弱性分析レポート - 2023年度上期 -」を公開
- Weekly Report: Apache Tomcatにリクエストスマグリングの脆弱性
- Weekly Report: Ruckus Access Pointにクロスサイトスクリプティングの脆弱性
- Weekly Report: Google Chromeに複数の脆弱性
- CISA Adds Four Known Exploited Vulnerabilities to Catalog
- Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d
- CISA Releases Two Industrial Control Systems Advisories
- CERTFR-2023-AVI-0994 : Multiples vulnérabilités dans SonicWall SMA (05 décembre 2023)
- CERTFR-2023-AVI-0996 : Vulnérabilité dans TheGreenBow VPN Client (05 décembre 2023)
- CERTFR-2023-AVI-0995 : Multiples vulnérabilités dans Google Android (05 décembre 2023)
- CISA Releases Advisory on Threat Actors Exploiting CVE-2023-26360 Vulnerability in Adobe ColdFusion
- Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers
- お知らせ:JPCERT/CC Eyes「サイバー攻撃被害に係る情報の意図しない開示がもたらす情報共有活動への影響について」
SEC Automation: Choosing the Right Systems Integrator for your Automation Project
Choosing the Right Systems Integrator for your Automation Project – Industrial Control Systems: SCADA – Systems Integrators
Many automation system projects run into problems in the late phases of an overall project schedule, where “unforeseen revelations” disrupt the careful planning of the various disciplines. Project Stakeholders must consider and take the systems integration efforts and scope into the overall project plan early in the process and categorize it as a major project item.
Key to select and evaluate your system integrators.
- Registered Professional Engineering Firm
- Registered Professional Engineers
Affiliation with:
- International Standards Association (ISA)
- American Society of Mechanical Engineers (ASME)
- Institute for Electronic and Electrical Engineers (IEEE)
- Control System Integration Association (CSIA)
- National Fire Protection Association (NFPA)
- American Society of Heating, Refrigeration, and Air-conditioning Engineers (ASHRAE)
- American Society of Plumbing Engineers (ASPE)
- Institute of Validation Technology (IVT)
- Project Management Institute (PMI)
- National Society of Professional Engineers (NSPE).
- Controls and testing facilities: DCS, PLC and programming test bench, field measurement instruments
- Computerized Drafting and Design Capabilities: Plant 4D industrial workgroup software, 3D modeling, Trane Trace, Crane Piping Analysis, AutoCAD, Microstation, MS Project, Genesis and other CADD programs
- Preferred System integrator status with “Name of Vendors based on organizations need”; experience with applicable “Vendors” and other DCS/PLC architectures.
A typical submittal from an Automation System Integrator may include:
Corporate Overview
Company Overview
Areas of Expertise
Industries Served
Qualifications and Capabilities
Details of Key Team Members
Project Management & Project Execution
Overview
Service (Project Planning, Design etc.…)
Process Engineering Service
Facilities Overview and Experience
Automation and Control Engineering Services with Experience
Process System Experience
Specification for selection of a System Integrator
General
The Process Automation and Control Company (PACC) {aka. system integrator}, shall be responsible for the final design and assembly of the control system. The system shall be designed to provide the control capabilities and functions indicated and implied by the drawings, control strategy and specifications including applicable electrical sections of the Organizations Master Specifications document and to provide trouble-free operation with minimum maintenance. The system shall readily enable manual operation of all functions in the event of failure of component or control system.
Included is the PACC scope of supply is this section, applicable electrical section of specifications, Variable Frequency Drives and other system and network related sections.
Process Automation and Control Company (PACC)
The PACC shall be a single business entity located (x miles from the job site – local or national based on your needs). All necessary engineering, programming, fabrication, service, and training shall be performed by the PACC with no aspect of the project subcontracted, developed, or obtained from any person(s) or company outside the PACC.
The PACC shall be an authorized Systems Integrator for the “Named vendors applicable to the Owners system” with documented experience in the design, assembly, testing, installation, commissioning and service of control systems for municipal water and wastewater facilities (applicable industry) of the same scale and complexity as this job under its present company name for at least (X) years.
In addition, at least one Microsoft Certified Professional Systems Engineer shall be present on staff. All PACC employees assigned key roles associated with this project will have a minimum of (X) years of related experience.
All HMI, PLC, DCS, RTU, MCC’s and Control panels associated with the project and provided by the PACC shall be calibrated, commissioned and tested using system simulation equipment prior to customer delivery. The PACC will carry General Liability Insurance and Professional Liability (Errors and Omission) Insurance.
Fabrication
The PACC shall maintain an in-house panel fabrication facility certified by Underwriter’s Laboratories (UL-508,913) and Electrical Testing Laboratories (ETL).
All panels shall be laid out for logical and functional order with maintenance friendly organization and permanent interior labels for easy recognition.
Fabrication personal shall be skilled in their areas of expertise with a minimum of ten (10) years of experience.
Service
The PACC shall maintain a service department supervised by a full-time Service Manager staffed with dedicated full-time factory trained field service personnel available 24 hours a day, 7 days a week. Field service capabilities will include start-up services, on-site programming for DCS, PLC’s and operator interface (HMI) systems. The PACC will also provide emergency control systems repair, trouble shooting, testing, remote assistance via modem for quick diagnosis and repairs, preventative maintenance and calibration service, documentation (O&M and drawings) maintenance, and system-wide training inclusive of all related field instruments.
Warranty
The PACC shall perform the repairs, replacements, modifications and adjustments required to eliminate the defects in design or workmanship that may be identified within the one-year warranty period. The PACC shall begin these repairs, replacements, modifications and adjustments within 24 hours of notification by the Owner or Engineer and shall complete such repairs, replacements, modifications and adjustments within 48 hours of notification. Should the PACC fail to complete the work within this period, the Owner may proceed to complete the work. In such event, the PACC and their surety shall be liable for all reasonable costs incurred by the Owner.
Acceptable PACCs
The Process Automation and Controls Company, (PACC) shall be selected by the General Contractor from the following pre-approved acceptable companies:
Pre-approved System Integrator listed here
No equal unless modified by addendum as required below for pre-approval. The owner reserves the right at their sole discretion to reject any and all proposal submissions for an alternate PACC. The Contractor, sub-contractor, or submitted non-pre-approved PACC shall not be entitled to an extension of time or to any claim for damages because of extra and unanticipated costs, hindrances, delays or complications caused by or resulting from the Owner not approving the PACC for whatever reason.
PACCs not listed under acceptable PACCs
A PACC not listed under acceptable PACCs will require strict specification compliance, no exceptions, and be pre-approved prior to bid by the Owner. A submission packet by a PACC requesting pre-approval will include a copy of this and the above specification section with PACC notations as follows:
Each paragraph will require the initial in the right column by the PACC indicating specification compliance. Any area of non-compliance will be circled and explained. The following supplemental information should be attached to this document.
Submission for PACC pre-approval requires a list of a minimum of five (5) similar projects in size, complexity, and value completed within the last three (3) years that will include:
Names of PACC employees involved in each system
Detailed description and drawings of each system.
Cost of each system.
Names and telephone numbers of owner site individuals involved in the operation and maintenance of each system.
Submission for pre-approval must include a company profile and description of the ownership and organization. Include resumes of principals and key employees who will be working directly in the engineering, assembly, testing and commissioning of the system for this project.
Indicate who will be responsible for integrating the following parts of the project:
Project management
Human machine interface (HMI)
SCADA Design
Telemetry Design
DCS Programming
PLC/RTU programming
Control system connectivity
Start-up
Training
A “Letter of Assurance” to the owner will be included, which states that the employee responsible for his/her respective part of the project will remain the same individual throughout the duration of the project.
Tags: ASHRAE,ASME,ASPE,CSIA,IEEE,Industrial Control Systems,ISA,IVT,NFPA,NSPE,PMI,SCADA,Systems Integrators,