Cybersecurity Acceptance Testing for Control and Safety Systems

The aeCyberSolutions team was recently featured on

Five years ago, aeCyberSolutions set out to change the status quo when working with a client who was installing a brand-new integrated control and safety system.

“The CISO for the client said, ‘I want to make sure new control systems are secure before we install them into our environment.’ He noted that while he was trying to secure the existing environment, at the same time, their engineering and capital projects teams were installing new systems without proper cybersecurity design and testing,” Cusimano says. “The way he put it to us was, ‘I want to stop the bleeding. I want to stop installing new systems that aren’t secure.’”

To address the CISO’s concerns, aeCyberSolutions developed cybersecurity specifications for the vendors, developed test plans and tested the client’s new system for cybersecurity while it was still in the factory being staged and commissioned, a practice that later became known as Cyber Acceptance Testing. This testing is performed to verify that a new or upgraded ICS is implemented and commissioned according to the security requirements set forth in the design.

Read the full article at