Monthly Archives: August 2023

Meet Skyler Martin!

Our team has grown quite a bit this year, and one of the new inspectors we’ve happily welcomed to the team is Skyler Martin! Read on to learn more about him, his background and what he likes best about his position at BPC.

BPC: How did you hear about BPC, and when did you come on board?

Skyler: I found out about this job opportunity on a Facebook group called “Navy Nuke Job Finder”. Del had posted about BPC there. And I started [at BPC] in February.

BPC: What kind of objects do you inspect, and what are some of the most interesting things you’ve seen on the job?

Skyler: I’ll be inspecting boilers and pressure vessels, and some interesting things I’ve seen so far are coal fired boilers and a boiler that’s seven stories high!

BPC: What do you enjoy most about working here?

Skyler: There are many things that I enjoy about working at BPC: The benefits are really good – like a company car – as well as help with the phone bill. The pay is really good, and I also like the freedom to complete the work whenever is most convenient for me. I sometimes work [an evening schedule], because that’s what fit best into my schedule that day.

BPC: What do you think sets BPC apart from your competitors?

Skyler: At BPC, we try to answer our customers within 24 hours. Also, the company pays us by the hour instead of a salary – that makes a difference, because sometimes salaried employees are overworked and not compensated correctly, whereas if we work overtime, we’re compensated accordingly for our work.

We’re so glad to have you on the team, Skyler!

Industrial Control Systems (ICS) and Cyber Security

Did you know that exposure to equipment breakdown and property damage exist if Industrial Control Systems (ICS) are compromised, either due to human error or cyber-attack? With advancements in technology, ICS are migrating to require extensive operator training, while also being subject to greater risk of cyber hacking. The advancement in ICS enables industrial processes to be remotely monitored and managed from a central location. This allows organizations to achieve greater efficiency and productivity, however, this comes at the cost of infiltrating the physical network that protects the legacy systems from cyber threats. 

ICS is referred to as Supervisory Control & Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations like Programmable Logic Controllers (PLC). ICS have been utilized for years to control and document operating parameters of machinery in all types of power plants, chemical plants, miscellaneous industrial sectors and infrastructures. 

In the past, manufacturing companies were connected within the network of a single organization, but a connection with the outside world through the internet was limited. However, when technology evolved, the internet connections became worldwide with the evolution of iCloud, Google Drive, Dropbox, and many others. All these digital media platforms are vulnerable to infiltrations by unauthorized sources, often referred to as hacking. 

While I do not specialize in underwriting and insurance coverages, it’s my understanding that damage to equipment/property and business loss due to compromised ICS is covered under EB coverage. A major global property insurance company is providing extensive training to field staff in evaluating and recommending ICS/Cyber security exposures and BI Loss as the result. 

There are two major sources of EB due to ICS failure: 

  1. Human error in operating ICS by staff and authorized contractors. In addition to technical training, the training program should include procedures to evaluate proficiency in the use of ICS. 
  2. Improper and purposeful misuse of access given. If contractors are given access, there should be a monitoring system to detect improper and misuse of access.

Cyber Security, in the context of ICS, is defined as “the protection of industrial control systems from threats from cyber attackers”. It is often referred to as Operational Technology (OT) Security and includes a wide range of practices including:

  1. Asset inventory and detection
  2. Vulnerability management
  3. Network intrusion protection and detection
  4. Endpoint detection and response
  5. Patch management
  6. User and access management

Those involved in completing the CERR type of AXA report employ the use of a form in the report – Cyber Exposure to Equipment Control. It addresses the compromised areas of ICS with respect to its cyber security network. In completing this section, the exposures and management program should be discussed and proper information provided.

Additionally, a corporate program for development of a centrally-driven cyber security policy for effective management, operation, and security of the ICS is necessary. There is a range of standards; CIS Top 20NIST CS, IEC 62443, and others, that address cyber security issues. Several ICS manufacturers require certification as qualified anti-terrorism technology under the US Safety Act (Homeland Security). One such system that is widely used in power generation is Emerson Ovation DCS. Ovation supports integrated vibration monitoring, generator excitation control, Safety Instrument Systems (SIS), scalable footprints for small or distributed applications, virtualization and embedded simulation.

At our level of property inspection surveys, the most important factor to address is the operator training, review of operator performances and a corporate policy to ensure that contractors and vendors are not provided access without proper security screening. Also, cyber security is the responsibility of corporate management. It is advisable to discuss if there exists a formal ICS security strategy, policy and cross functional teams for effective management, operation and implementation of ICS security programs.

Anzar Hasan