Logo CAMS
Press Release | 12.15.21

HOUSTON – A subsidiary of Consolidated Asset Management Services (CAMS), CAMS Bluewire Technology, was named to the Houston Business Journal’s (HBJ) 2021 list of the largest Houston-area cybersecurity companies.

The 15 companies on the list are ranked by total 2020 revenue, which ranges from $3 million to $150 million. CAMS Bluewire was ranked 12th with a total revenue of $5.2 million for 2020.

“We are proud to be part of HBJ’s list of largest Houston-area cybersecurity companies in 2021,” said Jimmy Wyble, president of CAMS Bluewire. “Last year wasn’t an easy one, but we still managed to earn a spot among the market leaders in cybersecurity. This is evidence of our drive, dedication and the collective efforts of our team members to continuously grow and serve the greater Houston area and beyond for years to come.”

Bluewire is a full-service IT support and consulting firm headquartered with CAMS at 910 Louisiana Street in downtown Houston. It delivers managed services, phone systems, hosting, cybersecurity and consulting services nationwide.

Bluewire was established in 2002 and then acquired by CAMS in 2007. The company was named to the 2013 INC. 5000 List of The Fastest Growing Companies in America and HBJ’s 2014 List of Largest Houston-area Computer Network and System Integrators.

For more information about Bluewire, visit www.bluewiretech.com. For more information about CAMS, visit www.camstex.com.

Articles | 07.14.21

By Matthew Pacobit, Senior Director of Regulatory Affairs

After posting the article Cybersecurity in Power Plants – Is my facility vulnerable? we received additional questions asking how OT or Operational Technology is different from IT business networks. This article will explain some of those differences and why they are important when considering cybersecurity.

Operational vs. Business Networks

Let’s first consider the structure of business networks because that is what most people are familiar with. Business networks are typically a collection of independent systems (computers) all running software from either Windows or Linux. Each computer is able to communicate with other computers through the business network, and each computer controls who it is talking to. For example, when you browse the internet you type in a web address which instructs your computer to initiate a request for information from a server. There are some exceptions to this generalized description of the structure of business networks, but for the purpose of this analysis they are not essential (even though I know there are some IT professional pulling out their hair in frustration with this oversimplification). One of the key characteristics of this structure is that it allows for enterprise-type solutions for virus protection and patching because all the machines on the business network run the same operating system. However, what happens if all the machines are not independent systems and do not run the same operating system?

This brings us to Operational Technology, which again will be discussed very generically as there are countless types in existence. Operational networks do not just use the Windows PC that you see in the control room, but instead interface with field devices and field networks running a variety of proprietary software and/or operating systems. These could include systems from companies such as Emerson, GE, Siemens, Mitsubishi, Allen Bradley, and Bently Nevada to name a few. Even within these vendors there can be different systems such as Emerson’s Ovation system and Emerson’s heart communication implementation on their Rosemount transmitters. Normally, these different systems are run by a central controller. They are not designed for their own independent reliability, but for the overall reliability of the plant or system that they are operating. In practice, this means that if the central controller detects something is wrong, it will fail to the backup controller. What causes this to happen varies widely by system design and manufacturer.

Due to the differences in the way business and operational networks are setup and function, we must take different approaches to how we secure these systems. For example, you can run a network detect tool on a business network with minimal risk of causing any issues, but if you run that same tool on an operations network you could bring down the entire network and the plant with it. While this may not happen every time, there is a much greater risk on the operational networks due to the differences in structure. Another good example is patching. There are several Windows patches that cannot be loaded onto certain operational networks because they will cause significant issues to the network.

Therefore, it is crucial when you are looking at securing your operational networks to make sure you are using someone with knowledge and experience with OT and who understands why and how they are different from business networks.


For help and information about protecting your operational or business network and data systems, contact one of our experts.

Articles | 06.24.21

By Matthew Pacobit, Senior Director of Regulatory Affairs

We have been getting many questions from clients about cybersecurity and the cyberattacks that have been widely reported in recent news. Most clients want to know why these attacks are happening all of a sudden and whether or not their plant is vulnerable.

To begin, the media may have just started reporting some of these high-profile attacks, but if you read public companies past disclosures, you will find that this has been going on for years. Additionally, cyberattacks have been growing exponentially and with the rise of cryptocurrency, criminals are now able to demand payments that are almost completely untraceable.

With regards to the vulnerability of clients’ plants, the answer is a bit more complicated and there are a few key points that need to be made clear.

First, all power plant control systems are vulnerable and there is no such thing as a perfectly secure system. Even systems that are air-gaped are still at risk of transient cyber assets and removable media (laptops, tablets, phones, USBs, etc.).

Second, power plant control systems are not the same as IT business networks. Plant control systems are made up of many customized components from a wide variety of venders. Some of these components might be off-the-shelf computers, but they cannot be secured using the same solutions as business network computers. I have seen firsthand, a cybersecurity software try to request information from a plant controller on an operation network. The controller interpreted it as an unknown error, failed, and triggered a backup. The software then did the same thing to the backup and took down the entire system.

Because of the risk to the control system, the CAMS cybersecurity team separates out the business network from the operational network when looking at cybersecurity solutions. Most of our clients currently use CAMS Bluewire Technologies for their business network cybersecurity, however, each operational network is unique. There needs to be a discussion on risk mitigation vs. cost for each control system and each cybersecurity solution. Some control systems can be secured with a firewall or data diode, while others are better off with firewall monitoring and/or whitelisting. Additionally, most power plant control systems have at least some components and software that are older than 5-10 years, so determining the right fit is a personalized process.

In the end, securing the power plant control system not only reduces the risk of down time but also reduces the risk of equipment damage, making cybersecurity and risk mitigation worth the cost.

For more information, contact us below.

    First Name*
    Last Name*
    Company*
    Email*