Applied Risk: An established leader in Industrial Control Systems security

Applied Risk is focussed on critical infrastructure security and combating security breaches that pose a significant threat. Operating on a global scale, we work with a wealth of large organisations that rely on our expertise to safeguard their critical assets. Our proven experience of identifying vulnerabilities and security risks is based on methodologies honed over years of conducting assessments in industrial environments.

Our engineering experience and cyber security knowledge proves invaluable in securing the critical infrastructures and industrial assets of companies across the globe. We understand the need to maintain secure and reliable control environments, working across a range of industries we deliver solutions tailored to asset owners’ and manufacturers’ security requirements.

Industrial Control Systems (ICS) security is an engineering-based problem that requires an engineering-focused solution. Our offerings includes a wealth of engineering and technical assurance services, combined with comprehensive security assessments that cover the full spectrum of our client’s critical asset requirements while meeting industry standards.

Solutions

Guarding mission-critical industrial systems from the threat of cyber attacks requires a specific and focused security skillset that only comes with deep industry knowledge and associated experience.

Applied Risk helps clients to address and maintain defences against the ever-increasing threats targeting Industrial Automation and Control Systems environments. We enable asset owners, operators, government agencies and suppliers to stay up-to-date and identify appropriate mitigating controls for protecting Process Control and Industrial Automation systems against the latest threats.

Select a product or service below:

  • Products

    ICS Cyber Security Awareness Training
  • Services

    Industrial Automation and Control Systems (IACS) Security
  • ICS/SCADA Security Assessment & Penetration Testing
  • Risk and Vulnerability Assessment (RVA)
  • Embedded Security Assessment
  • Medical Devices Security Assessment
  • IoT Security Assurance Services

Industries

  • Power
  • Pharmaceutical
  • Oil & gas
  • Water
  • Manufacturing
  • Chemicals

Heightened levels of interconnectivity, driven by business requirements, are now leaving Industrial environments increasingly exposed to costly and dangerous cyber attacks, including Denial of Control (DoC); Loss of Control (LoC); Loss of View (LoV); and Manipulation of View (MoV).

> Read more

Labs

Applied Risk maintains a significant leadership in the IACS community through its interactions with end users and manufacturers as well as its advanced research initiatives. It is through this work that we can provide unmatched service delivery to its customers and partners.

This section outlines our dedicated research, with a focus on advisories and white papers for ICS/SCADA environments.

  • Advisories

    Our security advisories are the results of research activities conducted by our in-house research team. These focus exclusively on ICS/SCADA devices and technologies.

    Read more

  • Vulnerability Disclosure Policy

    It is the policy of the company to exercise the responsible disclosure of security vulnerabilities in a manner that is of maximum value to all affected parties.

    Read more

About us

  • Safety
  • Integrity
  • Customer focused
  • Innovation

Applied Risk was founded with one core mission: to secure critical assets in the industrial domain against emergent cyber threats. As a major cyber security player within the Industrial Automation and Process Control field, our primary objective is to offer the most advanced Industrial Control Systems (ICS) security technology solutions.

> Read more

Careers

The Industrial Automation and Control Systems (IACS) security field is growing rapidly and Applied Risk continues to grow to meet current and future customers’ needs. As a global IACS leader, we maintain very high levels of cyber security skills, engineering experience, and business confidentiality. If you have a solid background in Control Systems security or industrial automation engineering and are looking for the next level of challenge and commitment, we would like to hear from you.

> Read more

Advisory board

Auke Huistra

Auke Huistra
International Cyber Security Expert

> Read more

Auke Huistra

Christian Martorella
CISSP, CISM, CISA, OPSA and OPST

> Read more

Auke Huistra

Joe Weiss
PE, CISM, CRISC & ISA fellow

> Read more

Blog

Things You Need To Know About IEC 62443 Standards

In the era of globalization and highly competitive markets, the world demands more automation. This in turn increases the risk of cyber threats. Hence, cyber security requirements and the deployment of IEC 62443 are the need of the hour. IEC 62443 are a series of standards for control cyber security management, which leverages technical reports, related information and defines the process of implementing secure Industrial Automation and Control systems (IACS).

The IEC 62443 standards address complete IACS ecosystem and describe how security practitioners, system integrators and control system manufacturers should interact and ensure security and safety of their facilities and components.

This article will discuss a few aspects, which are crucial for safeguarding your business and critical assets from potential cyber threats.

The challenges

With the increasing convergence between the IT and OT, the Industrial IoT is expanding. More networks are getting interconnected irrespective of their geographies. Additionally, closed networks are no longer air-gapped and rapidly transformed to networks connected to office networks and cloud. This introduces multiple risks for businesses and affect the whole IACS ecosystem including asset owners, operators and suppliers.

Some of the key challenges that industries are inherently facing:

- Many control systems lack basic protection mechanisms (Authorization, Auditing, Input Validation…etc.), as these were not designed with security in mind.

- Industrial protocols are developed for trusted networks with reliability and availability as main priorities.

- Emerging technologies like smart metering, mobile computing and wireless etc., expose industrial devices to more and more risk of a cyber attack.

The implementation of the IEC 62443 is beneficial for organization to address their industrial cyber security risks. In simple language this standard segments the networks to zones and deploy various barriers (conduits) to enable better control over access and security within control systems networks using well-defined interfaces (channels). It provides a common terminology for IACS security, a security management system specific for industrial automation, guidance on the security architecture of the industrial network, and defines security requirements across the complete system and throughout components lifecycle. Therefore asset owners globally are adopting this option for protecting their industrial assets.

image1.jpg

The evolution of IEC 62443

The IEC 62443 was designed to prevent any cyber security vulnerabilities and attacks on the asset owners. In 2002, a document titled ISA-99 was issued by the International Society for Automation (ISA), which laid down the information that the businesses required, who were operating in the automation industry, to shield themselves from cyber threats. Back then, the issue of cyber security was not that rampant and hence the debates and discussions were comparatively less. With the increase in business automation, the need for cyber security is growing. The ISA-99 was modified to fit the modern business cyber needs and came to be known as IEC 62443. This is developed by a cross section of cyber security experts from various industries, government and academia as these standards are applicable to all the industrial sectors. To reduce the chances of a cyber attack, the guidelines within the IEC 62443 should be followed.

IEC 62443 Structure

The ISA 62443 series and technical reports are categorized into the following four categories:

- Information on the concepts, terminology, models, work products describing security metrics.

- The second classification addresses different facets of generating and maintaining an efficacious IACS security program by targeting the asset owner.

- For the secure amalgamation of control systems, the third category host’s description of system design guidance and requirements.

- The fourth classification describes technical requirements and specific product development of control system upshots.

The Solution

Applied Risk’s IEC 62443 assessment is a comprehensive evaluation program, that can help your business evaluate your operational risks, components security without falling prey to cyber attacks.

Visit our Risk and Vulnerability Assessment Services to know what steps can be taken to enhance your control systems security.