Cyber-security risk management

The cyber-threat to industrial automation and control systems is very real, as demonstrated by high profile attacks in recent years such as Stuxnet, Industroyer and Triton.  Effective cyber-security for operational technology (OT) systems is delivered by a blend of:

  • Cyber-security defensive measures covering the system lifecycle, from design to operations and the subsequent decommissioning of the systems and individual components.
  • Cyber-risk assessments of the systems to establish any additional security measures required to protect them from cyber-threats.
  • The integration of cyber-security alongside physical and procedural security measures within the context of overall security.
  • Cyber-security vulnerability assessment and penetration testing of the installed systems.

Risktec in partnership with the TÜV Rheinland cyber-security business provides a comprehensive range of services to help industrial clients mitigate the impact of the cyber-threat on their industrial automation and control systems:

  • Identification of critical systems utilising digital technology
  • Development of cyber-security risk assessment methods
  • Identification and assessment of major risks to new facility projects from cyber-threats
  • Cyber-security risk assessment including threat and vulnerability analysis (e.g. following security standard IEC 62443 or NIST 800-82)
  • Identification and assessment of cyber-threats as part of the functional safety assessment and management of safety-related systems
  • Assessment of compliance with Cyber Essentials and NIST
  • Penetration testing and IT security analyses
  • Confidential, post-incident investigation and root cause analysis
  • Advice on setting up secure IT facilities
  • Development of information security management systems to ISO 27001
  • Training courses


“We focus on identifying and assessing potential vulnerabilities in industrial automation and control systems from cyber-threats, and proposing effective mitigation measures.”

Related articles:

Cyber-security risk assessment

Security risk management


Further information:

Visit TÜV Rheinland’s website for further information on the full range of functional safety and cybersecurity services.

Discuss your requirements

I wish to discuss my requirements with a professional advisor

Discuss requirements - Enquiries distribution

Subscribe to RISKworld

Please use this form to subscribe to RISKworld. You will also receive exclusive access to the Risktec Essentials series, plus notifications of new events and publications.

Subscribe to publications - Form 14 - Delete if not used
Our services Consulting All consulting services Cyber-security risk management