Cyber-security risk management
The cyber-threat to industrial automation and control systems is very real, as demonstrated by high profile attacks in recent years such as Stuxnet, Industroyer and Triton. Effective cyber-security for operational technology (OT) systems is delivered by a blend of:
- Cyber-security defensive measures covering the system lifecycle, from design to operations and the subsequent decommissioning of the systems and individual components.
- Cyber-risk assessments of the systems to establish any additional security measures required to protect them from cyber-threats.
- The integration of cyber-security alongside physical and procedural security measures within the context of overall security.
- Cyber-security vulnerability assessment and penetration testing of the installed systems.
Risktec in partnership with the TÜV Rheinland cyber-security business provides a comprehensive range of services to help industrial clients mitigate the impact of the cyber-threat on their industrial automation and control systems:
- Identification of critical systems utilising digital technology
- Development of cyber-security risk assessment methods
- Identification and assessment of major risks to new facility projects from cyber-threats
- Cyber-security risk assessment including threat and vulnerability analysis (e.g. following security standard IEC 62443 or NIST 800-82)
- Identification and assessment of cyber-threats as part of the functional safety assessment and management of safety-related systems
- Assessment of compliance with Cyber Essentials and NIST
- Penetration testing and IT security analyses
- Confidential, post-incident investigation and root cause analysis
- Advice on setting up secure IT facilities
- Development of information security management systems to ISO 27001
- Training courses
“We focus on identifying and assessing potential vulnerabilities in industrial automation and control systems from cyber-threats, and proposing effective mitigation measures.”