Applied Risk: An established leader in Industrial Control Systems security

Applied Risk is focussed on critical infrastructure security and combating security breaches that pose a significant threat. Operating on a global scale, we work with a wealth of large organisations that rely on our expertise to safeguard their critical assets. Our proven experience of identifying vulnerabilities and security risks is based on methodologies honed over years of conducting assessments in industrial environments.

Our engineering experience and cyber security knowledge proves invaluable in securing the critical infrastructures and industrial assets of companies across the globe. We understand the need to maintain secure and reliable control environments, working across a range of industries we deliver solutions tailored to asset owners’ and manufacturers’ security requirements.

Industrial Control Systems (ICS) security is an engineering-based problem that requires an engineering-focused solution. Our offerings includes a wealth of engineering and technical assurance services, combined with comprehensive security assessments that cover the full spectrum of our client’s critical asset requirements while meeting industry standards.


Guarding mission-critical industrial systems from the threat of cyber attacks requires a specific and focused security skill set that only comes with deep industry knowledge and associated experience.

Applied Risk helps clients to address and maintain defences against the ever-increasing threats targeting Industrial Automation and Control Systems environments. We enable asset owners, operators, government agencies and suppliers to stay up-to-date and identify appropriate mitigating controls for protecting Process Control and Industrial Automation systems against the latest threats.

Select a product or service below:

  • Products

    ICS Cyber Security Awareness Training
  • Services

    Industrial Automation and Control Systems (IACS) Security
  • ICS/SCADA Security Assessment & Penetration Testing
  • Risk and Vulnerability Assessment (RVA)
  • Embedded Security Assessment
  • Medical Devices Security Assessment
  • IoT Security Assurance Services


  • Power
  • Pharmaceutical
  • Oil & gas
  • Water
  • Manufacturing
  • Chemicals

Heightened levels of interconnectivity, driven by business requirements, are now leaving Industrial environments increasingly exposed to costly and dangerous cyber attacks, including Denial of Control (DoC); Loss of Control (LoC); Loss of View (LoV); and Manipulation of View (MoV).

> Read more


Applied Risk maintains a significant leadership in the IACS community through its interactions with end users and manufacturers as well as its advanced research initiatives. It is through this work that we can provide unmatched service delivery to its customers and partners.

This section outlines our dedicated research, with a focus on advisories and white papers for ICS/SCADA environments.

  • Advisories

    Our security advisories are the results of research activities conducted by our in-house research team. These focus exclusively on ICS/SCADA devices and technologies.

    Read more

  • Vulnerability Disclosure Policy

    It is the policy of the company to exercise the responsible disclosure of security vulnerabilities in a manner that is of maximum value to all affected parties.

    Read more

About us

  • Safety
  • Integrity
  • Customer focused
  • Innovation

Applied Risk was founded with one core mission: to secure critical assets in the industrial domain against emergent cyber threats. As a major cyber security player within the Industrial Automation and Process Control field, our primary objective is to offer the most advanced Industrial Control Systems (ICS) security technology solutions.

> Read more


The Industrial Automation and Control Systems (IACS) security field is growing rapidly and Applied Risk continues to grow to meet current and future customers’ needs. As a global IACS leader, we maintain very high levels of cyber security skills, engineering experience, and business confidentiality. If you have a solid background in Control Systems security or industrial automation engineering and are looking for the next level of challenge and commitment, we would like to hear from you.

> Read more

Advisory board

Auke Huistra

Auke Huistra
International Cyber Security Expert

> Read more

Auke Huistra

Christian Martorella

> Read more


Is the security of your maritime systems above board?

The maritime industry forms an integral part of our critical national infrastructure as our daily life depends on it to function properly. It is one of the core channels for global trade, with a staggering 80 per cent of goods by volume transported between countries in this way. Globally in 2016, this accounted for a total of 10.3bn tonnes moved between seaports[1].

And its relevance is only set to grow. By the end of the decade, it is expected that the world’s first autonomous container ship will have embarked on its maiden voyage, moving goods around Norway’s coastline. This will mark a new era of connected shipping technology, providing further evidence that the $210bn industry is beginning to embrace the future.


Security of vessels vulnerable to cyberattack

While benefitting from the continuing advancements in technology, there are very real concerns that the maritime sector is more vulnerable than ever to cyberattack. Researchers have demonstrated proof of concept attacks against some of the most common maritime systems, and there is evidence of navigational computers being infected with malware by a USB stick being used for system upgrades[2].

The potential impact of a cyberattack in the maritime industry is highly worrying. From data theft and system downtime, to taking control of a ship’s navigational system and changing its course, a cyberattack could lead to significant monetary losses, or even the theft of physical assets onboard vessels by pirates.

The problem is that the nature of the shipping industry means it is also incredibly challenging to mitigate such risks. Every ship is unique. There is little standardisation of on-board control systems and a high mix of legacy systems, many of which were not even designed with security in mind. This is making it near impossible to roll out uniform security measures across multiple ships.

Propelling maritime security into the future
Vessels are essentially complex industrial control systems, but floating ones. This means that many of the principles that are recommended for security within Operational Technology (OT) environments also apply here. A risk management approach is crucial, which begins with identifying the systems, data and interfaces that are unprotected and pose the greatest risk if compromised. Furthermore, security teams must understand how to protect them and mitigate the consequences of a successful attack.

In the maritime context, this means securing devices and networks by closing unused data ports and ensuring full network segregation between OT and IT systems. Importantly crew systems, such as terminals for entertainment or personal email, should be kept independent from everything else. This is because one of the primary threats remains inadvertent infection via a flash drive or email attachment, meaning better staff training is also imperative.

Going forward, adding new technologies to a network must also be done with due care, and in accordance with a ‘secure by design’ ethos. This involves the consideration of cybersecurity from the outset of system implementation, including identifying the security credentials of new technology being installed, and ensuring systems are integrated and utilised in a secure manner.

One of the best ways, however, to improve resilience to cyberattacks and harden maritime networks is to work with partners who are developing the expertise needed through experience. The maritime industry is starting to reap the rewards of improved automation and data services, but it cannot do it securely alone.

To find out how Applied Risk can help the shipping industry mitigate risk and address vulnerabilities, visit: