Applied Risk: An established leader in Industrial Control Systems security

Applied Risk is focussed on critical infrastructure security and combating security breaches that pose a significant threat. Operating on a global scale, we work with a wealth of large organisations that rely on our expertise to safeguard their critical assets. Our proven experience of identifying vulnerabilities and security risks is based on methodologies honed over years of conducting assessments in industrial environments.

Our engineering experience and cyber security knowledge proves invaluable in securing the critical infrastructures and industrial assets of companies across the globe. We understand the need to maintain secure and reliable control environments, working across a range of industries we deliver solutions tailored to asset owners’ and manufacturers’ security requirements.

Industrial Control Systems (ICS) security is an engineering-based problem that requires an engineering-focused solution. Our offerings includes a wealth of engineering and technical assurance services, combined with comprehensive security assessments that cover the full spectrum of our client’s critical asset requirements while meeting industry standards.


Guarding mission-critical industrial systems from the threat of cyber attacks requires a specific and focused security skill set that only comes with deep industry knowledge and associated experience.

Applied Risk helps clients to address and maintain defences against the ever-increasing threats targeting Industrial Automation and Control Systems environments. We enable asset owners, operators, government agencies and suppliers to stay up-to-date and identify appropriate mitigating controls for protecting Process Control and Industrial Automation systems against the latest threats.

Select a product or service below:

  • Products

    ICS Cyber Security Awareness Training
  • Services

    Industrial Automation and Control Systems (IACS) Security
  • ICS/SCADA Security Assessment & Penetration Testing
  • Risk and Vulnerability Assessment (RVA)
  • Embedded Security Assessment
  • Medical Devices Security Assessment
  • IoT Security Assurance Services


  • Power
  • Pharmaceutical
  • Oil & gas
  • Water
  • Manufacturing
  • Chemicals

Heightened levels of interconnectivity, driven by business requirements, are now leaving Industrial environments increasingly exposed to costly and dangerous cyber attacks, including Denial of Control (DoC); Loss of Control (LoC); Loss of View (LoV); and Manipulation of View (MoV).

> Read more


Applied Risk maintains a significant leadership in the IACS community through its interactions with end users and manufacturers as well as its advanced research initiatives. It is through this work that we can provide unmatched service delivery to its customers and partners.

This section outlines our dedicated research, with a focus on advisories and white papers for ICS/SCADA environments.

  • Advisories

    Our security advisories are the results of research activities conducted by our in-house research team. These focus exclusively on ICS/SCADA devices and technologies.

    Read more

  • Vulnerability Disclosure Policy

    It is the policy of the company to exercise the responsible disclosure of security vulnerabilities in a manner that is of maximum value to all affected parties.

    Read more

About us

  • Safety
  • Integrity
  • Customer focused
  • Innovation

Applied Risk was founded with one core mission: to secure critical assets in the industrial domain against emergent cyber threats. As a major cyber security player within the Industrial Automation and Process Control field, our primary objective is to offer the most advanced Industrial Control Systems (ICS) security technology solutions.

> Read more


The Industrial Automation and Control Systems (IACS) security field is growing rapidly and Applied Risk continues to grow to meet current and future customers’ needs. As a global IACS leader, we maintain very high levels of cyber security skills, engineering experience, and business confidentiality. If you have a solid background in Control Systems security or industrial automation engineering and are looking for the next level of challenge and commitment, we would like to hear from you.

> Read more

Advisory board

Auke Huistra

Auke Huistra
International Cyber Security Expert

> Read more

Auke Huistra

Christian Martorella

> Read more


Securing the Industrial Internet of Things (IIoT)

The Industrial Internet of Things (IIoT) is revolutionising manufacturing and critical environments. Its benefits are already being felt across industries as equipment such as sensors, gateways, processors and actuators continuously communicate with each other via the internet, enabling faster production and optimised processes. This is driving down costs and generating energy efficiencies.

That said, despite the range of benefits the IIoT has delivered, its rise has also led to an array of security weaknesses in such environments. At Applied Risk, we are still identifying multiple vulnerabilities in various devices used in environments such as water, oil & gas, power and manufacturing plants that could lead to modifications of process values by changing device settings and sending arbitrary commands to field devices.

Best practice security – are your devices trustworthy?

The ramifications of not adhering to best practice security requirements for industrial devices are alarming and should act as an eye-opener for industry. An example of the potential dangers comes from the newly discovered Autosploit, a tool that couples Shodan and Metasploit to make it easier for amateur cyber criminals to hack vulnerable IoT devices. It is predicted that this will result in a proliferation of new IIoT attacks[1].

Furthermore, following the discovery of the original Mirai botnet in 2016 that was used to take over hundreds of thousands of IoT devices, a new variant was found only last month that can turn IoT devices into proxy servers to protect the identity of hackers. More Mirai-based bots are now expected to emerge, with new methods of monetisation[2].

To ensure IIoT device trustworthiness, it is imperative for suppliers and end users to work together to investigate the security of legacy and new connected devices to determine their risk profile. Applied Risk recommends the following six basic security requirements for manufacturers and industrial end users when designing and implementing IIoT connected devices:

  • 1.Secure interface – It is essential to understand a device’s architecture and review its associated interfaces, software and hardware, for vulnerabilities.

  • 2.Software/Firmware integrity – It is crucial that IIoT devices first and foremost have the ability to perform updates regularly while maintaining cryptographic checks from a trusted source.

  • 3.Access Control – Firms must review the various access controls to determine whether a device allows for the separation of roles, strong passwords and the sufficient protection of credentials.

  • 4.Network services – Product manufacturers should ensure only necessary ports are available and exposed.

  • 5.Backdoors – An IoT device should not have undocumented functions or hidden entry points that can be easily exploited by the device vendor or any other third parties.

  • 6.Security configuration – An attacker will often utilise the lack of granular permissions to access data or controls on a device. Manufacturers must scrutinise devices for sufficient security hardening by restricting user privileges.


From the IEC 62443 standard to the EU Directive on Security of Network and Information Systems (commonly known as the NIS Directive), all industries are facing an increasing amount of regulatory burdens. Adopting security best practices and engaging capable security advisors to test and evaluate the security of equipment is crucial in order to detect and prevent a security breach before it has the chance to significantly impact a plant.

Visit Applied Risk’s Industrial Security Services to find out what steps you can take today to secure your industrial assets.