Applied Risk: An established leader in Industrial Control Systems security

Applied Risk is focussed on critical infrastructure security and combating security breaches that pose a significant threat. Operating on a global scale, we work with a wealth of large organisations that rely on our expertise to safeguard their critical assets. Our proven experience of identifying vulnerabilities and security risks is based on methodologies honed over years of conducting assessments in industrial environments.

Our engineering experience and cyber security knowledge proves invaluable in securing the critical infrastructures and industrial assets of companies across the globe. We understand the need to maintain secure and reliable control environments, working across a range of industries we deliver solutions tailored to asset owners’ and manufacturers’ security requirements.

Industrial Control Systems (ICS) security is an engineering-based problem that requires an engineering-focused solution. Our offerings includes a wealth of engineering and technical assurance services, combined with comprehensive security assessments that cover the full spectrum of our client’s critical asset requirements while meeting industry standards.


Guarding mission-critical industrial systems from the threat of cyber attacks requires a specific and focused security skill set that only comes with deep industry knowledge and associated experience.

Applied Risk helps clients to address and maintain defences against the ever-increasing threats targeting Industrial Automation and Control Systems environments. We enable asset owners, operators, government agencies and suppliers to stay up-to-date and identify appropriate mitigating controls for protecting Process Control and Industrial Automation systems against the latest threats.

Select a product or service below:

  • Products

    ICS Cyber Security Awareness Training
  • Services

    Industrial Automation and Control Systems (IACS) Security
  • ICS/SCADA Security Assessment & Penetration Testing
  • Risk and Vulnerability Assessment (RVA)
  • Embedded Security Assessment
  • Medical Devices Security Assessment
  • IoT Security Assurance Services


  • Power
  • Pharmaceutical
  • Oil & gas
  • Water
  • Manufacturing
  • Chemicals

Heightened levels of interconnectivity, driven by business requirements, are now leaving Industrial environments increasingly exposed to costly and dangerous cyber attacks, including Denial of Control (DoC); Loss of Control (LoC); Loss of View (LoV); and Manipulation of View (MoV).

> Read more


Applied Risk maintains a significant leadership in the IACS community through its interactions with end users and manufacturers as well as its advanced research initiatives. It is through this work that we can provide unmatched service delivery to its customers and partners.

This section outlines our dedicated research, with a focus on advisories and white papers for ICS/SCADA environments.

  • Advisories

    Our security advisories are the results of research activities conducted by our in-house research team. These focus exclusively on ICS/SCADA devices and technologies.

    Read more

  • Vulnerability Disclosure Policy

    It is the policy of the company to exercise the responsible disclosure of security vulnerabilities in a manner that is of maximum value to all affected parties.

    Read more

About us

  • Safety
  • Integrity
  • Customer focused
  • Innovation

Applied Risk was founded with one core mission: to secure critical assets in the industrial domain against emergent cyber threats. As a major cyber security player within the Industrial Automation and Process Control field, our primary objective is to offer the most advanced Industrial Control Systems (ICS) security technology solutions.

> Read more


The Industrial Automation and Control Systems (IACS) security field is growing rapidly and Applied Risk continues to grow to meet current and future customers’ needs. As a global IACS leader, we maintain very high levels of cyber security skills, engineering experience, and business confidentiality. If you have a solid background in Control Systems security or industrial automation engineering and are looking for the next level of challenge and commitment, we would like to hear from you.

> Read more

Advisory board

Auke Huistra

Auke Huistra
International Cyber Security Expert

> Read more

Auke Huistra

Christian Martorella

> Read more

Auke Huistra

Joe Weiss
PE, CISM, CRISC & ISA fellow

> Read more


Preventing the healthcare security headache

A proliferation of connected medical devices is causing a security headache for those in the healthcare industry. It has long been the stuff of fiction that technology developed to enhance our lives could in fact be turned against us to inflict catastrophic damage. In August of this year these fears were confirmed, as the US Federal Food and Drug Administration (FDA) ordered a recall of half a million pacemakers over fears that they could be hacked and turned against their user.

The warning signs of technology’s negative potential have been understood for a while. It was, in fact, back in 2014 that forensic medicine and security experts collaborated to develop software that would help identify if pacemakers had been hacked. In our quest to realise the benefits of rapidly evolving technology, security has become an after-thought. This, it would seem today, is a highly irresponsible approach that we must address, replacing it with better collaboration, lifecycle management, network monitoring and a “secure by design” product development ethos.

Connected healthcare: better outcomes or a threat to life?

Innovation in the healthcare industry is having a great impact on the quality of life for many people. For example, we’ve already seen low cost blood sugar monitoring implants which can synchronise with a smartphone to help diabetics manage their condition; and how networked X-ray and ultrasound machines that can deliver instant images to a practitioner’s desktop are speeding up diagnosis and treatments in emergency rooms across the world.

But what if the opposite is true? Could this often life-saving medical equipment be turned against us? There has been much speculation over potential scenarios in which devices such as insulin pumps are hijacked and held to ransom; or terrorists attack connected pacemakers en masse. Sadly, this is no longer the stuff of fiction. Medical device manufacturers must come to terms with the idea that the security of the healthcare equipment itself is also a life and death issue.


Relieving the headache

Following best practice will be key for medical device manufacturers. New data privacy laws and strict FDA requirements mean the responsibility is now with the developers to ensure the protection of networks and systems, or they will face the consequences. To help meet these obligations, the security industry and medical device manufacturers must develop a closer relationship, ensuring that new devices are developed with security defences baked in. The ethos of “secure by design” must become entrenched within all product developers.

This can be achieved using tried and tested means such as a thorough Systems Development Lifecycle (SDLC) programme to maintain and monitor products throughout the entire period that they are in use. We know that bad actors will always find new exploits and methods of attack, so vigilance for unexpected behaviours is critical. No system can ever be 100% secure, so layering defences to mitigate damage in the event of a breach is vital.

We must act now, as it won’t be long until a fresh set of headlines detail the latest attack on our healthcare systems and devices. Just as with a patient, it’s much better to prevent an illness than to cure one.

Contact us to learn about Applied Risk’s Medical Devices Security Assessment