Applied Risk: An established leader in Industrial Control Systems security

Applied Risk is focussed on critical infrastructure security and combating security breaches that pose a significant threat. Operating on a global scale, we work with a wealth of large organisations that rely on our expertise to safeguard their critical assets. Our proven experience of identifying vulnerabilities and security risks is based on methodologies honed over years of conducting assessments in industrial environments.

Our engineering experience and cyber security knowledge proves invaluable in securing the critical infrastructures and industrial assets of companies across the globe. We understand the need to maintain secure and reliable control environments, working across a range of industries we deliver solutions tailored to asset owners’ and manufacturers’ security requirements.

Industrial Control Systems (ICS) security is an engineering-based problem that requires an engineering-focused solution. Our offerings includes a wealth of engineering and technical assurance services, combined with comprehensive security assessments that cover the full spectrum of our client’s critical asset requirements while meeting industry standards.

SignupBannerGeneral.png

Solutions

Guarding mission-critical industrial systems from the threat of cyber attacks requires a specific and focused security skill set that only comes with deep industry knowledge and associated experience.

Applied Risk helps clients to address and maintain defences against the ever-increasing threats targeting Industrial Automation and Control Systems environments. We enable asset owners, operators, government agencies and suppliers to stay up-to-date and identify appropriate mitigating controls for protecting Process Control and Industrial Automation systems against the latest threats.

Select a product or service below:

  • Products

    ICS Cyber Security Awareness Training
  • Services

    Industrial Automation and Control Systems (IACS) Security
  • ICS/SCADA Security Assessment & Penetration Testing
  • Risk and Vulnerability Assessment (RVA)
  • Embedded Security Assessment
  • Medical Devices Security Assessment
  • IoT Security Assurance Services

Industries

  • Power
  • Pharmaceutical
  • Oil & gas
  • Water
  • Manufacturing
  • Chemicals

Heightened levels of interconnectivity, driven by business requirements, are now leaving Industrial environments increasingly exposed to costly and dangerous cyber attacks, including Denial of Control (DoC); Loss of Control (LoC); Loss of View (LoV); and Manipulation of View (MoV).

> Read more

Labs

Applied Risk maintains a significant leadership in the IACS community through its interactions with end users and manufacturers as well as its advanced research initiatives. It is through this work that we can provide unmatched service delivery to its customers and partners.

This section outlines our dedicated research, with a focus on advisories and white papers for ICS/SCADA environments.

  • Advisories

    Our security advisories are the results of research activities conducted by our in-house research team. These focus exclusively on ICS/SCADA devices and technologies.

    Read more

  • Vulnerability Disclosure Policy

    It is the policy of the company to exercise the responsible disclosure of security vulnerabilities in a manner that is of maximum value to all affected parties.

    Read more

About us

  • Safety
  • Integrity
  • Customer focused
  • Innovation

Applied Risk was founded with one core mission: to secure critical assets in the industrial domain against emergent cyber threats. As a major cyber security player within the Industrial Automation and Process Control field, our primary objective is to offer the most advanced Industrial Control Systems (ICS) security technology solutions.

> Read more

Careers

The Industrial Automation and Control Systems (IACS) security field is growing rapidly and Applied Risk continues to grow to meet current and future customers’ needs. As a global IACS leader, we maintain very high levels of cyber security skills, engineering experience, and business confidentiality. If you have a solid background in Control Systems security or industrial automation engineering and are looking for the next level of challenge and commitment, we would like to hear from you.

> Read more

Advisory board

Auke Huistra

Auke Huistra
International Cyber Security Expert

> Read more

Auke Huistra

Christian Martorella
CISSP, CISM, CISA, OPSA and OPST

> Read more

Blog

Cybersecurity in Manufacturing: Effectively Protecting Your Operational Technology (OT)

Cybersecurity is a challenging topic to navigate in the world of manufacturing. The steady growth of “Industry 4.0” is leading to more connected devices and sensors being deployed into manufacturing environments. Firms are now much more willing to embrace Industrial Internet of Things (IIoT) technologies that are helping their factories collect and analyse data that can be turned into intelligent insights. This enables a faster, more efficient production line, helping businesses become increasingly agile in order to meet growing customer expectations.

However, the proliferation of digital technologies in the sector is introducing new risks. A common expression in the IT sphere is that if a system is visible to the internet, it is only a matter of time until it will be affected by a security incident. The uncomfortable truth is that the world of operational technology (OT) is taking too long to learn the basic cybersecurity lessons their colleagues in IT discovered the hard way. Rather than being seen as a fundamental part of modern OT infrastructure and essential to reaping the benefits of Industry 4.0, such as just-in-time production and less stock, cybersecurity is still regarded as a grudge purchase, and sometimes not considered at all.

iStock-584241892.jpg

The complexities of manufacturing environments

Perhaps, cybersecurity isn’t considered often enough in the manufacturing world because the complexities of such a field make implementing effective processes extremely difficult. By their very nature, industrial environments are complicated, and a large proportion of the unmitigated risks come from the fact that machines which were designed to be deployed in closed networks are now being connected to open IT systems.

In most factories that are being retrofitted with real-time remote sensing and analytics, not enough attention is being paid to protecting systems which don’t include basic security features, and therefore may be exposed to attack. The time to get this right is now, not just to mitigate the threat of cyberattacks, but also to allow manufacturing firms the opportunity for enhanced intelligence and streamlined operations, all with minimal cybersecurity risks.

While there have been few substantiated reports of major attacks in manufacturing plants when compared with breaches in corporate data, that doesn’t mean they aren’t already happening undetected. The concern is that the lack of major headlines, when compared to consumer and corporate data breaches, is actually feeding more complacency around the issue. Yet, as we saw in IT, many firms are likely ignorant that their OT networks have been breached, since there’s a general lack of monitoring.

There are examples of such attacks though, including one on a German steel mill in 2014 in which attackers gained access to the control system for a blast furnace. This particular incident demonstrated that when control systems are infiltrated, it is possible to cause serious physical damage and put human lives at risk. Cybersecurity is now impacting physical safety, and hopefully that fact will propel the sector into greater action.

How to effectively protect manufacturing environments

Protecting the production line and realising the benefits of the connected manufacturing plant requires a change in the way technology is deployed to reflect the reality of the IIoT and Industry 4.0. The drive to deliver efficiencies and real-time analytics means that OT environments are no longer air gapped from the IT network, so effective cybersecurity is a must to keep production running, and workers safe.

As always, good cybersecurity starts with the basics. That means simple things like ensuring good password policy for all users (on-site and remote), administrators and the IIoT devices themselves, where standards of practice still fall short. It continues with asset audits and ensuring that proper network segregation is used to protect vulnerable parts of the infrastructure.

On a more in-depth level, it means re-evaluating the entire supply chain and ensuring that business partners thoroughly understand the OT environment and its cyber security risks. To achieve this effectively, manufacturers will need to have an agreed baseline of security measures that are required industry wide. They will require a common language to communicate cyber security expectations and countermeasures.

The security expertise is out there to help manufacturing firms realise the potential of the IIoT and Industry 4.0. Applied Risk has vast amounts of experience in securing manufacturing environments, with a wealth of large organisations relying on our expertise to safeguard their critical assets. Learn more about improving the cyber resilience of industrial control systems in your manufacturing environment.