Applied Risk: An established leader in Industrial Control Systems security

Applied Risk is focussed on critical infrastructure security and combating security breaches that pose a significant threat. Operating on a global scale, we work with a wealth of large organisations that rely on our expertise to safeguard their critical assets. Our proven experience of identifying vulnerabilities and security risks is based on methodologies honed over years of conducting assessments in industrial environments.

Our engineering experience and cyber security knowledge proves invaluable in securing the critical infrastructures and industrial assets of companies across the globe. We understand the need to maintain secure and reliable control environments, working across a range of industries we deliver solutions tailored to asset owners’ and manufacturers’ security requirements.

Industrial Control Systems (ICS) security is an engineering-based problem that requires an engineering-focused solution. Our offerings includes a wealth of engineering and technical assurance services, combined with comprehensive security assessments that cover the full spectrum of our client’s critical asset requirements while meeting industry standards.

Solutions

Guarding mission-critical industrial systems from the threat of cyber attacks requires a specific and focused security skill set that only comes with deep industry knowledge and associated experience.

Applied Risk helps clients to address and maintain defences against the ever-increasing threats targeting Industrial Automation and Control Systems environments. We enable asset owners, operators, government agencies and suppliers to stay up-to-date and identify appropriate mitigating controls for protecting Process Control and Industrial Automation systems against the latest threats.

Select a product or service below:

  • Products

    ICS Cyber Security Awareness Training
  • Services

    Industrial Automation and Control Systems (IACS) Security
  • ICS/SCADA Security Assessment & Penetration Testing
  • Risk and Vulnerability Assessment (RVA)
  • Embedded Security Assessment
  • Medical Devices Security Assessment
  • IoT Security Assurance Services

Industries

  • Power
  • Pharmaceutical
  • Oil & gas
  • Water
  • Manufacturing
  • Chemicals

Heightened levels of interconnectivity, driven by business requirements, are now leaving Industrial environments increasingly exposed to costly and dangerous cyber attacks, including Denial of Control (DoC); Loss of Control (LoC); Loss of View (LoV); and Manipulation of View (MoV).

> Read more

Labs

Applied Risk maintains a significant leadership in the IACS community through its interactions with end users and manufacturers as well as its advanced research initiatives. It is through this work that we can provide unmatched service delivery to its customers and partners.

This section outlines our dedicated research, with a focus on advisories and white papers for ICS/SCADA environments.

  • Advisories

    Our security advisories are the results of research activities conducted by our in-house research team. These focus exclusively on ICS/SCADA devices and technologies.

    Read more

  • Vulnerability Disclosure Policy

    It is the policy of the company to exercise the responsible disclosure of security vulnerabilities in a manner that is of maximum value to all affected parties.

    Read more

About us

  • Safety
  • Integrity
  • Customer focused
  • Innovation

Applied Risk was founded with one core mission: to secure critical assets in the industrial domain against emergent cyber threats. As a major cyber security player within the Industrial Automation and Process Control field, our primary objective is to offer the most advanced Industrial Control Systems (ICS) security technology solutions.

> Read more

Careers

The Industrial Automation and Control Systems (IACS) security field is growing rapidly and Applied Risk continues to grow to meet current and future customers’ needs. As a global IACS leader, we maintain very high levels of cyber security skills, engineering experience, and business confidentiality. If you have a solid background in Control Systems security or industrial automation engineering and are looking for the next level of challenge and commitment, we would like to hear from you.

> Read more

Advisory board

Auke Huistra

Auke Huistra
International Cyber Security Expert

> Read more

Auke Huistra

Christian Martorella
CISSP, CISM, CISA, OPSA and OPST

> Read more

Auke Huistra

Joe Weiss
PE, CISM, CRISC & ISA fellow

> Read more

Blog

VSAT insecurity: a wake-up call for the maritime industry

vsat-1.jpg

Cyberattacks against critical technologies are a rising threat. Recent months have seen nuclear power plants forced to switch to analogue radiation monitoring, hospitals shut down across Europe, and even direct targeting of Industrial Control Systems (ICS) technology through ‘Industroyer’ malware. Where hard-to-reach systems were once beyond the remit of low-skilled hackers, we now see nation-state level attack capabilities in the hands of individuals.

The shipping industry, due to high-value cargo and large operational costs, is increasingly viewed as a lucrative target for hackers seeking maximum reward for minimal effort. AMP Terminals, a subsidiary of shipping giant Maersk, for example, recently came under cyberattack directly through their IT/OT infrastructure with hackers holding their data to ransom. Presenting a wake-up call for the maritime industry, the next major security threat comes in the form of VSAT (Very Small Aperture Terminal) technology.

VSAT technology is a satellite communication system commonly used within the maritime industry, predominantly seen in cargo shipping, military and cruise ships, and even on drilling platforms. As with numerous unsecured networked devices, VSAT systems can be actively tracked through hacking tools and techniques. In the event of a breach, dependent on the threat actor's motivations - hacktivism, terrorism, theft or even piracy, the potential consequences can be severe.

vsat-2.jpg

Insecure technology; increased risk
This communications infrastructure is used, in short, as a means of providing network connectivity where a wired connection would be impossible or prohibitively expensive, relying on security through obscurity to remain protected from any hackers. An unintended consequence, however, is that in attempts to breach a target, hackers can use VSAT systems as an open entry point – potentially resulting in manipulation of resources, the compromise of data, and even affecting critical systems.

Where hackers previously focussed on smaller, easily breached targets, methodologies have now shifted, with threat actors looking to increase their return on investment. With the rise of networked technology utilised in businesses across the globe, we now see such attacks are increasingly feasible. With VSAT technology, systems are directly exposed to the Internet with no protection mechanism in place to ensure security, invariably utilising default usernames and passwords. Management interfaces can be easily identified and compromised, acting as a staging ground for further attacks – ranging from simple theft of data, to denial of control.

In ensuring the security of any operational environment, the first step must be to ensure any technology is installed and managed correctly – including system hardening and regular security assessment. The vulnerabilities present in VSAT technology represent a significant risk for the maritime industry. Are your systems secure?

Contact us to learn more about Applied Risk’s ICS/SCADA Security Assessment & Penetration Testing.