Applied Risk: An established leader in Industrial Control Systems security

Applied Risk is focussed on critical infrastructure security and combating security breaches that pose a significant threat. Operating on a global scale, we work with a wealth of large organisations that rely on our expertise to safeguard their critical assets. Our proven experience of identifying vulnerabilities and security risks is based on methodologies honed over years of conducting assessments in industrial environments.

Our engineering experience and cyber security knowledge proves invaluable in securing the critical infrastructures and industrial assets of companies across the globe. We understand the need to maintain secure and reliable control environments, working across a range of industries we deliver solutions tailored to asset owners’ and manufacturers’ security requirements.

Industrial Control Systems (ICS) security is an engineering-based problem that requires an engineering-focused solution. Our offerings includes a wealth of engineering and technical assurance services, combined with comprehensive security assessments that cover the full spectrum of our client’s critical asset requirements while meeting industry standards.

Solutions

Guarding mission-critical industrial systems from the threat of cyber attacks requires a specific and focused security skill set that only comes with deep industry knowledge and associated experience.

Applied Risk helps clients to address and maintain defences against the ever-increasing threats targeting Industrial Automation and Control Systems environments. We enable asset owners, operators, government agencies and suppliers to stay up-to-date and identify appropriate mitigating controls for protecting Process Control and Industrial Automation systems against the latest threats.

Select a product or service below:

  • Products

    ICS Cyber Security Awareness Training
  • Services

    Industrial Automation and Control Systems (IACS) Security
  • ICS/SCADA Security Assessment & Penetration Testing
  • Risk and Vulnerability Assessment (RVA)
  • Embedded Security Assessment
  • Medical Devices Security Assessment
  • IoT Security Assurance Services

Industries

  • Power
  • Pharmaceutical
  • Oil & gas
  • Water
  • Manufacturing
  • Chemicals

Heightened levels of interconnectivity, driven by business requirements, are now leaving Industrial environments increasingly exposed to costly and dangerous cyber attacks, including Denial of Control (DoC); Loss of Control (LoC); Loss of View (LoV); and Manipulation of View (MoV).

> Read more

Labs

Applied Risk maintains a significant leadership in the IACS community through its interactions with end users and manufacturers as well as its advanced research initiatives. It is through this work that we can provide unmatched service delivery to its customers and partners.

This section outlines our dedicated research, with a focus on advisories and white papers for ICS/SCADA environments.

  • Advisories

    Our security advisories are the results of research activities conducted by our in-house research team. These focus exclusively on ICS/SCADA devices and technologies.

    Read more

  • Vulnerability Disclosure Policy

    It is the policy of the company to exercise the responsible disclosure of security vulnerabilities in a manner that is of maximum value to all affected parties.

    Read more

About us

  • Safety
  • Integrity
  • Customer focused
  • Innovation

Applied Risk was founded with one core mission: to secure critical assets in the industrial domain against emergent cyber threats. As a major cyber security player within the Industrial Automation and Process Control field, our primary objective is to offer the most advanced Industrial Control Systems (ICS) security technology solutions.

> Read more

Careers

The Industrial Automation and Control Systems (IACS) security field is growing rapidly and Applied Risk continues to grow to meet current and future customers’ needs. As a global IACS leader, we maintain very high levels of cyber security skills, engineering experience, and business confidentiality. If you have a solid background in Control Systems security or industrial automation engineering and are looking for the next level of challenge and commitment, we would like to hear from you.

> Read more

Advisory board

Auke Huistra

Auke Huistra
International Cyber Security Expert

> Read more

Auke Huistra

Christian Martorella
CISSP, CISM, CISA, OPSA and OPST

> Read more

Blog

Don’t throw away the keys to your smart building – make cybersecurity a priority

The true potential of smart buildings is beginning to be realised. Increased connectivity, thanks to the rise of the Internet of Things (IoT), means building owners and managers can now understand how the technologies deployed within a facility are performing, so they can predict if maintenance is required before an alert is even triggered. Furthermore, temperature and lighting adjustments can be made to either save energy or increase employee productivity. Optimised site-cleaning has also become a great time-saver, with sensors enabling facility managers to assign their staff to only clean areas that have been used and therefore require cleaning[1].

And smart buildings are not just a vision for the future. The Edge in Amsterdam is perhaps considered the current peak in smart building design. It has a great focus on sustainability with toilets that flush with rainwater, a robot security guard on premises, and smart ceilings that measure temperature, light, motion and humidity to provide energy cost-savings. This manner of connectivity within office buildings in only set to grow as more connected IoT devices are introduced. The current amount of money spent of networked lighting, physical security, infrastructure and comfort systems is predicted to increase from what is currently a $7.42 billion market, to a $31.74 billion one by 2022[2].

iStock-471727029.jpg

Deploying connected technologies in smart buildings
This technology enables positive growth, although with increased connectivity also comes a greater attack surface that attackers will seek to exploit. The question is, are building managers and owners taking the risks seriously? Possibly not, as evidenced when researchers were able take control of lighting, air conditioning, curtains and other equipment in a Marriot hotel room. This was achieved via vulnerable KNX network components, a network communication protocol for building management automation used in stadiums, hotels, airports and industrial facilities.

Although this is just one example, the concern is a very real one. There are more than 206 million connected devices in use in commercial smart buildings, with 84% of building automation system managers utilising internet connected systems. However, only 29% of those are improving cybersecurity for their connected systems[3]. This is troubling, with hackers regularly scanning targets for easy access points, whether that be through poorly deployed sensors, CCTV cameras or access control systems. Once inside a network, they could attempt to shut down critical functions meaning a loss of productivity, or steal valuable data and demand ransom payments. That is why incorporating cybersecurity into smart buildings is a necessity.

Locking the doors to your smart building network
Deploying a secure by design approach is a must in smart building design. Cybersecurity should be thought about at the beginning of the design, development and deployment process, whether that be for a new build, or the integration of internet-connect systems into a pre-existing infrastructure. The latter point is often when problems arise. Installing new devices into legacy systems can often lead to insecure networks, which hackers can seek to exploit.

When deploying new technologies on a network, staff training is another vital undertaking. As the first line-of-defence for many businesses, identifying malicious emails, or knowing what devices should and shouldn’t be connected to a network without the appropriate risk assessments, is a skill that all employees should possess.

These are basic cybersecurity measures that building owners, suppliers and mangers must think about to ensure the security of smart buildings, but this isn’t just a lesson for the future. Many buildings are already smart and are getting smarter. Now is the time to prioritise the cybersecurity of the technologies deployed within buildings to ensure that a hacker doesn’t find a key to your businesses systems, your network, or your data.

To learn how Applied Risk can help your business undertake an effective risk and cybersecurity assessment, visit: https://applied-risk.com/solutions/services/iot-security-assurance-services



[1]https://www.theagilityeffect.com/en/article/five-b...

[2]https://www.marketsandmarkets.com/PressReleases/sm...

[3]http://www.smartbuildingsmagazine.com/news/is-you-...