Applied Risk: An established leader in Industrial Control Systems security

Applied Risk is focussed on critical infrastructure security and combating security breaches that pose a significant threat. Operating on a global scale, we work with a wealth of large organisations that rely on our expertise to safeguard their critical assets. Our proven experience of identifying vulnerabilities and security risks is based on methodologies honed over years of conducting assessments in industrial environments.

Our engineering experience and cyber security knowledge proves invaluable in securing the critical infrastructures and industrial assets of companies across the globe. We understand the need to maintain secure and reliable control environments, working across a range of industries we deliver solutions tailored to asset owners’ and manufacturers’ security requirements.

Industrial Control Systems (ICS) security is an engineering-based problem that requires an engineering-focused solution. Our offerings includes a wealth of engineering and technical assurance services, combined with comprehensive security assessments that cover the full spectrum of our client’s critical asset requirements while meeting industry standards.

Solutions

Guarding mission-critical industrial systems from the threat of cyber attacks requires a specific and focused security skill set that only comes with deep industry knowledge and associated experience.

Applied Risk helps clients to address and maintain defences against the ever-increasing threats targeting Industrial Automation and Control Systems environments. We enable asset owners, operators, government agencies and suppliers to stay up-to-date and identify appropriate mitigating controls for protecting Process Control and Industrial Automation systems against the latest threats.

Select a product or service below:

  • Products

    ICS Cyber Security Awareness Training
  • Services

    Industrial Automation and Control Systems (IACS) Security
  • ICS/SCADA Security Assessment & Penetration Testing
  • Risk and Vulnerability Assessment (RVA)
  • Embedded Security Assessment
  • Medical Devices Security Assessment
  • IoT Security Assurance Services

Industries

  • Power
  • Pharmaceutical
  • Oil & gas
  • Water
  • Manufacturing
  • Chemicals

Heightened levels of interconnectivity, driven by business requirements, are now leaving Industrial environments increasingly exposed to costly and dangerous cyber attacks, including Denial of Control (DoC); Loss of Control (LoC); Loss of View (LoV); and Manipulation of View (MoV).

> Read more

Labs

Applied Risk maintains a significant leadership in the IACS community through its interactions with end users and manufacturers as well as its advanced research initiatives. It is through this work that we can provide unmatched service delivery to its customers and partners.

This section outlines our dedicated research, with a focus on advisories and white papers for ICS/SCADA environments.

  • Advisories

    Our security advisories are the results of research activities conducted by our in-house research team. These focus exclusively on ICS/SCADA devices and technologies.

    Read more

  • Vulnerability Disclosure Policy

    It is the policy of the company to exercise the responsible disclosure of security vulnerabilities in a manner that is of maximum value to all affected parties.

    Read more

About us

  • Safety
  • Integrity
  • Customer focused
  • Innovation

Applied Risk was founded with one core mission: to secure critical assets in the industrial domain against emergent cyber threats. As a major cyber security player within the Industrial Automation and Process Control field, our primary objective is to offer the most advanced Industrial Control Systems (ICS) security technology solutions.

> Read more

Careers

The Industrial Automation and Control Systems (IACS) security field is growing rapidly and Applied Risk continues to grow to meet current and future customers’ needs. As a global IACS leader, we maintain very high levels of cyber security skills, engineering experience, and business confidentiality. If you have a solid background in Control Systems security or industrial automation engineering and are looking for the next level of challenge and commitment, we would like to hear from you.

> Read more

Advisory board

Auke Huistra

Auke Huistra
International Cyber Security Expert

> Read more

Auke Huistra

Christian Martorella
CISSP, CISM, CISA, OPSA and OPST

> Read more

Blog

Keeping industrial facilities safe – the importance of network segregation

Industrial environments can pose many risks. The majority of facilities require the use of specialist equipment on a daily basis and in some sectors, such as Nuclear, that equipment often controls hazardous products. The loss of function or manipulation of such technologies could therefore be devastating, leading to equipment damage, or even human fatalities. This loss of function could be administered by cyber criminals, and while their motivations for targeting such environments vary, it is important for those organisations in charge of critical infrastructures to understand that they are now under constant threat, and that they should be putting security measures in place to protect themselves against such attacks.

The importance of Safety Instrumented Systems (SIS)

Safety Instrumented Systems (SIS) are considered as the last layer of defence in an industrial facility, assuring an industrial process can be maintained within safe operating limits with fail-safe protection. To ensure this fail-safe protection is effective, SISs were originally designed utilising hardwired analogue systems and manual processes. However, with the continued advancement of networking and sensor technologies, alongside the convergence of control system platforms, many SISs are no longer isolated, instead using standard networking technologies.

The problem this often creates is that a lack of segregation can effectively introduce a “back-door” into the safety network, meaning sophisticated attacks are able to compromise automatic safety systems. The most recent example of this is the new Industrial Control Systems (ICS) attack framework TRITON, built to interact with Triconex SIS controllers[1].

Afbeelding1.png

Figure - Integrated Control and SIS Architecture

A new threat to Safety Instrumented Systems (SIS)

The TRITON attack, first identified in late 2017, targeted critical infrastructure, compromising ICS and deploying malware designed to manipulate SISs and shut down industrial processes. While it is not clear who carried out the attack, researchers suggest that it was “consistent with numerous attack and reconnaissance activities carried out globally by Russian, Iranian, North Korean, U.S., and Israeli nation state actors[2].” The concern is that TRITON could prevent safety mechanisms from performing their intended function which, if carried out again, could result in devastating physical consequences.

The attack was made possible as the threat-actors could target SISs connected to the network. In order to mitigate such future threats it is recommended that, where possible, safety system networks are segregated from Basic Process Control Systems (BPCS) and information system networks. We would also suggest those organisations in charge of critical national infrastructures implement a comprehensive cyber security program. This should be designed to identify what assets need to be protected, the threats to those assets, what could happen if those assets were breached, and how to ensure recovery should an incident occur.

Applied Risk recommends the following steps to ensure that safety systems are protected appropriately

  • 1.Identify the SIS which your organisation operates, and document whether or not the SIS is isolated from the rest of the control system.
  • 2.Validate whether the SIS provides a mechanism which prevents re-programming or network access to the device during operation. If this feature is available, then visually verify the position of the key switch of the devices to ensure they are switched to 'run-mode' or equivalent.
  • 3.Verify that the network is segregated properly (both vertically and horizontally) and that no trusts exist with other Active Directories or shared IP Telephony network (which is likely to be a target of compromise).
  • 4.Ensure that any components which connect to the ICS from the corporate network are strongly authenticated and consider using 'browse-down' techniques to prevent exploitation of critical systems. Review authentication, authorisation and access control mechanisms for OT devices.
  • 5.Restrict access for end user devices and critical systems in the ICS environments. SIS administration systems such as engineering workstation should not have internet access (e.g. email/browsing)..
  • 6.Only modern and patched components should be deployed on the boundaries of OT networks, and software deployed to SIS environments should be validated with the vendor using a suitable security mechanisms.
  • 7.Consider monitoring ICS network traffic for unexpected communication flows and other anomalous activity.

A cybersecurity Risk and Vulnerability Assessment will help identify risks in your Safety Instrumented Systems implementation. Discover Applied Risk’s RVA solution here.



[1]https://www.fireeye.com/blog/threat-research/2017/...

[2]http://www.eweek.com/security/hacker-uses-triton-m...