We structure complete consulting plans, starting from the cyber risk assessment, the first fundamental step in determining the best strategy to protect industrial control OT devices according to the IEC 62443 standard.
Cyber risk assessment according to the IEC 62443 standard
Protecting critical infrastructure and key resources is essential for security and productivity. That is why our Cyber Security Risk Assessment builds on the pillars of the IEC 62443 standard, from which to adopt the systematic method of managing cyber risk on industrial systems.
Our offer is structured on a complete, modular range of specialized consulting services within the security lifecycle in conformity with the IEC 62443 standard requirements. The ultimate goal is to implement a Cyber Security Management System (CSMS), as defined by the standard, through three main work steps:
Within this context, the assessment phase is the starting point to establish the actual entity of the threats associated with a system or a plant. The Cyber Security Risk Assessment is formulated on two different levels established by the IEC 62443:
- High-Level Risk Assessment
- Low-Level Risk Assessment
The purpose of the high-level assessment is to macroscopically establish the consequences of a cyber attack in order to prioritize actions and break down future assessments based on the critical issues of the machinery or production process.
The subsequent low-level assessment aims to elaborate which threats afflict the system. In this phase, we conduct the assessment considering a set of factors, including already known weaknesses, their complexity, which countermeasures and procedures were adopted in the past, and whether there are operating practices already in place to properly manage the human factor, often the main means of cyber attacks, so as to use this information to properly draw up cyber security specifications to protect the most critical company assets.
We structure the Cyber Security Risk Assessment report for both levels via tailored assessments for each system or machinery being assessed in order to accurately document the actual threats and define the priorities. The report completely supports the customer in implementing and maintaining the necessary countermeasures, resulting in advantages even in terms of costs.
The most common and most perceivable consequences for a company struck by a cyber attack are related, for instance, to business continuity due to interrupted production after stopping the attacked systems. Threats can also entail altering or inhibiting safety functions on machinery and systems; for example, when automation is implemented by safety PLCs connected online. There is also the environmental risk, where dangerous emissions from systems under attack can cause, similarly to business continuity or safety of machinery issues, serious damage financially and to the company’s reputation.
The legislative references in the IEC 62443 standard directed at OT device users are found in IEC 62443-2-1 and IEC 62443-2-4 regarding maintenance requirements of systems in conformity with the standard by introducing cyber security policies and procedures.
The cost for a Cyber Security Risk Assessment project varies based on the complexity of the network infrastructure, the company processes, and the OT devices in use, on which the risk assessment is performed according to the IEC 62443 standards. We invite you to contact us for a customized estimate.
Why Choose us
- Experience in the OT Cyber Security field since 2014
- In-house OT Cyber Security laboratory
- In-house IEC 62443/ISA 99-certified personnel (Fundamentals Specialist and Cyber Security Risk Assessment Specialist)
- Pool of automation and OT network specialists
- Wide network of collaborations with the main international OT solution suppliers
What some of our customers say about us
"The collaboration was a very successful experience for both companies."
"We highly recommend H-ON Consulting service for their expert industrial knowledge concerning machines, process, digital data."
"The biggest benefit our company received working with H-ON Consulting was a combination of on-going flexibility and most of all speed of delivery."
Sirio Sistemi Elettronici