Cyber Security Risk Assessment

Assessing cyber risk on industrial systems
We structure complete consulting plans, starting from the cyber risk assessment, the first fundamental step in determining the best strategy to protect industrial control OT devices according to the IEC 62443 standard.

Cyber risk assessment according to the IEC 62443 standard

Protecting critical infrastructure and key resources is essential for security and productivity. That is why our Cyber Security Risk Assessment builds on the pillars of the IEC 62443 standard, from which to adopt the systematic method of managing cyber risk on industrial systems.

Our offer is structured on a complete, modular range of specialized consulting services within the security lifecycle in conformity with the IEC 62443 standard requirements. The ultimate goal is to implement a Cyber Security Management System (CSMS), as defined by the standard, through three main work steps:

  • Assessment
  • Implementation
  • Maintenance

Within this context, the assessment phase is the starting point to establish the actual entity of the threats associated with a system or a plant. The Cyber Security Risk Assessment is formulated on two different levels established by the IEC 62443:

  • High-Level Risk Assessment
  • Low-Level Risk Assessment

The purpose of the high-level assessment is to macroscopically establish the consequences of a cyber attack in order to prioritize actions and break down future assessments based on the critical issues of the machinery or production process.

The subsequent low-level assessment aims to elaborate which threats afflict the system. In this phase, we conduct the assessment considering a set of factors, including already known weaknesses, their complexity, which countermeasures and procedures were adopted in the past, and whether there are operating practices already in place to properly manage the human factor, often the main means of cyber attacks, so as to use this information to properly draw up cyber security specifications to protect the most critical company assets.

We structure the Cyber Security Risk Assessment report for both levels via tailored assessments for each system or machinery being assessed in order to accurately document the actual threats and define the priorities. The report completely supports the customer in implementing and maintaining the necessary countermeasures, resulting in advantages even in terms of costs.

FAQ

The most common and most perceivable consequences for a company struck by a cyber attack are related, for instance, to business continuity due to interrupted production after stopping the attacked systems. Threats can also entail altering or inhibiting safety functions on machinery and systems; for example, when automation is implemented by safety PLCs connected online. There is also the environmental risk, where dangerous emissions from systems under attack can cause, similarly to business continuity or safety of machinery issues, serious damage financially and to the company’s reputation.

The legislative references in the IEC 62443 standard directed at OT device users are found in IEC 62443-2-1 and IEC 62443-2-4 regarding maintenance requirements of systems in conformity with the standard by introducing cyber security policies and procedures.

The cost for a Cyber Security Risk Assessment project varies based on the complexity of the network infrastructure, the company processes, and the OT devices in use, on which the risk assessment is performed according to the IEC 62443 standards. We invite you to contact us for a customized estimate.

Recommended Posts

IEC 62443 industrial cyber security
Cyber Security Risk Assessment High Level
low level risk assessment iec 62443

Follow us on

Why Choose us

  • Experience in the OT Cyber Security field since 2014
  • In-house OT Cyber Security laboratory
  • In-house IEC 62443/ISA 99-certified personnel (Fundamentals Specialist and Cyber Security Risk Assessment Specialist)
  • Pool of automation and OT network specialists
  • Wide network of collaborations with the main international OT solution suppliers

For more information about this service or to request a quote