The IEC 62443 standard states that the method for cyber risk analysis consists of two phases: a first high-level analysis, and a subsequent detailed analysis of the most critical assets.
Request the Cyber Security Risk Assessment with the IEC 62443 method
The protection of critical infrastructures and key resources is essential for security and productivity, which is why our Cyber Security Risk Assessment service is based on the pillars of the IEC 62443 standard, which sets down a systematic method for managing cyber risks at industrial plants.
The Cyber Security Risk Assessment service provides a two-step path of modular analysis:
- High Level Risk Assessment. Development of high-level risk assessment according to the process described in IEC 62443-3-2, including business logic.
- Low Level Risk Assessment. Detailed development of the risk assessment according to the process described in IEC 62443-3-2, following the high-level risk assessment, i.e. carried out on basis of the high-level only on the most critical assets.
The purpose of high-level analysis is to macroscopically establish the risks and consequences of a cyber attack to set priorities for intervention and break down future analyses according to the criticalities of the device or production process.
The following detailed analysis covers the threats to which the systems in use are exposed. Several factors are considered during this second phase, such as the vulnerabilities already known, their complexity, what countermeasures and procedures have been adopted previously and whether there are operational practices already in place for the correct management of the human factor, often the main vehicle of cyber attacks.
This information is then used for the correct drafting of the Cyber Security Specifications for the protection of the most critical corporate assets.
We prepare the Cyber Security Risk Assessment report for both levels with specific analyses for each type of plant or machine, to document the real threats and the most appropriate countermeasures.
The Cyber Security Risk Assessment supports the Cyber Security managers of large manufacturing companies in the implementation and maintenance of countermeasures, with a consequent advantage also in terms of expenditure.
The most common and most perceivable consequences for a company struck by a cyber attack are related, for instance, to business continuity due to interrupted production after stopping the attacked systems. Threats can also entail altering or inhibiting safety functions on machinery and systems; for example, when automation is implemented by safety PLCs connected online. There is also the environmental risk, where dangerous emissions from systems under attack can cause, similarly to business continuity or safety of machinery issues, serious damage financially and to the company’s reputation.
The legislative references in the IEC 62443 standard directed at OT device users are found in IEC 62443-2-1 and IEC 62443-2-4 regarding maintenance requirements of systems in conformity with the standard by introducing cyber security policies and procedures.
The cost for a Cyber Security Risk Assessment project varies based on the complexity of the network infrastructure, the company processes, and the OT devices in use, on which the risk assessment is performed according to the IEC 62443 standards. We invite you to contact us for a customized estimate.
Why Choose us
- We have gained experience in the OT Cyber Security field since 2014
- We test every solutions thanks to our in-house OT Cyber Security laboratory
- Our specialists are IEC 62443/ISA 99-certified personnel (Fundamentals Specialist and Cyber Security Risk Assessment Specialist)
- Automation and OT Network Security are some of our most performing competences
- We have bulit a wide network of partnerships with the main international OT solution suppliers
- Our BYHON internal division is the ISASecure® accredited certification body
What some of our customers say about us
"The collaboration was a very successful experience for both companies."
"We highly recommend H-ON Consulting service for their expert industrial knowledge concerning machines, process, digital data."
"The biggest benefit our company received working with H-ON Consulting was a combination of on-going flexibility and most of all speed of delivery."
Sirio Sistemi Elettronici
"Their flexible and innovative approach to Cyber Security Risk Assessment had been the key for the success of our conformity project according to IEC 62443 standards."
"We recommend H-ON Consulting because they are a firm that shares inspiring values, such as continuous professional growth and innovation seeking."