We provide cyber security guidance and solutions to customers in the areas of industrial operations, industrial automation, machine building, manufacturing, energy generation and distribution as well as automotive and other embedded systems. As consultants we guide you through the entire security life cycle process starting from the initial risk assessment and the subsequent definition of a cyber security roadmap with derived actions. We can help you to implement these actions and sustain the improvements. We audit and certify the security for automation systems and components according to the latest standards most notably IEC 62443. As it is not merely enough to look at product security, we also help to implement security by design procedures in your R&D organization. Our embedded cyber security technologies like intrusion detection, communication security and secure embedded system architectures may assist you to a headstart and competitive advantage when you take on security leadership in your business segment.Get in Touch
The Cyber Security Plan-Do-Check-Act Cycle.
Plan: Risk Analysis
Assess risks using a Cyber-FMEA process.
Threats are rated by their likelihood and detectability. The impact of a realized threat is assessed as damage severity. A ranked risk report is generated.
The risk report is the basis for deriving measures to mitigate the risks. The ranking gives guidance to prioritize measures. Low hanging fruits are identified. Managers and specialists acquire a better understanding and confidence for handling cyber security.
Next Step: Do →
Do: Risk Mitigation
Establish a consistent security level.
Security is merely as good as the weakest link. Only a holistic approach will therfore succeed. Based on the prior risk analysis a security roadmap is planned and implemented. Actions typically comprise staff and management training, processes, guidelines and procedures as well as technical measures.
For industrial and embedded security the IEC 62443 has become the accepted global standard. Together with ISASecure, BSI Grundschutz, OWASP and other current and evolving security frameworks it provides reference and guidance for chosing relevant and efficient actions for better security.
Next Step: Check ↓
Act: Continuous Improvement
Enforce, maintain and monitor.
Changes and improvements in processes have to gain traction and consolidate. Product design changes need to prevail as security by design principles. New threats evolve and require responsive action.
Cyber security becomes a continuous undertaking. The cyber security Plan-Do-Check-Act cycle is used determine and carry out incremental changes on a regular basis.
Next Step: ↑ Plan
Check: Quality Assurance
Review and assess that measures are effictive.
QA is a key element of any cyber security program. Perform a cyber security audit to assure your actions have the desired effect. An audit according to IEC 62443 provides objective and measurable feedback and is required to assure that the desired security levels have been achieved.
An audit certificate demonstrates to customers and partners as well as your own management and staff that cyber security is taken seriously. It becomes a competitive advantage now but may very well be a basic requirement not long into the future.