Cyber Physical Systems Security

Security Risk Assessment

A Security Risk Assessment identifies the capability and maturity of security controls at site and global levels. Our assessment methodology focuses on the people, process, and technology with recommendations for immediate security risk reduction efforts as well as long-term financial and resource planning for controls maturity.

Key Focus Areas

• Site and global capability maturity level characterization of critical Cyber Physical Systems security controls that can prioritize strategies to reduce production downtime risk from cyberattacks
• Decompose cyber-physical systems to application and component levels to identify logical and physical threats and in-place controls
• Classify asset and environmental risks to identify critical systems impact on safety, operations, and intellectual property
• Observations and remediation recommendations along with a prioritized roadmap

Site Assessments

Our OT site penetration testing is carefully planned and executed to safely uncover cyber physical system security threats and vulnerabilities. Our testing is executed by trained and experienced professionals using proven methodologies for OT, IoT and robotics-based environments.

Key Focus Areas

• IT/OT convergence points​
• Asset Inventory, including key attributes such as connectivity, location, and value​
• Secure remote access​
• Insecure configurations, such as default credentials and insecure protocols​
• Identity and Access Management, such as excessive permissions​
• Physical access to OT devices​
• OT Wireless, including Wi-Fi and proprietary protocols​
• OT-specific security tooling

Purple Teams

Our industry leading approach refined in Fortune 50 engagements tests expected controls, identifies ways to improve reliable OT security detection, and maximizes knowledge transfer from our team to yours. Our test plans map to MITRE ATT&CK for ICS and use VECTR™, our free industry-recognized tool for tracking and reporting Threat Resilience Metrics site-by-site and improvements over time.

Key Focus Areas

• IT/OT convergence points​
• OT, IoT and IT offensive and defensive security working together
• Simulated cyber threats to discover attack paths and recommended security controls to identify, detect, and respond
• Threat Index built on the top threat actors identified by industry leading organizations in your vertical

Deployment & Enablement

Security Risk Advisors’ (“SRA”) OT and IoT security control and tool deployments focus on security control enablement in cyber physical system environments. We specialize in tool deployment and optimization, relationship building with sites and operational process improvement while also taking care for supplemental system qualification and validation processes.

Key Focus Areas

• Advise, design, build and implement pragmatic cyber-physical systems security solutions
• Engage and work with key stakeholders across the organizations, often bridging global cybersecurity and site teams
• Conduct impact testing on security solutions to ensure people, process, and digital dependencies are not impacted
• Realize return on investment (“ROI”) through capability enablement and deployment metrics
• Integrate with existing organizational processes, such as qualification to enable smooth deployments

SCALR™ XDR Monitoring and Response

Security Risk Advisors’ (“SRA”) SCALR™ XDR monitoring platform extends to security detection and response in OT and IoT environments. Our people and technology driven XDR is a cost-efficient, turn-key security analytics ecosystem which can ingest Armis, Claroty and other “OT/IoT Security Visibility” platform event data.

Key Focus Areas

• Monitoring & Notification – We perform 24x7x365 real-time monitoring of your OT and IoT environments. Our team of Defenders will correlate and investigate security events in our transparent workspace (you can see what we are doing).
• Threat Hunts – Based on threat intelligence feeds including SRA TIGR threat feed and other threat feeds you subscribe to; SRA will conduct and document threat hunts. Hunts are designed to identify anomalies and suspicious events which may have eluded detection rules.
• Purple Teams – SRA will simulate adversaries with a set of benchmarked test cases and use the outputs to prioritize use case development/improvement and to present effectiveness metrics. We will make recommendations for improved alerting and validate and benchmark your alignment to the MITRE ATT&CK framework or ATT&CK for ICS if appropriate.
• Operated and Managed 24x7x365 – SRA solves your staffing problem with our talent process. Hiring, training and retaining CyberSOC consultants is our core competency.

Tabletop Exercises

Security Risk Advisors’ (“SRA”) facilitate OT and IoT security tabletop exercises (TTX) to reflect real-world attacks which could disrupt critical processes that drive business objectives. We review your incident response plan (IRP) and procedures to identify potential gaps in roles, processes, decision trees and communications protocol and recommend enhancements.

Key Focus Areas

• Industry-specific scenarios constructed around your organizations critical assets, processes, and documentation
• Cyber physical system security incident lifecycle review from alert to remediation
• Cyber physical system security incident response observations, recommendations and enhancement opportunities

Software Bill of Materials Enablement

Software Bills of Materials (“SBOMs”) provide opportunities to enhance several core Cyber Physical Systems (“CPS”) security practices. SRA takes a wholistic, hands-on approach to enable SBOM value potential to component suppliers, original equipment manufacturers (“OEMs”), and end users. Using manual techniques and openly available tools, we build standards-based, enriched SBOMs and help you to operationalize them within your organization or deliver them to your customers. We see this as a valuable capability which we apply in our CPS security assessments, vulnerability management, supply chain risk management, device testing and more.SRA can empower you and your team to perform these techniques and develop this rudimentary capability.

OT Vulnerability Management Program

Security Risk Advisors’ (“SRA”) OT Vulnerability Management programs are designed to work within the unique constraints of OT systems and environments. We work with your Vulnerability Management team and OT stakeholders to create a risk-based approach to OT Vulnerability Management. Using custom decision trees, we help you focus on remediation of vulnerabilities that meaningfully reduce risk to your organization and deprioritize those that do not.

Key Focus Areas

• Documented workflows and agreed upon roles and responsibilities for each step in the OT Vulnerability Management lifecycle
• Vulnerability identification capabilities (passive tooling, software bill of materials [“SBOMs”], machine readable vendor advisories)
• Standardization of crucial OT asset characteristics to be captured by the organization
• Meaningful risk reduction through OT vulnerability remediation prioritization process

Supply Chain Risk Management Program

Security Risk Advisors’ (“SRA”) Cyber Physical Systems (“CPS”) Supply Chain Risk Management programs provide a continuous process to evaluate your supply chains and better understand your risk exposure. We consider your existing supply chain processes and procedures, understanding your roles as a customer, supplier, or both.

Key Focus Areas

• Evaluation of risks within the CPS Supply chain and integration with existing risk management process.
• Roles and responsibilities for each step in the Supply Chain Management process
• Supplier vulnerability disclosure/information sharing process

Hardware Device Assessment Program

Security Risk Advisors (“SRA”) recognize that modern cyber physical systems are often implemented as systems and even systems-of-systems, complete with integration interfaces and cloud-based infrastructure. Because of this, our hardware assessment methodology differs from more traditional hardware testing in that we consider not just the device itself, but the entire ecosystem including the product lifecycle starting from development.

Key Focus Areas

• Review device hardware implementation including data storage elements, device boot process, and hardware security features such as Trusted Platform Modules/Hardware Security Modules and physical security
• Identify third-party software components (e.g Software Bill of Materials) for potential vulnerabilities
• Evaluate physical and logical communication interfaces for potentially
• Examine system update process (software, firmware, and patching)
• Assess operating system and user interface hardening
• Review handing of sensitive data, such as device identity, Personally Identifiable Information, and cryptographic keys