SubSafe Security is a control system focused cybersecurity business that offers a range of services to protect your physical assets from cyber threats.
For more information...
Consider this article on cognitive bias and risk analysis challenges:
Operational technology (OT) encompasses the systems that monitor and control physical devices and processes in industries such as manufacturing, utilities, and transportation. It is crucial for ensuring that these systems, which are fundamental to daily operations and safety, remain safe from cyber threats that could disrupt operations and cause physical harm.
For more information...
Consider this article about what is operational technology:
Consider this article about the hidden risk in control systems:
Consider this article device refresh rate challenges in operational technology:
https://subsafesecurity.com/cybersecurity-news/f/replacing-outdated-it-systems-but-what-about-ot
Our cybersecurity assessments for operational technology differ from IT cybersecurity assessments primarily in their focus and expertise. While IT assessments concentrate on data protection, integrity, and confidentiality within corporate networks, OT assessments prioritize the availability, safety, and integrity of systems and processes that have direct effects on physical operations. This requires a specialized understanding of industrial control systems, their deterministic nature, and the unique challenges of devices that might be 30 years old versus modern computers in IT that get patched and upgraded often.
For more information...
Consider this article on key differences:
https://subsafesecurity.com/cybersecurity-news/f/key-it-and-ot-differences
Consider this article about a cybersecurity assessment at a very large refinery:
https://subsafesecurity.com/cybersecurity-news/f/large-facility-case-study
SubSafe Security offers two main areas of service.
Our vulnerability assessments are done using passive (non-intrusive) network assessment methods to gather information about a network. This means that it does not require any interaction with the hosts on the network, and it will not generate any alerts or notifications. In terms of impact on control system networks, passive network assessment is generally considered to be safe.
For more information...
Consider this article about operational technology vulnerability assessments:
https://subsafesecurity.com/cybersecurity-news/f/control-system-vulnerability-assessments
Our final report normally contains the following:
Safety functions are designed to put a system or process in a safe state if something goes wrong. There are safety functions associated with mechanical safety regions like the area around moving equipment like a robot and safety functions associated with process control. In the process area, specialized teams perform a Process Hazards Analysis (PHA) to identify the safety functions necessary to protect a process. Assessments for safety functions are essential because cyber threats can manipulate or disrupt these safety mechanisms, leading to potential safety hazards, environmental damage, or even catastrophic failures. We use several methods to assess safety functions for cybersecurity vulnerabilities including the Security PHA Review method which reviews PHA reports for attack vectors and makes recommendations.
For more information...
Consider this article about a Security PHA Review:
https://subsafesecurity.com/cybersecurity-news/f/security-pha-review
SubSafe Security uses defense-in-depth strategies discussed in the IEC 62443 standard to protect your physical assets from cyber threats. Defense-in-depth encompass strategies like segmentation, access control, whitelisting, patch management, physical security, system hardening, monitoring and detection, incident response, and recovery.
Our team of experts works closely with you to assess your security needs and develop a customized plan that fits your unique requirements that your team can manage.
The areas below represent that specific industries where we are well qualified control system and cybersecurity experience.
They are very similar to information technology attacks, but the results are different. In an IT attack, the threat actor is typically looking for information. In an OT attack the threat actor is typically trying to gain or disrupt control of physical systems. Here is a list of the most common attacks.
If we missed a question you would like to ask, just ask. Click on the Contact Us button below and your email will open. We will not spam you, sell, or share your email address.
Copyright © 2024 SubSafe Security - All Rights Reserved