Cyber Security

About Cyber Security Services and Assessments

Cyber Security risks have taken center stage with the advent of Industry 4.0. Assessing Cyber Security risks are critical in understanding and addressing impacts to the organizational mission. Cyber Security Services from Sam Analytic Solutions provide ICS with processes and tools to assess cybersecurity risks and provide meaningful insights in a timely and cost-effective manner. Our Cyber Security Services cater to ICS of all sizes. It is important to note that, cyber-attacks are not based on the size of ICS, they are based on the perceived value of cyber assets within an ICS!

“Assessing risk requires that organizations identify their threats and vulnerabilities, the harm that such threats and vulnerabilities may cause the organization and the likelihood that adverse events arising from those threats and vulnerabilities may actually occur.” – NIST SP.800-82r2

Service durations range from, a few weeks for a basic Cyber Security assessment to several months for implementing an Information Security Program for an ICS.  All Cyber Security services are tailored to address the unique needs of the organization and are accompanied by custom documentation and tools. Cyber Security assessments can last several months based on security problem definitions, security objectives and requirements, nature of Target of Evaluation (TOE) and attributes of assessment depth and coverage.

Cyber Security Risk Profiling

Sam Analytic Solutions unique Cyber Security Risk Profiling services save ICS organizations time, money, and effort in assessing various aspects of their OT environment. The methodology involves minimal questionnaires and interviews, focusing on the creation of custom tools and scripts to collect, analyze, and report Cyber Security information. A proprietary microservices based Security Information Management Infrastructure (SIMI) broadly based on SCAP (Security Content Automation Protocol) enables automation and integration with organizational and third-party systems.

Cyber Security Risk Profiling includes:
  • Standards based cyber risk assessment (NIST and IEC 62443).
  • Baseline determination and periodic cyber security gap analysis for critical information and systems.
  • Threat modeling, vulnerability assessments and penetration testing of networks and end points in a SCADA environment.
  • Determine risk profile by review and assessment of security controls, organizational security policies for OT, cyber assets, applications, data repositories, systems, and tools.
  • Create Cyber Risk tables, Cyber Security Dashboards and custom assessment reports with findings and recommendations.
Each of the above services may be requested separately.

Cybersecurity Integration Services for Industrial Automation

As engineering teams develop PLC software and implement OT solutions, cybersecurity is often neglected. If vulnerabilities (weaknesses) are discovered when solutions go-live, organizations lose time, money, and people due to rework and post implementation issues. One way to avoid these project risks is to utilize Cybersecurity Integration Services from Sam Analytic.

Cybersecurity Integration Services from Sam Analytic are built on a “collaborative continuous security” model. This ensures that design and development teams are provided vulnerability and other security related information during design and development. Early identification of cybersecurity risks results in effective mitigation. By embracing a “continuous security” model, organizations save time, effort, money, and reputation. The collaborative nature of the model provides ample cybersecurity support to the design and development teams.

Cybersecurity Integrators from Sam Analytic Solutions understand OT and IT, helping you bridge gaps quickly and effortlessly. Further, a dedicated “customer service portal” puts additional resources and security information at your fingertips.

Industries served include Pharmaceuticals, Chemicals, Food & Beverage, Oil & Gas, Petro-chemicals, Metals & Mining, Pulp & Paper and Utilities including Water & Wastewater and Power Generation. For those with a particular interest in Power Generation, click on the two links immediately below for more details.

E-house Cybersecurity Assessments

Electrical substations or (E-Houses) are integral parts of every electrical power generation, transmission, and distribution system. Within every modern E-house is a SCADA (Supervisory Control and Data Acquisition). SCADA systems help remote supervision and control of the E-house. E-houses operate unattended. Components of SCADA include, hardware, software and networking usually referred to as Cyber Assets.

E-Houses are potential targets for cyber-attacks. Implementing appropriate Security Controls can reduce the risk of cyber threats and attacks on E-houses. E-house Cybersecurity Assessments from Sam Analytic provide stakeholders detailed information on vulnerabilities, risks, and mitigation strategies for all Cyber assets within an E-house.

E-house Cybersecurity Assessments are important parts in the Sam Analytic Compliance Management System. Compliance Management Services for E-houses include NERC-CIP and NIST standards. In addition to customized Compliance Management Services, Sam Analytic offers a dedicated “Compliance Management Portal” to help stakeholders track compliance status of Cyber Assets within E-houses.

Cybersecurity Assessments for TPSS (Traction Power Substations)

As the name implies Traction Power Substations supply traction power to railways, trams (streetcars), trolleys and public transit systems. A TPSS in operation involves the integration of AC/DC power, electrical protection and relaying, and SCADA (Supervisory Control and Data Acquisition). Switchgears, protection relays, PLCs, and HMIs within a TPSS need to be networked using a variety of communication interfaces and protocols. The resulting OT (Operations Technology) network, often called the vital network is potential target for cyber-attacks!

A Cybersecurity Assessment of a TPSS provides stakeholders assurance regarding the Security Controls (safeguards) applied within the TPSS. Cybersecurity Assessments involve examinations, interviews, and tests. The scope, effort, and duration of Cybersecurity Assessments vary based on the attributes of depth and coverage.

Sam Analytic provides a range of service options to choose from, Cybersecurity Assessments for TPSS are tailored to the desired depth and coverage requested. Customized data collection and reporting, an iterative methodology and alignment with standards such as NIST and IEC 62443 make our Cybersecurity assessments cost effective and insightful.