Cybersecurity Lifecycle services framework

Safety & Security

The multiple disciplines of industrial risks are linked, in protecting the same assets and sharing similar objectives.

With the advancement of technology and cyber threats, plants, people, and the environment are not sufficiently protected if plant’s systems are not resilient to remaining undiscovered vulnerabilities and persistent threats.

Improve one risk discipline in detriment to the other has no benefit to the plant. Industrial Cybersecurity must be consistently implemented to avoid disruptions or running into additional risks.

The Risk Management System (RMS)

All-In-One and Only-One solution for Industrial Cybersecurity and Safety. Efficiently, effectively and safely comply with all the requirements of the ISA/IEC-62443 series of international standards. In accordance with all necessary regulations, each industrial process must be monitored throughout its life cycle. This applies to every facility involved. Oversee the protection and durability of those outdated industrial control systems that urgently require security measures. Similarly, supervise the latest control systems during the engineering stages. This process should span from procurement to construction prior to their installation at the plant.

Manage risk accurately by complying with ISA/IEC-62443 without deviations, saving a substantial amount of work and time combined with accuracy and consistency with all other industrial risk disciplines.

Knowledge & Experience

Our team accumulates decades of experience working with industrial control systems in almost every single industry. We have accredited knowledge and experience mitigating industrial risk for safety, security, and cybersecurity.

We have efficiently bundled several activities from the WBS framework. These are organized into consulting service packages. This arrangement ensures maximum benefit and optimal results. Furthermore, we call this “The Industrial Cybersecurity Lifecycle Services”.

The result of these are the RMS solution, the WBS services, and the training.

Cybersecurity Lifecycle Services (WBS)

Start by adhering to the ISA/IEC-62443 series of standards in all your facilities. This compliance should be effortless and simultaneous, avoiding any replication of efforts. Furthermore, it’s essential to prevent potential disagreements. This process should align seamlessly with other industrial risk disciplines.

Quickly enhance the sophistication of your cybersecurity management system. This can be achieved through simple methods to mitigate all unacceptable risks. Optimal utilization of time and plant resources is key. Concurrently, this approach aids in reducing the overall cost of ownership (TCO) for control systems.

Governance Activities (GOVERN)

Firstly, develop and implement significant policies. These should be easy to follow and comply with, thus avoiding any hassle.

Secondly, enforce these sound processes and procedures naturally. Importantly, they should align with international standards.

As a result, they will automatically generate the necessary evidence for certification.

Notably, this will occur without requiring extra effort, minimizing overhead costs.

Implementation of Policies & Procedures

Includes the development, implementation, and natural enforcement of policies and procedures. The RMS/ZCM Risk Management System offers premium policy and procedure templates. These are fully aligned with international standards and widely-accepted regulations that can easily be adapted to each organization culture and language.

With the application of the WBS Framework and RMS/ZCM (Risk Management System), managing policies and procedures is simplified. Essentially, this is because the RMS/ZCM produces all required “certify-ready” evidence and records. This is done in accordance with the company’s rules and regulations.

Utilizing the WBS methodology with the RMS/ZCM, the end user can significantly decrease their overhead costs towards a profound digital transformation. It provides an impressive reduction of overhead costs by 70%.

Documents and Reports Management

Generate auditable reports for each of all activities, developed according to the proven WBS methodology. Generate all reports for each of the multiple IACS/SUCs in a normalized manner. This will easier the revision by any Certification Authority while keeping key critical sensitive data inside the plant.

Obtain the electronic signature or digital signature for those reports that are the result of multidisciplinary activities. Or collect feedback from them for corrections and revisions. Keep the entire process of generating auditable documents traceable, avoiding the incorrect manipulation of important and relevant decisions.

Avoid dumping sensitive, critical information into reports, and avoid reverse engineering. Many reputable consulting firms produce step-by-step instructions on how the control system can be compromised to destroy the plant. Don’t fall victim to this extortion, which many companies use to get money out of you. This type of “Little Illustrated Hacker type of reports” should never be produced, creating an additional risk for the organization. All our RMS/ZCM system reports had been carefully designed to protect the plant, period.

Your Own Risk Matrix - Your Own Decisions

Why make industrial risk mitigation decisions with another organization’s risk matrix instead of using one’s own risk matrix? There are different types of industrial risk matrices. They can be logical, numerical, square, rectangular, symmetrical, asymmetrical, ascending, descending, linear, exponential, two-dimensional, three-dimensional, etc. Industrial risk matrices can vary greatly from organization to organization.

The risk matrix contains the most important things to make risk mitigation decisions correctly. The risk matrix contains the rules for making decisions that are important to the plant. Incorporate your own risk matrix into the RMS/ZCM system. Assess industrial risks with your own rules and make decisions with the right risk assessment methodology. Comply with the RAGAGEP requirements of the ISA/IEC-62443-3-2 standard.

Why letting a Yuppie sitting on a comfortable business penthouse in New York sky tower, enjoying an expensive scotch or whiskey in hand, take decisions on behalf of your plant? (Top-Down Approach) Most probably never visited a plant. Let the people who know your plant best make the decisions (Bottom-Up Approach), at least let them participate in the decision-making process with a sound and proven methodology.

Performing Audits & Verifying Compliance

Utilizing the WBS in tandem with the RMS/ZCM simplifies audit and compliance processes. The RMS/ZCM produces requisite evidence and meaningful “certify-ready” reports, thus facilitating speedy certification. This occurs in real-time without causing any inconvenience. The WBS alongside the RMS/ZCM System incurs minimal additional expenses. Yet, it offers an enormous benefit to the end user. In fact, it generates a significant return on investment.

The Cybersecurity Division of WisePlant, also known as WiseSecurity, is proficient in overseeing any ongoing project. Their aim is to ensure that no deviations occur during the industrial cybersecurity lifecycle process. This vigilance significantly reduces the risk of failure within projects.

What can be audited and/or certified for compliance?

The Cybersecurity Management Program
The security of any System under Consideration (SUC) through its lifecycle
- New future system from basic engineering.
- Existing system, recently installed or old legacy.
Vendors and Suppliers
- Solutions Providers.
- Engineering/Service Providers.
- Product Suppliers.
Cybersecurity Professionals.
- Certificate of Knowledge (ISA Certificate Program)
- Certificate of Experience (WisePlant Certificate Program)

Interdependencies between Critical Infrastructures

Keep the different corporate infrastructures updated with information on state changes and critical events that may have a chain impact. The different ZCM Servers you have on the different locations can exchange crucial information for operational purposes. Exchange important behavior of critical industrial processes that my affect the supply chain.

Keep regulators or government entities informed of mandatory security events automatically, easily, and securely, providing relevant information securely. Know and manage exactly what needs to be reported, how and when with a quick escalation process. Keep track of all your reports and the feedback.

Inform yourself or keep other participants in the supply chain informed of events that may affect both negatively and positively in operations and production environments. Manage all those events to optimize performance and respond or prevent higher order consequences. Reduce the impact of 1st order consequences.

Development of Training & Awareness

This service includes the development and execution of training programs. Every company will have a variety of different training needs. Introducing Industrial Cybersecurity in a company is a significant cultural shift. It requires careful management to avoid causing disruption. Proper handling of this change is indeed crucial.

We have different training offerings that can typically be required by almost any company, end users and suppliers. These training programs include the de ISA Cybersecurity Certificate Program, and WisePlant’s WBS Industrial Cybersecurity training and certification program. Learn more.

The ISA Certificate Program is highly suggested for professionals requiring a deep understanding of the ISA/IEC-62443 series of standards. It covers all the essentials such as its structure, principles, and concepts. Additionally, it encapsulates terminology and models. This program ensures a comprehensive grasp of all requirements. Basically, everything that needs to be done. ISA-agnostic training imparts knowledge about necessary actions. Yet, it neither advocates nor promotes any specific methodology, tool, products, or system. Learn more .

WisePlant’s WBS Industrial Cybersecurity was specifically designed for easy implementation. It ensures compliance with the ISA/IEC-62443 series of standards. Additionally, it adheres to any other relevant regulations. Our practical approach does not get into the details of the standards and regulations. Numerous users don’t need to delve into the intricate specifics of several requirements. They need practical solutions for swift implementation and adherence. Learn more.

We also provide a set of awareness training for training numerous groups of people, tailored to meet specific end user requirements based on its policies and procedures. Training should be imparted smartly to the right people, at the right moment, and coordinated with the project activities, so everyone can benefit for being in the same page.

Discover & Assessment Phase (ASSESS)

To fully grasp the systems in question, model zones and conduits with simplicity. This will facilitate an understanding of the industrial process under control. It is also crucial to precisely identify all potential outcomes that must be avoided. This is particularly important if the devices and systems are compromised.

Assess the risk by employing established cybersecurity evaluation methods. These techniques facilitate informed, efficient and effective decision-making. They also sufficiently mitigate any unacceptable risks.

Avoid dedicating valued resources and time to activities, actions, and spending on systems that only mitigates your budget.

Accurate Zone & Conduit Modelling - IACS/SUC

ZCM System has strong modelling capabilities of zones and conduits on multiple SUC. From new/future solutions to very old legacy systems with SL-C, SL-A, and SL-T determination and management.

Easily seen and discoverable with ZCM Analyzers capturing traffic, analyzing packets, by listening on network ports, without opening unnecessary ports and replicating generating additional traffic nor occupying bandwidth.

ZCM achieves full visibility with deep granularity of all cyber-sensitive assets, including components, hardware, firmware and software. All done passively and non-intrusively without the need to generate greater risks.

Clearly understand the systems to perfection including all system weaknesses, from technological vulnerabilities, through procedural and physical without any false positives.

Complete visibility on Industrial Cyber-Assets, including those not easily found through discovery to fully isolated devices, historic dinosaurs, including hardware, firmware and software.

Assessing the Governance Capabilities - Strengths & Weaknesses

The Governance Capabilities of the plant are evaluated against ISA/IEC-62443 series of standards and optionally to any popular regulation for harmonization and compliance purposes.

The Security Gap Analysis consists of an assessment of the organization’s current practices (plant, division, sector, …) contrasting against global best practices (C2M2, NIST, NERC, TSA, INGAA, ENISA,…). This study is especially important to assess the highest level of governance for industrial cybersecurity and identify opportunities for improvement that serve as the basis for defining and sustaining improvement actions.

Security gap assessment studies can be performed on both end-users and suppliers of industrial systems and associated services. It can even be a very convenient technique for capacity assessment and supplier qualification in relation to their industrial cybersecurity domain.

Security frameworks. Depending on the country, region, laws, regulations, its industry and the goals defined by the organization itself is that we can incorporate different known global frameworks and/or develop a specific one tailored to the organization.

While the GAP analysis is not a risk analysis, it provides relevant information regarding the organization’s current maturity and posture against several global best practices or referrals. This type of study alone should not be used to justify investments, as it is not a Risk Assessment.

Assessing the Design of the Plant - Hazard Identification

This service consists of conducting a High-Level Cyber Risk Analysis (Initial Risk Assessment), or also called a method for identifying hazards associated with industrial systems. It aims to determine all the potential consequences and impacts associated with each of the cyber-assets identified in the system under consideration (SuC), if one or more cyber-assets are compromised by any threat. That is, understanding what can happen.

Visualization of industrial risk. A detailed understanding of the processes being controlled by the control systems, and how they were configured, is critical. That is, to understand the context in which the control system is immersed and the “current capacity” that a cyber incident must cause potential impacts. This is done without dismissing any of the risk recipients (people, environment, production, company, business, community, confidentiality, etc.), and effects (1st, 2nd, 3rd … order) as they are fundamental requirements for proper decision-making.

Criticality Analysis. Each cyber-asset will have its own intrinsic characteristics regarding technology, the way it has been configured and its relationship with other interconnected cyber-assets. But even more important will be the connection with the physical world. Criticality analysis is inherent in the process that is being controlled, monitored or operated by the cyber-asset individually and as a whole.

Identifying Risk Receptors. Each cyber-asset will have a different ability to impact on all different risk receptors. The correct and adequate identification of risk recipients (people, environment, production, business, business, community, confidentiality, etc.) will allow us to understand what needs to be done and how to incorporate the necessary capabilities to get out of each risky situation.

Risk Perception. Subject to everyone’s life experience, everyone (including an expert professional) inevitably perceives the risk differently. One of the main objectives of this service is to define and use a risk assessment methodology that makes sense to the organization, and that considers the interests of each risk recipient.

Assessing for Vulnerabilities - Vulnerability Management

Identify all relevant vulnerabilities as they are discovered. Classify each of the vulnerabilities according to their type and relevance. Namely: (a) Administrative or procedural, (b) Technological, cybernetic, and (c) Physical or mechanical.

The absence of patches often requires industrial plants to mitigate the risk, avoiding the occurrence of the consequences, living with vulnerabilities. Identify those vulnerabilities that may present a real risk to the plant. Dedicate your attention and invest where it really makes sense for the plant (not suppliers).

Industrial Cyber Risk Assessment - Taking the best decisions!

This service pertains to the assessment of cybersecurity risks within an industrial context. The objective is to facilitate informed and sound decision-making processes. Ultimately, this aims to significantly mitigate any unacceptable risks. It can be carried out over one or several systems under consideration (SUC), depending on the scope definition.

We employ a well-established RAGAGEP methodology to assess industrial cybersecurity risks. This approach aids in making robust, long-term decisions. Notably, it truly helps in mitigating potential hazards. Utilizing the RMS/ZCM, our services generate numerous results from this evaluation. These findings are integral for future mitigating activities.

Here is where all the magic happens. The methodology for risk analysis and long-term decision-making is both unique and robust. It effectively reduces risk by influencing the plant and system design. Therefore, it prevents any potential severe consequences from occurring.

Most of the market is focused on preventing cyber-incidents, guided by IT security standards. This approach, however, is misguided. We take a more comprehensive approach than this. Instead of just halting cyber incidents, we aim to prevent potential consequences from transpiring.

Undertaking a comprehensive industrial cybersecurity risk assessment is always beneficial, even if it’s late. This applies to both antiquated legacy systems and potential future systems. Especially during procurement or the early stages of engineering, such an evaluation can be vital.. The sooner, the better.

Design, Implementation & Verification Phase (IMPLEMENT)

The specific outcomes of the Industrial Cybersecurity Risk Assessment are utilized. They help in restructuring control systems and the plant. This occurs with the implementation of effective, efficient, and adequate mitigation measures.

In order to safeguard industrial control systems, we need to introduce security levels (SL). This will also protect all risk receivers. Furthermore, specific recommendations should be integrated into current control systems.

The consequence-centric approach proposed by ISA99 is the only choice for industrial plants and critical infrastructures.

Conceptual Design of Zones & Conduits - Security By Design

The Conceptual Design of the security in the plant is based on one of the oldest principles of defense in depth, originated in military intelligence. We call it the 5 Ds of Design. While there are different interpretations of the technique, we use it primarily to avoid the occurrence of potential consequences, influencing the design of the control system and the design of the plant.

This ancient technique intelligently allows us to avoid the occurrence of possible consequences, even in the event of a cyber incident. The results of this design are used as input for the Detailed Design and Rationalization of Security Alarms. This is the first activity in the Security-By-Design process, where the main focus is the safety and security of the plant.

The RMS/ZCM system has the necessary techniques to ensure that the design is robust across multiple layers of security and consistent with other industrial risk disciplines. Each zone and conduit will have a unique set of countermeasures, even sharing the same level of security, SLT. These will depend heavily on the industrial process and the possible consequences, rather than on the threats and vulnerabilities of the moment.

Detailed Design of Zones & Conduits - Security By Design

This is the second security activity by design, where the main objective is to reduce the probability of occurrence of the cyber incident, making it increasingly difficult to compromise the zone, according to its level of risk.

The main focus of this activity are the zones and conduits of the system under consideration (SUC). The creation of technical specifications for cybersecurity (CSRS), resulting in the three design activities, which are: conceptual design, detailed design and rationalization.

Whether it is a system that has been existing in the plant for decades or a new system during the procurement process, these requirements go directly to the service provider or the system (industrial system integrator). Redesign of an existing system or design of a new system.

The RMS/ZCM system has the capacity to manage the three different levels of security, which are: SLT (Desired or necessary), SLA (Achieved or current) and SLC (Individual capability for each component).

Rationalization of Vigilance, Alarms, and Response - Security By Design

Most vendors fail to implement security monitoring, detection, and alerting systems. Even more so when responding to cyber events. They lack the primary context for evaluating and making correct decisions, “The Risk.” They don’t know the risk, they don’t understand the plant, so they implement systems in learning mode. Wishing to learn something over time.

The hard way to learn, the wrong way to make decisions. The only way for observation to discover the potential risk is that the consequence must occur at least once. The same PLC model at different plant sites can have completely different consequences. Among them, deaths, multiple fatalities and catastrophes. Learning in this way is completely unacceptable.

Rationalization means that we do not need the learning mode. Our monitoring, surveillance, alerting, alarming, and cyber incident response system is accurate, with no false positives. We avoid the distraction of valuable plant resources, focusing on what really matters.

Security By Design at Three Instances: The Plant, the System, and the Product.

Security by design has different scopes and implications depending on the level of application and the role of the user. These roles are: (a) the Asset Owner, (b) the Service Provider, and (c) the Component Manufacturer.

This service involves designing the systems under consideration (SUC). It may also include creating the plant’s design. This is done based on the findings from the industrial cybersecurity risk assessment.

Each zone and conduit in a specific SUC is unique. As a result, only a particular set of countermeasures will work effectively. These measures are crucial to mitigate all the intolerable risk efficiently and sufficiently.

There are three design activities, and these are Conceptual Design, Detailed Design, and Alert Management Design. Understanding the results of risk assessment is crucial. Furthermore, we should consistently implement all countermeasures. However, this should not lead to deterioration in other industrial risk disciplines.

Whether we’re dealing with a current legacy SUC or a future one, the design must undergo an engineering by design process. This is to ensure its implementation is optimal and secure. Furthermore, it guarantees a safe and smooth operation of the plant.

Implementation of Countermeasures - Mitigating the Risk

The provider of this service undertakes the execution of all essential modifications on a pre-installed and functioning SUC at a specific plant. Alternatively, they are also responsible for the design and setup of future SUCs. These new units will be installed in a production environment.

Here is where the real job is done and the existing intolerable risk is mitigated. The industrial cybersecurity risk is mitigated by doing the right things right. In today’s business world, many companies are excellently executing the wrong strategies. Furthermore, they are also incorrectly implementing inappropriate actions. Lastly, even when they undertake the right tasks, they often carry them out wrongly. Don’t be one of them. Do the right things right.

Basically, there will be three types of countermeasures. These types are administrative, technological, and physical. Only those countermeasures justified my the industrial risk assessment must be consistently designed and implemented.

Hardening Zones & Conduits - Preventing Cyber-Incidents

Zone and Conduit hardening consists of the implementation of the security requirements, defined in ISA/IEC-62443-3-3 in each of the zones and conduits, in accordance with the SLT-Vector adjusted during the design activities. The higher the SLT, the more difficult it is to compromise, reducing the likelihood of cyber incident occurrence. The implementation of SLTs is necessary, but not sufficient. Other risk mitigation compensating countermeasures are necessary.

Existing systems will be transformed through changes consistent with necessary policies and procedures. Physical modifications to the installation of the SUC and industrial processes may be necessary and must be incorporated respecting the change management processes of the plant. All this without generating interruptions in production, eventually taking advantage of scheduled plant stoppages.

New systems must be designed by the system integrator to meet specific Cybersecurity Requirements Specifications (CSRS). The system integrator should have a Secure-By-Design Engineering methodology to ensure that the CSRS will be met and verified during the Cyber SAT. The system integrator must purchase the right components, to be assembled and configured correctly. Without a documented Engineering-By-Design process meeting ISA/IEC-62443-2-4, ISA/IEC-62443-3-3, and ISA/IEC-62443-4-2 standards, the CSRS won’t be met. Most of the systems integrators are not aware about this, and wrongly believe that having certified professionals is good enough.

At this stage, the ZCM Analyzers converts into a 7×24 protection device. The ZCM Analyzers unveils the real potential by being able to monitor for intrusions, detect anomalies, detect threats, manage syslog events from industrial firewalls and smart switches, receive events from ZCM Agents installed at HOST devices, receiving process date with OPC Client, supervising wireless networks, and more.

The multiple ZCM Analyzers are configured from the ZCM Server according to the results of the RMS activities to meet specific security requirements as designed during the Conceptual Design, Detailed Design and Rationalization Design.

Cybersecurity Acceptance Tests

This service consists in the verification and the acceptance or rejection of the implemented countermeasures. The verification and tests must be good to verify the conformance to specific requirements by each zone and conduit. Each zone and conduit will have its own requirements. It is of fundamental importance to avoid over-testing or under-testing.

Finally, what is implemented and installed needs to be contrasted against the results of the industrial risk assessment. There is no benefit in conducting a risk assessment, making decisions, and then implementing and verifying something else.

We take care to avoid “with certainty” the occurrence of potential consequences, and we accept the occurrence of tolerable cyber incidents. Our solution is “long term”, and with much less budget (Investment). The hacker can no longer do damage to the plant. Indeed, it may have the ability to instigate a cyber incident. However, it no longer has the power to inflict harm on the plant.

Operation & Maintenance Phase (MAINTAIN)

After all significant risks are addressed, the plant can function safely. This is true, provided that potential severe consequences are prevented from occurring. As a result, the plant will be secure against both current and future cyber threats.

Even though, all the intolerable risks are already mitigated, preventive and corrective security maintenance activities are still required.

Realtime Network Surveyllance for Safe & Secure Operation

Mitigated risks (Recommended): this activity can be carried out on zones and conduits that have all their risks mitigated. Potential (Intolerable) consequences can no longer occur. Cyber incidents can still happen. This doesn’t mean you shouldn’t be alert and respond to cyber incidents. It is said that a safe plant is a boring place.

Unmitigated risks (Not recommended): Potential consequences can occur, although we have already identified them. Response becomes crucial to protect on time. At least, you may be able to have a response plan that can be assertive. Risks should be mitigated as soon as possible. Monitoring should not be used as the primary initiative to mitigate risk, it should be used to assist the operators keeping their attention to the safe operation of the plant.

ZCM Analyzer: The different surveillance tools are developed near each zone and conduit. Intrusion detection, anomalies, threats, receiving syslog events generated by other devices (industrial firewall, smart switches, ZCM Agent,….), OPC Client for monitoring process variables, security sensors for physical access control (open/close, presence/movement), wireless network monitoring, and more.

The multiple ZCM Analyzers send notifications to the ZCM Server for management and assertive response, without false positives.

Realtime HOST Surveyllance for Safe & Secure Operation

The ZCM Agent is a piece of software that works in conjunction with the ZCM Analyzer. ZCM Agents are installed on operator stations, servers, and other HOST-type devices. The ZCM Agent acts as a resident security agent in the HOST (Example: Microsoft Windows), monitoring the operation of the device, software applications, security policies, user actions, among other tasks. A series of 30 diagnostics that are executed by the ZCM Agent are sent to the ZCM Analyzer. After being processed by the ZCM Analyzer, they are sent in real time to the ZCM Server.

Notifications Management - Corrective Maintenance

After the implementation and the verification of security countermeasures, the plant is operated within the tolerable risk. Anything intolerable is not expected to happen, and in particular the intolerable consequences.

The ZCM System is responsible for real-time monitoring and diagnostics. It maintains plant safety by averting high-risk situations. Moreover, it accomplishes these tasks without requiring external assistance. There’s no necessity to transmit critical data or real-time information outside the plant.

The plant should have enough capabilities to respond to any type of event. The RMS system receives notifications from ZCM Agents, ZCM Analyzers, and ZCM Servers. The RMS Systems also generates other types of events that require attention without false positives. There are two types of notifications: Alerts & Alarms. Alerts does not need a response, and are generated for information purposes only. Alarms must be responded in a timely manner and with a specific written and practiced response, list or instructions, or a procedure. All mandatory responses need to be managed and recorded.

KPIs and scheduled system reports are generated automatically. The results need to be analyzed for improvement, undergoing PDCA cycles.

Response Management - Corrective Maintenance

With RMS System, there is no need for “Learning Modes”. We already have the knowledge for precise and timely responses. Every Alarm has a planned response, such as a list of instructions or a response procedure. Within a plant environment, there is no time for improvisation. Plant safety and system security needs to be serious.

KPIs and scheduled system reports are generated automatically. The results need to be analyzed for improvement, undergoing PDCA cycles.

Cyber OT Intelligence - Remote Support Bodyguarding Your Back

The ZCM System is responsible for real-time monitoring and diagnostics. RMS system is responsible for Notifications & Response Management. It maintains plant safety by averting high-risk situations. Moreover, it accomplishes these tasks without requiring external assistance. There’s no necessity to transmit critical data or real-time information outside the plant.

Despite this, the end user may have an interest in additional supportive services. These could potentially contribute to a safer and more secure operation. Should this be the situation, we are amenable to scrutinizing the associated requests and requirements. This is done with the intent to facilitate any RMS/ZCM installation.

Remote support and diagnostics assistance. Our professional can access remotely to the RMS/ZCM System for diagnosis, performance, consultative, analysis, auditing, and suggestions. The built-in RMS user role and capabilities (FR1 and FR2) let you manage what we can see and do on your particular installation.

Custom Developments. The ZCM Analyzer can run passive and active tools. We can develop custom-made applications due to the rich and powerful ZCM operating system. Example: The ZCM Analyzer can also be converted into a powerful industrial firewall.

RMS API (Application Programming Interface) allows integrating with third party systems, such as SOC IT/OT, Q-Radar and other more elevated systems. In a similar manner, the RMS/ZCM System can manage and distribute discoveries, policies and procedural updates to the multiple ZCM Servers.

Patch & Update Management - Preventive Maintenance

Patches and updates are those types of changes on control systems that the end use is not willing to do. At least not willing to do on a frequent basis, and only by exception. Patches are changes and changes on control systems may end in undesired effects and risks to the operational environment. Changes on control systems are highly managed and costly, specially if they go wrong.

Match the patch/update with existing vulnerabilities, updating the vulnerability database. If the patch or update does change any of the essential functions or the design of the system in any way, then it should be managed as a change.

RMS/ZCM patch and updated management has a built-in process in compliance to ISA/IEC-62443-2-3 Technical Reference to grab all the necessary information to take decision, and create a plan to deploy the patch as it was decided. Follow-up with the results and monitor for after side effects, until the observation period is passed.

Change Management - Preventive Maintenance

A change is something that the plant is willing to do, because it is good for the business, the safety or the security of the plant. It is justified by a desire of the plant. It may be technically or business driven. Anyway, the end user is expecting a benefit of that change. Changes can be risky as well. A change in the design of the zone, the conduit or the process, may bring a different SLT, recommendations, profile. A full set of risk scenarios needs to be reevaluated.

The changes proposed to the zones, conduits or industrial process, should not be approved until the affected nodes are re-evaluated from Cybersecurity perspective, as these changes may affect negatively the security of the system and finally the safety of the plant.

The RMS/ZCM systems allows creating a temporary copy of the previous Detailed Risk Assessment, including HLRA, so the user can simulate and evaluate the change in the zones and conduits before its approval. Additional countermeasures may be required.

Backup & Restore Management - Preventive & Correcive Maintenance

Backup and restore is one feature that the RMS/ZCM Systems does for itself. The RMS/ZCM can generate and maintain backup and restorations processes and procedures for system, databases and user data. The RMS/ZCM system does not manage backups from control systems or any other vendor, by it can monitor and supervise third party backup systems at its corresponding zone.

The ZCM Servers support redundant configuration, by having two ZCM Servers with the same RMS System. Does one Server fail, the secondary server continues working without interruption. RMS/ZCM Server also support failover storage discs array on each tolerant servers for additional security. ZCM Analyzers does not need to retain data. The ZCM Analyzers configuration is kept on the ZCM Servers. ZCM Analyzers can be easily tolerant to failures simply by adding a ZCM Analyzer to the same zone. Very little configuration will be required.

Audit & Continuous Improvement

This service involves auditing already installed SUC at a specified plant or operational environment. Alternatively, it can audit a new system that is currently in its engineering phases. Almost everything can be audited and reviewed for compliance with the standards and for effective and efficient risk mitigation.

The entire Industrial Cybersecurity Management Program can be audited for compliance, and continuous improvement.

At WiseSecurity, we offer a unique solution for JIT auditing and certification. This is done during the execution of projects to prevent rework. It also ensures faster mitigation. We use a very effective audit and compliance methodology.

Would you like to know more?

Our security strategy ensures the protection of your most valuable assets. It shields all risk recipients by preventing cyber incidents. This is aimed at eliminating any possible impact on them. The result is a robust infrastructure that can withstand various threats. It’s designed to resist attacks that could compromise one or more cyber-assets.