Welcome

Welcome to WisePlant - A WiseGroup Company  - | -   SpanishEnglishPortuguese    - | -   Facebook   Twitter  Instagram   Tumblr   Telegram   Reddit  - | -

No session

*** You are not logged in to the SecureCloud ***

We are aware of the strong connection between industrial cybersecurity and process security. We also believe that safe processes cannot be achieved without including cybersecurity. The multiple disciplines of industrial risks are linked and with the advancement of technology and cyber threats, plants, people and the environment are not sufficiently protected if the systems are not tolerant of remaining vulnerabilities and persistent threats.

As a solution provider for the entire life cycle of processes, our mission is to help ensure that cybersecurity is correctly designed in new or existing control systems and can be properly maintained over time in a sustainable manner.

At present, many organizations and professionals confuse the evaluation of industrial cyber risks with the identification and analysis of vulnerabilities. While they are related these are very different.

We provide cybersecurity services on industrial systems (IACS) in each phase of the security life cycle in automation projects. We guide our clients through our exclusive risk assessment methodology for industrial cybersecurity and critical infrastructure that we call Cyber-PHA. The Cyber-PHA methodology is a practical application of the risk assessment requirements of the ISA / IEC-62443 series of standards published by the ISA99 Committee.

RISK = F (VULNERABILITY, CONSEQUENCE)

WiseSecurity provides security services on industrial processes in each phase of the life cycle of the plant. We guide our clients through our exclusive risk assessment methodology for industrial safety, which we call PHA (Process Hazardous Analysis). The PHA methodology is a practical application of the risk assessment requirements of the IEC-61511 series of standards published by the ISA84 Committee.

RISK = F (FAILURE, CONSEQUENCE)

Vulnerabilities in industrial systems are generated in each of all stages of the life cycle. With proven methodologies, the identification of vulnerability is key to mitigation. Early mitigation by design will mean the lowest total cost of ownership (TCO) and the lowest risk.

  • Design, Engineering and Purchase: the design of control systems and their industrial networks represents one of the main and most important causes of the high cyber risks that end users face and which is evidenced by the lack of adequate engineering criteria (CSRS) for the design and purchase of the new systems that are then propagated to the following stages.
  • Configuration and Construction: the lack of industrial cybersecurity (CSRS) specifications at the start of a new project means that necessarily suppliers to integrators will omit the vast majority of the minimum necessary aspects. Each plant and process is different and should not and can not be treated in the same way. Even if these specifications exist (CSRS), their compliance and validation requires specific knowledge in the management of cyber risks.
  • Installation, Operation and Maintenance: the lack of criteria in the selection of products, technologies and manufacturers such as the lack of adequate monitoring and maintenance, necessarily means that the number of vulnerabilities and high risks due to cybernetic causes that end users will face will increase significantly over time and therefore Both the total cost of ownership (TCO) will grow exponentially.

We provide analysis services of plant networks and intelligent field networks for performance evaluation, configuration failure detection, intrusion detection and vulnerability identification, including installation defects and their potential risks in the process industry. We analyze protocols of serial type, based on Ethernet and proprietors of industrial use.

We provide intrusive laboratory services for the identification of vulnerabilities in existing systems or new systems before being installed in critical applications. These services can be developed during the FAT and SAT stages, or also on existing systems (in a test bench) with specific, aggressive and very persistent tools.

We provide analysis and diagnosis services of the extensive automation programs before or after they are incorporated into the plant, in order to look for programming errors, potential malicious codes, firmware alteration, suspicious variables, performance problems, backdoors, bad engineering practices and even unauthorized changes in PLCs, DCSs, RTUs, and SISs, in the 5 IEC-61311 programming languages ​​for control systems.

We provide educational services tailored to customers. We develop courses on functional security and cybersecurity to facilitate the implementation of company policies and new procedures. These courses are usually necessary to develop internal awareness and training campaigns. We also develop and provide training and professional certification courses on international standards developed by the ISA99 and ISA84 committees.

Fulfillment

From WiseSecurity we have the capacity to provide security services and solutions that allow our clients and certified integrators to comply with the following norms, standards, regulations, policies and security requirements.

Industrial Cyber ​​Security and Critical Infrastructures

  • ISA / IEC-62443 Series
  • ISA TR84.00.09
  • NIST SP800-82
  • NIST Cybersecurity Framework

Safety of Industrial Processes, Boilers, Burners and Turbomachinery

  • ISA84 / IEC-61508 / IEC-61511
  • NFPA 85, 86 and 87 / API-RP556 / CSA-B149.3
  • API-670

Intrinsic Safety in Classified Areas or Explosive Areas

  • ATEX based on IEC-79 Standards
  • IECEx based on the ATEX system
  • UL / FM / CSA

Catalog of ServicesSpecialized services for Industrial Critical Infrastructures

The following services were designed and developed exclusively to be applied in critical industrial infrastructure. These services meet the requirements of international standards and have been designed to be executed individually or comprehensively as part of a larger project.

  • Complete Program of Industrial Cybersecurity and Critical Infrastructures.

GOVERNMENT AND CONTINUOUS IMPROVEMENTPolicies, procedures, maturity, audit, compliance, continuous improvement.

The following are minimum basic services necessary to meet the requirements of implementing an Industrial Cybersecurity program according to the ISA / IEC-62443 series of standards in new or existing industrial plants.

PHASE: EVALUATIONProcess Security and Cyber ​​Security

The following are minimum basic services necessary to meet the requirements of implementing an Industrial Cybersecurity program according to the ISA / IEC-62443 series of standards in new or existing industrial plants.

PHASE: DESIGN AND IMPLEMENTATIONDesign, Implementation and Construction of Cybersecurity

The following are minimum basic services necessary to meet the requirements of implementing an Industrial Cybersecurity program according to the ISA / IEC-62443 series of standards in new or existing industrial plants.

PHASE: OPERATION AND MAINTENANCEOperation, maintenance, auditing and compliance

The following are minimum basic services necessary to meet the requirements of implementing an Industrial Cybersecurity program according to the ISA / IEC-62443 series of standards in new or existing industrial plants.

COMPLEMENTARYIndustrial Cybersecurity and Critical Infrastructures

The following are some complementary services that can be used to deepen the identification of vulnerabilities in industrial systems and networks and typical applications found in critical IT / OT infrastructures. Depending on the methods and techniques used, these services can become intrusive and destructive (Penetration Tests).

Do you want to develop your own Industrial Cybersecurity Laboratory for Industrial Systems?

We can help you create your own laboratory to develop cyber security tests in your own company incorporating the best technologies defined by ISA Secure into the testing and certification programs for products and systems.

The following are some complementary services that can be used to design solutions in hazardous industrial environments, critical infrastructures and critical assets, such as control rooms, buildings, industrial plants and other properties.

Brochures

English

Spanish

Portuguese