The Risk Management System (RMS)
All-In-One and Only-One solution for Industrial Cybersecurity and Safety. Efficiently, effectively and safely comply with all the requirements of the ISA/IEC-62443 series of international standards. In accordance with all necessary regulations, each industrial process must be monitored throughout its life cycle. This applies to every facility involved. Oversee the protection and durability of those outdated industrial control systems that urgently require security measures. Similarly, supervise the latest control systems during the engineering stages. This process should span from procurement to construction prior to their installation at the plant.
Manage risk accurately by complying with ISA/IEC-62443 without deviations, saving a substantial amount of work and time combined with accuracy and consistency with all other industrial risk disciplines. The RMS solutions deploys easily within any type of IACS architecture without creating additional risks occupying minimal or no usage of control networks badwidth.
EMS (Enterprise Manager)
Each of the EMS can support as many IACS Site Servers as needed. The EMS Server is projected to be available by the end of 2026. The main objective of the EMS Server is to coordinate high level strategic decisions, global policies’ enforcement, distribution of advisories, system updates. The EMS also collects data from each IACS Site, such events, performance, and KPIs from each site.
IACS Site Manager
The IACS Site Server – single or redundant – can support as many ZCM Analyzer as needed. The RMS solution avoids creating external dependencies to the plant. IACS Site Servers as its name suggest is used to entirely manage and mitigate the risk at one site. A site can be a single plant or SCADA type installations, such as a pipeline o energy transmission lines.
Zones & Conduits Analyzer
ZCM Analyzer takes direct contact to nodes within a certain SUC. ZCM Analyzers can support one or more zones and conduits, depending on the SUC architecture and Security Level Targets. ZCM Analyzer supports SL1, SL2, SL3, and SL4. (VLANs does not meet +SL2 Requirements.). The ZCM Analyzer can support as many ZCM Host Agents and third-party devices as needed.
ZCM Host Agent
The ZCM Host Agent is a lightweight resident software that monitors and protects the HOST devices directly connected to the closest ZCM Analyzer. Each Host Device is identified as a component to be protected within and certain zone, as part of a SUC. The ZCM Host Agent runs about 30 diagnostics for security and compliance.
Third Party Devices
The ZCM Analyzer supports the integration with several third party devices and sensors for additional and orchestrated security implementation and risk mitigation. These devices can be industrial firewalls, industrial switches, physical variable sensors, security locks, location tracking TAGs and more.
Simplified Governance
The Challenge for Asset Owners
End Users or Assets Owners are required to identify and mitigate their risks as soon as possible, at a minimum investment and maximum return. This is exactly what End Users are capable of achieving with the true Risk Management System (RMS) from WisePlant.
OT Security is very different when comparing to IT Security. OT requires a complete different set of premises, policies and procedures as it is another framework, and other Standards.
Industrial plants are tempted and pushed by the business inertia to implement IT solutions into the OT environment, wrongly spending solutions and lots of resources that never suffice, draining their budgets like a never ending story. This approach is only delaying their security, distracting valuable resources.
The accelerated and dynamic business environment is forcing OT infrastructures to introduce new devices and systems into a naturally conservative world. Most of the organizations are creating a “Frankenstein” OT Security mixing IT security practices, popular regulations, and standards building a “white elephant” mitigating their budgets a lot quicker than the risks.
The Challenge for Service Providers
Service Providers can vary significantly depending on the type of service within their scope. All of them can benefit significantly with RMS from WisePlant.
Engineering (EPC) and System Integrators who design and build Control Systems to the End Users, needs to analyze the risk, design and build new systems from scratch. Addressing cybersecurity at early stages in the process can save the Asset Owner a significant amount of money. But, it is not only about money, it’s about security and safety.
Cybersecurity services providers must have a well documented methodology. Most of the people wrongly believe that having trained, and certified personnel is good enough, when it is very far from being enough. The RMS system and WBS methodology provides a structured approach to meet the requirements of the ISA/IEC-62443-2-4 and gives End Users the confidence that their suppliers are capable to manage their projects to perfection.
The origin of the RMS Suite and WBS Methodology
The RMS system was built from a blank sheet of paper. As early adopters of ISA/IEC-62443 series of standards and unbiased to IT security practices, we have designed the RMS system with a primary directive: protect what matters most.
We joined the ISA99 committee back in 2006, the first versions of the standards were published in 2009, before Stuxnet was discovered in Iranian nuclear reactors. WisePlant was formally created in 2012 embracing a safety and security culture.
During the decade of 2010 we have been helping End Users to implement and comply with the ISA/IEC-62443 series of standards. And we mean with all the requirements of the standards. We found it very difficult to achieve with the tools available in the market. Furthermore, we tried and tested tools from many vendors. Besides, we were an early vendor of Indegy, we had to rely on different tools supporting inconsistency between tools with a lot of manual work relying on complex Excel Spreadsheets.
We decided to build our own tools. This is how we arrived to build a new category of system in OT covering the entire series of ISA/IEC-62443 series standards and at the same time harmonize with popular regulations. We originally name ZCM (Zones and Conduits Manager) and evolved – in 2025 – to a Risk Management System (RMS).
The RMS provides an all-in-one solution for managing industrial cybersecurity risk
Utilizing the WBS in tandem with the RMS/ZCM, it drastically simplifies the audit and compliance processes. The RMS/ZCM produces requisite evidence and meaningful “certify-ready” reports, thus facilitating speedy certification. This occurs in real-time without requiring additional work. The WBS alongside the RMS/ZCM System incurs minimal additional expenses. Yet, it offers an enormous benefit to the end user. In fact, it generates a significant return on investment.
The Cybersecurity Division of WisePlant, also known as WiseSecurity, is proficient in overseeing any ongoing project. Their aim is to ensure that no deviations occur during the industrial cybersecurity lifecycle process. This vigilance significantly reduces the risk of failure within projects.
What can be audited and/or certified for compliance?
- The Cybersecurity Management System (CSMS) at the Asset Owner – ISA/IEC-62443-2-1/X
- The security of any System under Consideration (SUC) through its lifecycle – ISA/IEC-62443-3-3
- New future system from basic engineering.
- Existing system, recently installed or old legacy.
- Vendors and Suppliers – ISA/IEC-62443-2-4
- Solutions Providers.
- Engineering/Service Providers.
- Product Suppliers.
- Cybersecurity Professionals – Professional Knowledge and Experience
- Certificate of Knowledge (ISA Certificate Program)
- Certificate of Experience (WisePlant Certificate Program)
The upper-management is struggling
During this long period of time, we have witnessed the Upper Management of most organizations to struggle with OT security. Failing repeatedly to implement and comply. Organizations are cross-referencing multiple frameworks, implementing a mix and match between multiple regulations, standards and criterias, building a Frankenstein CSMS (Cyber Security Management System).
This approach, like a kid in a candy store, implementing a bit of everything, is devastating their budgets, confusing the stakeholders and creating notable fatigue at the plant distracting valuable resources with projects and systems which does not contribute.
Most of the companies are implementing incident-centric solutions, trying to mitigate the OT risks from the outside-in, with a top-down approach, starting at the perimeters, with expensive SOC/OT, IDS in learning mode, and many other; fighting against threats and vulnerabilities. This fight is lost from the beginning, by implementing solutions with no OT context.
We solved the problem
We have created a three-pillar solution. The (1) off-the-shelf RMS Suite, the (2) fully documented WBS Methodology, and (3) all the necessary training. During the past years we have been working smartly and hard to create the new RMS 3.0 with lots of new features.
We have designed and produced the first Consequence-based solution with a real OT security approach. In opposition to Incident-Centric, we have created a system with primary focus in preventing the consequences of happening. We have crafted and built the first Consequence-Centric solution, with a bottom-up approach, addressing the safety and security from the inside-out; making sure that potential consequences can no longer occur even if cyber-incidents finally happens.
Even more, it is easy and quick to implement and the best of all, it creates a certify-ready CSMS with a minimal budget. There is no other solution in the market with these capabilities. We have designed the suite with Asset Owner and Service Provider certification as a footprint, together with distinguished auditors with certification authorities experience.
We guarantee the minimum investment, with the most durable solution, and in the shortest of time. No distractions. No frustrations. This is the best Return On Investment for any Asset Owner and the best value for any Service Provider.
Assessing the Risk
The Challenge for both: Asset Owners and Service Providers
There are many organizations, with many regulations, and suppliers with different ideas about how to evaluate the risk and take decisions. The great majority of these methods are useless. They are only good for the sellers, but not for the plant. Only a very few will lead to the correct and good decisions that really mitigates the realistic risk.
RMS Assessment package software, supports RAGAGEP compliant methods which meets the ISA/IEC-62443-3-2 and ISA/IEC-62443-2-1 requirements. RMS Assessment tool supports CPHA, CyberPHA, CyberHAZOP, CHAZOP, CyberLOPA, and WisePlant’ Secure & Protect methods.
Future and new systems - IACS/SUC
The sooner, the better. The risk assessment can be executed during early engineering stages of the systems and the plant. Before buying and during the procurement process, Assets Owners and Engineering & Constructions companies will be able to accurately evaluate, design and specify new systems that will arrive secure before the start-up of the plant.
Old legacy and existing recent systems - IACS/SUC
More probably, existing systems won’t meet ISA/IEC-62443 requirements. Zones and conduits were never defined. No one worked with security in mind. Control systems are robust but insecure. Now it’s time for security. Better late than never, but it can be too late. Security and safety must be analyzed together, thus a weak security can affect safety.
Every system has a story to tell. Every plant is different. Each system needs to be analyzed. Information has to be accurate. If it is not accurate the risk assessment will most probably be incorrect and will lead to wrong decisions, wrong spending, loss of time, loss of money, loss of opportunity to do the things right.
Many people wrongly believe that old system cannot be secure, and they should be replaced with new ones. This is also an incorrect myth about security in OT environment. In opposition to that theory, the old system’s lifespan can be extended.
Accurate Zone & Conduit Modelling - IACS/SUC
The 
RMS has strong modelling capabilities of zones and conduits on multiple SUC. From new/future solutions to very old legacy systems with SL-C, SL-A, and SL-T determination and management with complete set of FRs, SRs, CRs, and REs.
Easily seen and discoverable with ZCM Analyzers capturing traffic, analyzing packets, by listening on network ports, without opening unnecessary ports and replicating generating additional traffic nor occupying bandwidth.
With different methods and tools, the RMS provides full visibility with deep granularity of all cyber-sensitive assets, including components, hardware, firmware and software. All done passively and non-intrusively without the need to generate greater risks.
Clearly understand the systems to perfection, including all connections, either Ethernet based or non-Ethernet. Complete visibility on Industrial Cyber-Assets, including those not easily found through discovery to fully isolated devices, historic dinosaurs, including hardware, firmware and software.
Assessing the Governance Capabilities - Strengths & Weaknesses
The Governance Capabilities of the plant are evaluated against ISA/IEC-62443 series of standards and optionally to any popular regulation for harmonization and compliance purposes.
The Security Gap Analysis consists of an assessment of the organization’s current practices (plant, division, sector, …) contrasting against global best practices (C2M2, NIST, NERC, TSA, INGAA, ENISA,…). This study is especially important to assess the highest level of governance for industrial cybersecurity and identify opportunities for improvement that serve as the basis for defining and sustaining improvement actions.
Security gap assessment studies can be performed on both end-users and suppliers of industrial systems and associated services. It can even be a very convenient technique for capacity assessment and supplier qualification in relation to their industrial cybersecurity domain.
Security frameworks. Depending on the country, region, laws, regulations, its industry and the goals defined by the organization itself is that we can incorporate different known global frameworks and/or develop a specific one tailored to the organization.
While the GAP analysis is not a risk analysis, it provides relevant information regarding the organization’s current maturity and posture against several global best practices or referrals. This type of study alone should not be used to justify investments, as it is not a Risk Assessment.
Assessing the Design of the Plant - Hazard Identification
The RMS can perform High-Level Cyber Risk Analysis (Initial Risk Assessment), or also called a method for identifying hazards associated with industrial systems. It aims to determine all the potential consequences and impacts associated with each of the cyber-assets identified in the system under consideration (SuC), if one or more cyber-assets are compromised by any threat. That is, understanding the behavior of the plant with the operators in it.
Visualization of industrial risk. A detailed understanding of the processes being controlled by the control systems, and how they were configured, is critical. That is, to understand the context in which the control system is immersed and the “current capacity” that a cyber incident may cause potential impacts. This is done without dismissing any of the risk recipients (people, environment, production, company, business, community, confidentiality, etc.), and effects (1st, 2nd, 3rd … order) as they are fundamental requirements for proper decision-making.
Criticality Analysis. Each cyber-asset will have its own intrinsic characteristics regarding technology, the way it has been configured and its relationship with other interconnected cyber-assets. But even more important will be the connection with the physical world. Criticality analysis is inherent in the process that is being controlled, monitored or operated by the cyber-asset individually and as a whole.
Identifying Risk Receptors. Each cyber-asset will have a different ability to impact on all different risk receptors. The correct and adequate identification of risk recipients (people, environment, production, business, business, community, confidentiality, etc.) will allow us to understand what needs to be done and how to incorporate the necessary capabilities to get out of each risky situation.
Risk Perception. Subject to everyone’s life experience, everyone (including an expert professional) inevitably perceives the risk differently. One of the main objectives of this service is to define and use a risk assessment methodology that makes sense to the organization, and that considers the interests of each risk recipient.
Assessing for Vulnerabilities - Vulnerability Management
Identify all relevant vulnerabilities as they are discovered. Classify each of the vulnerabilities according to their type and relevance. Namely: (a) Administrative or procedural, (b) Technological, cybernetic, and (c) Physical or mechanical.
The absence of patches often requires industrial plants to mitigate the risk, avoiding the occurrence of the consequences, living with vulnerabilities. Identify those vulnerabilities that may present a real risk to the plant. Dedicate your attention and invest where it really makes sense for the plant (not suppliers).
Industrial Cyber Risk Assessment - Taking the best decisions!
This module pertains to the assessment of cybersecurity risks within an industrial context. The objective is to facilitate informed and sound decision-making processes. Ultimately, this aims to significantly mitigate any unacceptable risks. It can be carried out over one or several systems under consideration (SUC), depending on the scope definition.
The RMS supports well-established RAGAGEP methodologies to assess industrial cybersecurity risks. This approach aids in making robust, long-term decisions. Notably, it truly helps in mitigating potential hazards. Utilizing the RMS/ZCM, the RMS produce numerous results from this evaluation. These findings are integral for future mitigating activities.
Here is where all the magic happens. The methodology for risk analysis and long-term decision-making is both unique and robust. It effectively reduces risk by influencing the plant and system design. Therefore, it prevents any potential severe consequences from occurring.
Most of the market is focused on preventing cyber-incidents, guided by IT security standards. This approach, however, is misguided. We take a more comprehensive approach than this. Instead of just halting cyber incidents, we aim to prevent potential consequences from transpiring.
Undertaking a comprehensive industrial cybersecurity risk assessment is always beneficial, even if it’s late. This applies to both antiquated legacy systems and potential future systems. Especially during procurement or the early stages of engineering, such an evaluation can be vital. The sooner, the better.
Robust Design for Safety & Security
The Challenge for both: Asset Owners and Service Providers
Security & Safety by design requires a deep understanding of the risk that is being addressed and the context in which it may happen or to be triggered. Many organizations are jumping directly to implement typical IT controls, SLT from 62443, without rationals, or not performing a risk assessment. This is the same as going to the pharmacy before visiting the doctor. Or going shopping just for spending a remaining budget.
Assets Owners needs to understand risk in order to mitigate it and to create meaningful strategic mitigating and response plans. Without this, the organizations are being guided by a mere intuition or fear campings. Condemned to permanent spending and reacting to the vulnerabilities and threats without really knowing if the risk is mitigated or not. There is always a doubt or fear, and that justifies more spending. Technology alone does not have all the answers. Sound processes and procedures also need to me implemented consistently.
Service Providers needs to understand the Security Requirements before bidding, accepting a purchase order, knowing their own system capabilities, if the requirements are going to be met intrinsically with their own system components, or they will need to compensate with additional devices, or simply they can’t be met. During the design and construction of the new system, the Service Supplier needs to know what to buy, and how to configure, install, and test. Not dominating this practice may lead to project delays, rejection, penalties and other project risks.
Many organizations are unfortunately not addressing a robust design in their plants, systems and services, leading to potential risks to still occur even the huge capital expenditure and resource allocation.
Security By Design at Two Instances: The Plant and the System
Security by design has different scopes and implications depending on the application and the role of the user. These roles are: (a) the Asset Owner, (b) the Service Provider, and (c) the Component Manufacturer.
The RMS currently covers the first two. It does not yet cover ISA/IEC-62443-4-1 standard. It covers the ISA/IEC-62443-4-2 to determine SLC on components.
The Security & Safety by desing, it may also include reviewing the plant’s design. This is done based on the findings from the industrial cybersecurity risk assessment.
Each zone and conduit in a specific SUC is unique. As a result, only a particular set of countermeasures will work effectively. These measures are crucial to mitigate all the intolerable risk efficiently and sufficiently.
Understanding the results of risk assessment is crucial. Furthermore, it is required to consistently design the countermeasures. However, this should not lead to deterioration in other industrial risk disciplines.
Whether we’re dealing with a current legacy SUC or a future one, the design must undergo an engineering by design process. This is to ensure its implementation is optimal and secure. Furthermore, it guarantees a safe and smooth operation of the plant.
Conceptual Design of Zones & Conduits - Security By Design
The Conceptual Design module in the plant is based on one of the oldest principles of defense in depth, originated in military intelligence. It is used primarily to avoid the occurrence of potential consequences, influencing the design of the control system and the design of the plant.
This ancient technique intelligently allows the Asset Owner to avoid the occurrence of possible consequences, even in the event of a cyber incident. This module synchronizes with the Detailed Design and Rationalization Module.
The RMS/ZCM system has the necessary techniques to ensure that the design is robust across multiple layers of security and consistent with other industrial risk disciplines. Each zone and conduit will have a unique set of countermeasures, even sharing the same level of security, SLT. These will depend heavily on the industrial process and the possible consequences, rather than on the threats and vulnerabilities of the moment.
Detailed Design of Zones & Conduits - Security By Design
This is another module to ensure consistency within the multiple layers of protection, where the main objective is to reduce the probability of occurrence of the cyber incident, making it increasingly difficult to compromise the node, according to its level of risk.
The main focus of this module are the zones and conduits of the system under consideration (SUC). The creation of technical specifications for cybersecurity (CSRS), resulting in the three design modules, which are: conceptual design, detailed design and rationalization.
Whether it is a system that has been existing in the plant for decades or a new system during the procurement process, these requirements go directly to the service provider or the system (industrial system integrator). Redesign of an existing system or design of a new system.
The RMS/ZCM system has the capacity to manage the three different types of security required by the ISA/IEC-62443 standards, which are: SLT (Desired or necessary), SLA (Achieved or current) and SLC (Individual capability for each component).
Rationalization of Vigilance, Alarms, and Response - Security By Design
This module takes care of monitoring and security events management design. Most vendors fail to implement security monitoring, detection, and alerting systems. Even more so when responding to cyber events. They lack the primary context for evaluating and making correct decisions, “The Risk.” They don’t know the risk, they don’t understand the plant, so they implement systems in learning mode. Wishing to learn something over time.
The hard way to learn, the wrong way to make decisions. The only way for observation to discover the potential risk is that the consequence must occur at least once. The same PLC model at different plant sites can have completely different consequences. Among them, deaths, multiple fatalities and catastrophes. Learning in this way is completely unacceptable.
Rationalization means that we do not need the learning mode. Our monitoring, surveillance, alerting, alarming, and cyber incident response system is accurate, with no false positives. We avoid the distraction of valuable plant resources, focusing on what really matters.
Effective & Efficient Mitigation
The Challenge for both: Asset Owners and Service Suppliers
Both roles addresses challenge at this stage when working together or independently. Implementing changes to a running environments may create additional risks to the safe and secure operation of the plant. Some changes may be implemented on the go, others will require the plant shutdown.
Here is where the real job is done and the existing intolerable risk is mitigated. The industrial cybersecurity risk is mitigated by doing the right things right. In today’s business world, many companies are excellently executing the wrong strategies. Furthermore, they are also incorrectly implementing inappropriate actions. Lastly, even when they undertake the right tasks, they often carry them out wrongly. Don’t be one of them. Do the right things right.
Assets Owners must take responsibility to move forward with the correct mitigation of the risk. It has no sense to perform a risk evaluation and then mitigating wrongly or just doing nothing. It is not only a loss of value, the Asset Owner is knowingly ignoring a risk evaluation. In the future, it may have additional legal consequence for neglecting a recommendation or a solution, the insurance company not covering the losses or even worse. Specially if someone gets hurt.
The Asset Owner will be the ultimate responsible for its risks. Think about the Titanic. The Asset Owner had insurance. Was it worth? Read more about the Analysis of Responsibility for the Sinking of the Titanic.
Contruction of new systems - System Integrators
The responsibility for building the new control system will typically rely on the System Integrator. The Asset Owner (or the EPC company in charge of the engineering), will design or set the functional requirements for the new system, together with the security requirements. The group in charge of the engineering will also be in charge of assessing the risk and creating meaningful requirements for its suppliers.
Now, the System Integrator, must deliver a control system that works, but also meet the security requirements. These requirements should be tested and approved by the Asset Owner during the FAT, and CyberFAT at the supplier facilities. Then perform a SAT and Cyber SAT at the plant before starting the plant.
The System Integrator should have an engineering and construction process that ensures that the requirements are going to be met. This is engineering-by-design. Imagine if it does not meet the requirements and certain devices needs to be replaced and purchased again. Terrible new for both parties. The System Integrator has the biggest responsibility, but the Asset Owner may have a lot more to lose, such as not starting the plant on time.
Modifications of existing systems - Service Suppliers and Asset Owner
The provider of this service undertakes the execution of all essential modifications on a pre-installed and functioning SUC at a specific plant. Alternatively, they are also responsible for the design and setup of future SUCs. These new units will be installed in a production environment.
Existing systems will be transformed through changes consistent with necessary policies and procedures. Physical modifications to the installation of the SUC and industrial processes may be necessary and must be incorporated respecting the change management processes of the plant. All this without generating interruptions in production, eventually taking advantage of scheduled plant stoppages.
ZCM Analyzers Running in Secure & Protect Mode
At this stage, the ZCM Analyzers converts into a 7×24 protection device. The ZCM Analyzers unveils the real potential by being able to monitor for intrusions, detect anomalies, detect threats, manage syslog events from industrial firewalls and smart switches, receive events from ZCM Host Agents installed at HOST devices, receiving process date with OPC Client, supervising wireless networks, and more.
The multiple ZCM Analyzers are configured from the RMS Server according to the results of the RMS activities to meet specific security requirements as designed during the Conceptual Design, Detailed Design and Rationalization Design.
Mitigating Risk Effectively and Efficiently
The RMS Suite unveils it potential at this software package. The package offers two main modules. These are Mitigation Project Management and Mitigation Configuration Management. These two modules are feed with the result of the Design and connected to the different products and tools within the RMS system.
Risk Mitigation Management Module directs granular activities and tasks to implement, change, configure, setup, and test all requirements that have been generated with the Design Modules. The mitigation management module manages responsibilities, dates, duration, tasks, and adds capabilities to verify that these requirements are being implemented and meet.
On existing systems there will be changes to be introduced at the zones and conduits, the specific devices, procedures, and physical installation of the system and the industrial processes. All the tasks and actions are justified with the results of the design. It helps the organization to enforce the correct implementation of the designed actions.
On new systems, it can be used to depict the engineering process around the constructions of the system, or any project. It is a project and resource management module.
Configuration Management Module unveils the potential of the ZCM Analyzers by configuring the devices to perform specific security functions. The ZCM Analyzer are smart devices with standalone capabilities to monitor and protect. ZCM Hosts Agents can also be configured from this module, including the integration with third party devices, and API interfaces with other systems and solutions.
The two modules produces the rationals and the auditable evidence to be shown to auditing department or authority of certification. It tracks the progress of the risk mitigation from the beginning to the end.
Cybersecurity Acceptance Tests
Directly linked to the previous modules, t
his module is dedicated to the verification and the acceptance or rejection of the implemented countermeasures. The verification and tests must be good to verify the conformance to specific requirements by each zone and conduit. Each zone and conduit will have its own requirements. It is of fundamental importance to avoid over-testing or under-testing.
Finally, what is implemented and installed needs to be contrasted against the results of the industrial risk assessment. There is no benefit in conducting a risk assessment, making decisions, and then implementing and verifying something else.
Safe & Secure Operation
The Challenge to Asset Owners
Asset Owners should have the risks mitigated and use the monitoring, detection, alarm, and response to assist the safe and secure operation. The detection, monitoring and response should not be used as the primary strategy to mitigate risk. Many companies are jumping directly to these tools without executing a risk assessment, design and proper mitigation. The risk is already there in the weak design.
Avoid creating external dependencies to the plant. The operation of the plant should not depend on external resources. Think about the CrowdStrike incident, which caused major damage to the global businesses and many countries. The operators are standing at the front seat maneuvering the critical processes, and they should never be bypassed by external systems or people, unless these are safety systems located in Purdue Level 0 or 1.
Many people wrongly believes that OT security is IT problem and responsibility, which is incorrect. If the cyberattack can cause a plant shutdown, a boiler explosion, an environmental damage, and such, it is a plant problem, and therefore OT responsibility.
Mitigated risks (Recommended): this activity can be carried out on zones and conduits that have all their risks mitigated. Potential (Intolerable) consequences can no longer occur. Cyber incidents can still happen. This doesn’t mean you shouldn’t be alert and respond to cyber incidents. It is said that a safe plant is a boring place.
Unmitigated risks (Not recommended): Potential consequences can occur, although we have already identified them. Response becomes crucial to protect on time. At least, you may be able to have a response plan that can be assertive. Risks should be mitigated as soon as possible. Monitoring should not be used as the primary initiative to mitigate risk, it should be used to assist the operators keeping their attention to the safe operation of the plant.
Realtime Network Surveyllance for Safe & Secure Operation
ZCM Analyzer: The different surveillance tools are developed near each zone and conduit. Intrusion detection, anomalies, threats, receiving syslog events generated by other devices (industrial firewall, smart switches, ZCM Agent,….), OPC Client for monitoring process variables, security sensors for physical access control (open/close, presence/movement), wireless network monitoring, and more.
The multiple ZCM Analyzers send notifications to the ZCM Server for management and assertive response, without false positives.
Realtime HOST Surveyllance for Safe & Secure Operation
The ZCM Agent is a piece of software that works in conjunction with the ZCM Analyzer. ZCM Agents are installed on operator stations, servers, and other HOST-type devices. The ZCM Agent acts as a resident security agent in the HOST (Example: Microsoft Windows), monitoring the operation of the device, software applications, security policies, user actions, among other tasks. A series of 30 diagnostics that are executed by the ZCM Agent are sent to the ZCM Analyzer. After being processed by the ZCM Analyzer, they are sent in real time to the ZCM Server.
Notifications Management - Corrective Maintenance
The RMS is responsible for real-time monitoring and diagnostics. It maintains plant safety by averting high-risk situations. Moreover, it accomplishes these tasks without requiring external assistance. There’s no necessity to transmit critical data or real-time information outside the plant.
The plant should have enough capabilities to respond to any type of event. The RMS system receives notifications from ZCM Agents, ZCM Analyzers, and third party devices. The RMS Systems also generates other types of events that require attention without false positives. There are two types of notifications: Alerts & Alarms. Alerts does not need a response, and are generated for information purposes only. Alarms must be responded in a timely manner and with a specific written and practiced response, list or instructions, or a procedure. All mandatory responses need to be managed and recorded.
KPIs and scheduled system reports are generated automatically. The results need to be analyzed for improvement, undergoing PDCA cycles.
Response Management - Corrective Maintenance
Alarms must be responded in a timely manner and with a specific written and practiced response, list or instructions, or a procedure. All mandatory responses need to be managed and recorded.
With RMS, there is no need for “Learning Modes”. The system already has the knowledge for precise and timely responses. Every Alarm has a planned response, such as a list of instructions or a response procedure. Within a plant environment, there is no time for improvisation.
KPIs and scheduled system reports are generated automatically. The results need to be analyzed for improvement, undergoing PDCA cycles.
Preventive & Corrective Maintenance
The Challenge for both: The Asset Owners and Service Provider
Every type of change in a control system over a running environment may bring additional risks to the safe and secure operation of the plant. Changes needs to be evaluated before deploying. A decision taking process is required, and therefore precise and accurate data must be used for taking these decisions. There are shared responsibilities within the different roles. The Asset Owner, Service Provider, and Product Manufacturer.
The Asset Owner phases the challenge to keep and maintain the safety of the plant and security of their systems. The systems will remain at the plant for an average of 20 years or more. Sounds processes and procedures needs to me established. These are: (1) Update and Patch Management, (2) Change Management Procedures, and (3) Backup and restoration.
The current dynamic environment of security is demanding the Asset Owners to process updates in a frequent basis, which means more risk to the plant. An agile and confident methods needs to be established to avoid additional risks.
Cyber OT Intelligence - Remote Support Bodyguarding Your Back
The RMS System is capable of real-time monitoring and diagnostics. It is also capable of Notifications & Response Management. It maintains plant safety by averting higher-risk situations. Moreover, it accomplishes these tasks without requiring external assistance. There’s no necessity to transmit critical data or real-time information outside the plant.
Despite this, the end user may have an interest in additional supportive services. These could potentially contribute to a safer and more secure operation. Should this be the situation, we are amenable to scrutinizing the associated requests and requirements. This is done with the intent to facilitate any RMS/ZCM installation.
Remote support and diagnostics assistance: Our professional can access remotely to the RMS/ZCM System for diagnosis, performance, consultative, analysis, auditing, and suggestions.
Custom Developments: The ZCM Analyzer can run passive and active tools. We can also develop custom-made applications due to the rich and powerful ZCM operating system. Example: The ZCM Analyzer can also be converted into a powerful industrial firewall.
RMS API (Application Programming Interface) allows integrating with third party systems, such as SOC IT/OT, Q-Radar and other more elevated systems. Similarly, the RMS/ZCM System can manage and distribute discoveries, policies and procedural updates to the multiple RMS Servers.
Patch & Update Management - Preventive Maintenance
Patches and updates are those types of changes on control systems that the end use is not willing to do. At least not willing to do on a frequent basis, and only by exception. Patches are changes and changes on control systems may end in undesired effects and risks to the operational environment. Changes on control systems are highly managed and costly, specially if they go wrong.
Match the patch/update with existing vulnerabilities, updating the vulnerability database. If the patch or update does change any of the essential functions or the design of the system in any way, then it should be managed as a change.
RMS/ZCM patch and updated management has a built-in process in compliance to ISA/IEC-62443-2-3 Technical Reference to grab all the necessary information to take decision, and create a plan to deploy the patch as it was decided. Follow-up with the results and monitor for after side effects, until the observation period is passed.
Change Management - Preventive Maintenance
A change is something that the plant is willing to do, because it is good for the business, the safety or the security of the plant. It is justified by a desire of the plant. It may be technically or business driven. Anyway, the end user is expecting a benefit of that change. Changes can be risky as well. A change in the design of the zone, the conduit or the process, may bring a different SLT, recommendations, profile. A full set of risk scenarios needs to be reevaluated.
The changes proposed to the zones, conduits or industrial process, should not be approved until the affected nodes are re-evaluated from Cybersecurity perspective, as these changes may affect negatively the security of the system and finally the safety of the plant.
The RMS/ZCM systems allows creating a temporary copy of the previous Detailed Risk Assessment, including HLRA, so the user can simulate and evaluate the change in the zones and conduits before its approval. Additional countermeasures may be required.
Backup & Restore Management - Preventive & Correcive Maintenance
Backup and restore is one feature that the RMS/ZCM Systems does for itself. The RMS/ZCM can generate and maintain backup and restorations processes and procedures for system, databases and user data. The RMS/ZCM system does not manage backups from control systems or any other vendor, by it can monitor and supervise third party backup systems at its corresponding zone.
The RMS Servers support redundant configuration, by having two RMS Servers with the same IACS Site. Does one Server fail, the secondary server continues working without interruption. RMS/ZCM Server also support failover storage discs array on each tolerant servers for additional security. The ZCM Analyzers configuration is kept on the RMS Servers. ZCM Analyzers can be easily tolerant to failures simply by adding a ZCM Analyzer to the same zone. Very little configuration will be required.
Certification & Compliance
The Challenge for both: Asset Owners & Service Providers
Sooner or later, recognized organizations will be required to certify the implementation of ISA/IEC-62443 series of standards by an Authority of Certification. This is valid for Asset Owners, Service Providers, and Product Manufacturers.
If the implementation of the ISA/IEC-62443 series of standards is not done correctly from the beginning, it may be the case they need to redo the work again. This is a lost of value in the investment. We encourage the Asset Owners and Service Providers to implement the ISA/IEC-62443 series of standards in compliance producing certifiable evidence, embracing perfection. With the RMS and WBS, we got this covered.
- Elaborate the Policies and Procedures meeting ISA/IEC-62443 series of standards requirements.
- Produce the auditable evidence that will be required by the certification authority.
- Keep and maintain traceable evidence with the rationals, include time stamping.
Failing to meet these premises may require to redo the work and a lost of value. Achieving these objectives guarantees the correct implementation of the standards and therefore the confidence that everything is being done correctly.
Performing Audits & Verifying Compliance
What can be audited and/or certified for compliance?
- The Cybersecurity Management Program (CSMS)
- With the proven WBS Methodology, Critical Control Points.
- The security of any System under Consideration (SUC) through its lifecycle
- New future system from basic engineering.
- Existing system, recently installed or old legacy.
- Vendors and Suppliers
- Solutions Providers.
- Engineering/Service Providers.
- Product Suppliers.
- Cybersecurity Professionals.
- Activities performed by Security Professionals.
Documents & Reports Management
The RMS generates auditable reports from each module supporting the proven WBS Methodology. Generates all reports for each of the multiple IACS/SUCs in a normalized manner. This will easier the revision by any Certification Authority while keeping key critical sensitive data inside the plant.
The RMS can obtain the electronic signature or digital signature for those reports that are the result of multidisciplinary activities. Or collect feedback from them for corrections and revisions. Keep the entire process of generating auditable documents traceable, avoiding the incorrect manipulation of important and relevant decisions.
The RMS avoid dumping sensitive, critical information into reports, and avoid reverse engineering. Many reputable consulting firms produce step-by-step instructions on how the control system can be compromised to destroy the plant. Don’t fall victim to this extortion, which many companies use to get money out of you. This type of “Little Illustrated Hacker type of reports” should never be produced, creating an additional risk for the organization. All our RMS/ZCM system reports had been carefully designed to protect the plant, period.
Audit & Continuous Improvement
With the RMS audit, any already installed SUC at a specified plant or operational environment. Alternatively, it can audit a new system that is currently in its engineering phases. Almost everything can be audited and reviewed for compliance with the standards and for effective and efficient risk mitigation.
The entire Industrial Cybersecurity Management Program can be audited for compliance, and continuous improvement.
At WiseSecurity, we offer a unique solution for JIT auditing and certification. This is done during the execution of projects to prevent rework. It also ensures faster mitigation. We use an effective audit and compliance methodology.
Would you like to know more?
Our security strategy ensures the protection of your most valuable assets. It shields all risk recipients by preventing potential consequences. This is aimed at eliminating any possible impact on them. The result is a robust infrastructure that can withstand various threats that yet doesn’t exist. It’s designed to resist attacks that could compromise one or more cyber-assets.
