Cyber Security Services

The growth of the automation industry since the early 1980s has seen an explosion in the deployment of Industrial Automation and Control Systems (IACS) across a wide variety of sectors. The rapid changes in technology over the intervening years has resulted in a wide legacy of industrial control and safety systems that frequently run on proprietary networks, which use legacy equipment and often run on old and unsupported operating systems.

The expansion in interconnected industrial networks and systems has seen an increasing migration to commercial off-the-shelf technology such as Ethernet, TCP/IP, and Windows. Coupled with the desire to provide remote access, this has opened up IACS to a range of problems more typically associated with IT systems that use similar architectures, protocols and devices.

Such systems are typically used in a wide variety of applications including machinery control, SCADA, process / batch control, Fire & Gas, emergency / process shutdown systems.  Proeon have experience in assessing and developing cybersecurity solutions in the Oil & Gas, Utility, Chemical, Food and other industries that are heavily reliant on the use of IACS.

About Proeon

Proeon Systems is a systems integrator with a track record in the development of high integrity Industrial grade Control and Safety Systems based on hardware and software principally from Siemens and Rockwell Automation with resources to support Mitsubishi, GE, Schneider, OMRON etc.

Proeon staff have many years of experience in the development of industrial automation control system, safety and/or cybersecurity design, implementation and assessment.

We bring a depth and breadth of experience, skill and expertise working with complex and critical industry sectors and assisting in the identification and assessment of cyber security threats, and the resolution and management of the risks.

Every industry and business is different.  Proeon have the experience to work with you to determine the best mix of services and assessments to suit your unique circumstance.

Understanding Risks

The starting point is often to assist our clients in assessing and understanding the business risks presented by their Operational Technology (OT) systems. This can include:

Basic Health Check – Assessment of key business areas, in order to identify risks and aid management awareness and understanding.

Detailed Assessments – Review of network and security architectures, policies, procedures and documentation, to provide a detailed review of the information security status of the organisation, including:

  • System design and architecture

  • System access and privileges

  • Documentation of policies & procedures

  • Training of personnel including staff & contractors

  • Management and monitoring of system security

Results are benchmarked against key operational guidance and industry best-practice and will include action plans to allow clients to manage improvements.

Application Support

Proeon can assist with the provision of risk assessments and the development of management systems to improve the cyber security profile and posture of our clients that can include:

  • Risk assessments to comply with IEC 62443, NISD and HSE requirements to identify potential internal and external vulnerabilities and threats to IACS assets.

  • Development of management policies and procedures

  • Identification of IACS asset device types and locations within the network infrastructure

  • Understanding and mapping the application and functional requirements of the IACS assets including 24x7 operations, communication patterns, topology, required resiliency and traffic types.

Development of new / replacement systems

Proeon can upgrade and develop Control and Safety Systems in accordance with company engineering and the IEC 62443 standards. Design documentation includes a detailed review of the cyber security aspects of the design including hardware, network design and software.

Cyber Security Lifecycle Diagram.jpg

This design process recognises that no single product, technology, or methodology can fully secure the IACS and that any approach to security needs to address internal and external security threats.

Our approach uses multiple layers of defence (physical, procedural and electronic) at separate levels by applying designs, policies and procedures to different types of threats and that includes multiple layers of network security to protect networked assets.

If you have any queries please contact us to discuss how we can support you today. T:+44 (0)1953 859110