Cyber Vulnerability Assessments (CVA)

Cyber Vulnerability Assessments

Cyber Vulnerability Assessments are a compliance component for not only NERC CIP-005 and CIP-007, but also for the DHS CFATS standards for the petrochemicals sector. Conducting vulnerability assessments on real-time live operating SCADA, DCS, EMS, and Process Control Systems is our specialty. Over the past 10 years we have leveraged our heritage in control systems engineering to create a methodology that blends the best of both passive and active approaches to glean the most security context from the system without impacting the safe operations of the plant or control center.

We have created a proven approach that takes into consideration both physical and cyber threats to SCADA and process control systems. We have used this methodology on countless field assessments over the years, and now teach this methodology in our 5-day training course. The six layers identified in the diagram below have all of the NERC CIP-005, 007, and DHS CFATS compliance requirements mapped into the system so as our team members are gathering the data from the field site(s), they are completing the steps required for a compliant vulnerability assessment approach.

Leave a Reply