Security Leadership.

112Since 2005, Lofty Perch has been the leader in SCADA and Industrial Control Systems cyber security. Working around the globe and across all critical infrastructure sectors, Lofty Perch specializes in security assessments, integrated secure architecture reviews, countermeasure development, customized threat reviews and incident response support. Our extensive experience securing industrial automation systems for Energy Management, Smart Grid/AMI, Water/Wastewater, Oil & Gas, Mining, and Transportation ensure our capabilities will align with your cyber-risk reduction programs. With a suite of proven services specific to process control and SCADA cyber security, organizations around the world have come to trust Lofty Perch for their extensive capabilities and approach to securing mission-critical operations.

Critical Infrastructure Protection

Lofty Perch helps you understand the real risk to your operational
technology and will empower you with the knowledge to protect it.

What We Do.

Lofty Perch is a global leader in providing cyber security services and technology for mission critical industrial architectures.

With a core focus on SCADA and Process Control environments, Lofty Perch leverages scientific expertise, security engineering leadership, and rich practical experience to develop solutions to meet the infrastructure protection challenges faced by private sector, law enforcement, and national security communities.

Lofty Perch is the most trusted name in control system security. We help key industrial and utility sectors secure their industrial information infrastructures by using a comprehensive suite of services and technology that is designed specifically for reducing cyber-related risk within SCADA, DCS, PCN and ICS environments. Specializing in technical assessments, architecture reviews, compliance strategies and threat analysis we combine unparalleled security experience with engineering excellence. We provide realistic and effective security solutions that can protect the very systems that are so important to your business, to public safety and to economic stability.

As a leader in SCADA and Control Systems cyber security, Lofty Perch provides an unparalleled capability in providing effective cyber security solutions to asset owners. With a core focus on SCADA and control system cyber security, the Lofty Perch security services portfolio can be tuned to accommodate any industrial architecture. In addition to sector-specific research in emerging risk-related domains for SCADA and industrial control architectures, the Lofty Perch technical security expertise is comprehensive in many areas including:

  • SCADA and industrial control system cyber threat risk assessments (penetration testing, vulnerability analysis, threat modelling, )
  • Security architecture assessments for both existing and yet-to-be-built production environments
  • Sector-specific assessment and compliance services (NERC, NRC, NEI, AWWA, NIST, etc.)
  • Development of customized security solutions for SCADA/ICS/DCS using commercial security countermeasures (firewalls, IDS/IPS, SIEM, etc.)
  • SCADA/ICS Incident Response and Forensics investigation support (real time, fly-away, law enforcement coordination)
  • Technical SCADA/ICS cyber security exercise development and execution; mock audits; no-knowledge security reviews; OSINT and exposure analysis programs
  • Procurement language support and development of security-focused procurement specifications for pre-acquisition activities
  • SCADA/ICS cyber risk management framework development, policy development services, business impact analysis, inventory and asset prioritization programs
  • Comprehensive curriculum of SCADA/ICS security training and awareness (introductory, intermediate, advanced, and executive-level)
  • AMI and Distribution Automation security assessments, including laboratory and field testing, reverse engineering code/firmware analysis, cryptographic analysis, and standards compliance (NISTR 7628, DHS, AMISEC, etc.)
  • Unique services specifically designed for military, intelligence and law enforcement activities

The Lofty Perch approach to Critical Infrastructure Protection (CIP) focuses on issues involving the protection of essential assets and key resources. By addressing core security domains of operational, physical, and cyber, our CIP programs provide for robust and effective solutions that can meet the emerging resiliency and compliance requirements of most sectors. Moreover, Lofty Perch has well defined and proven processes to aid in the development and delivery of programs that support both public and private initiatives.

With extensive experience in risk analysis and consequence mitigation, Lofty Perch will help you create an effective protection framework to get you aligned with standards, empowering you with a proven, repeatable and self-sustaining capability.

Our experienced professionals bring outstanding capabilities in cyber security, physical security, operational security (OPSEC), and industrial engineering to help you get the tactical real-world solutions that work including:

  • Sector Specific Risk Profiling
  • Critical Asset Identification
  • Interdependency Analysis
  • Scenario Planning
  • Consequence Analysis Studies
  • Multi-sector Exercises

Lofty Perch maintains one of the finest reputations in the industry for their work in the utility sector with numerous qualifications for work in electricity, water, and gas to name a few. In addition to their leadership in SCADA/ICS security assessments and architecture reviews, Lofty Perch is a recognized leader in security services for Advanced Metering Infrastructure (AMI), Advanced Meter Reading (AMR) and Distribution Automation (DA). Lofty Perch has been involved in countless comprehensive assessment projects that focus on metering and utility management operations, and the scope of their work extends from procurement language support to field testing to laboratory based reverse engineering analysis.

Lofty Perch has supported projects that scale from several thousand devices to millions of telemetry points and include integrated assessments of head-end and backhaul as well as the vendor upgrade process.  Lofty Perch capabilities are extensive and include:

  • Comprehensive solution architecture security reviews
  • Smart grid security plan reviews
  • Head-end, backhaul, and field-level aggregation/device security analysis
  • Security analysis of embedded metering/radio solutions and field support systems
  • Back-end SCADA (transmission/distribution) cyber security assessments, including application security, operational security, and communications resiliency
  • Smart Meter testing for electric, gas, and water infrastructures (C12.18/C12.19/C12.21/C12.22)
  • Data collection and customer care system (AMI integrated) security analysis
  • Power-line monitoring data security analysis, vault monitoring, and integrated transformer metering assessments
  • SCADA radio system security analysis, including FHSS and dedicated channel analysis, 802.15.4 security analysis, interference and jamming analysis
  • Chipset and memory analysis, cryptographic analysis
  • Meter mesh security analysis and anomaly detection solutions

In many instances, our customers required a set of services that are customized to meet non-traditional project objectives. In these cases, Lofty Perch leverages their extensive ‘real world’ experience and creates customized solutions to help their clients achieve their goals. As these service offerings are tailored to meet very specific objectives, no two projects are alike. After more than a decade supporting projects in both the UNCLASSIFIED and CLASSIFIED domains, Lofty Perch is your best choice for helping you meet ‘unique’ project goals.
The scope of capabilities that Lofty Perch provides is extensive and it is recommended that you contact us for more information. At a high level, our scope of services includes:

  • Comprehensive (blended) cyber/physical threat assessments
  • Detailed exposure analysis, OSINT profiling and target folder development
  • Technical attack tree (kill chain) models and condition-based attack scenario model development
  • Topic-specific training (based on outputs from technical/tactical security assessments and penetration testing)
  • Cyber-based human factor security analysis (SCADA/ICS focused)
  • Security analysis of commercial SCADA/ICS/DCS/PCS solutions
  • Detailed developer-level security analysis of vital technology (software, firmware, hardware, logic, embedded systems, etc.)
  • Static analysis, manual analysis, runtime analysis, binary analysis, hardware analysis, protocol analysis and automated/manual testing
  • Comprehensive supply-chain security analysis (no-notice site visits, interviews, back-checks, random device poll analysis, SDLC review, etc.)