Since 2005, Lofty Perch has been the leader in SCADA and Industrial Control Systems cyber security. Working around the globe and across all critical infrastructure sectors, Lofty Perch specializes in security assessments, integrated secure architecture reviews, countermeasure development, customized threat reviews and incident response support. Our extensive experience securing industrial automation systems for Energy Management, Smart Grid/AMI, Water/Wastewater, Oil & Gas, Mining, and Transportation ensure our capabilities will align with your cyber-risk reduction programs. With a suite of proven services specific to process control and SCADA cyber security, organizations around the world have come to trust Lofty Perch for their extensive capabilities and approach to securing mission-critical operations.
Critical Infrastructure Protection
Lofty Perch helps you understand the real risk to your operational
technology and will empower you with the knowledge to protect it.
What We Do.
Lofty Perch is a global leader in providing cyber security services and technology for mission critical industrial architectures.
With a core focus on SCADA and Process Control environments, Lofty Perch leverages scientific expertise, security engineering leadership, and rich practical experience to develop solutions to meet the infrastructure protection challenges faced by private sector, law enforcement, and national security communities.
Lofty Perch is the most trusted name in control system security. We help key industrial and utility sectors secure their industrial information infrastructures by using a comprehensive suite of services and technology that is designed specifically for reducing cyber-related risk within SCADA, DCS, PCN and ICS environments. Specializing in technical assessments, architecture reviews, compliance strategies and threat analysis we combine unparalleled security experience with engineering excellence. We provide realistic and effective security solutions that can protect the very systems that are so important to your business, to public safety and to economic stability.
- SCADA and industrial control system cyber threat risk assessments (penetration testing, vulnerability analysis, threat modelling, )
- Security architecture assessments for both existing and yet-to-be-built production environments
- Sector-specific assessment and compliance services (NERC, NRC, NEI, AWWA, NIST, etc.)
- Development of customized security solutions for SCADA/ICS/DCS using commercial security countermeasures (firewalls, IDS/IPS, SIEM, etc.)
- SCADA/ICS Incident Response and Forensics investigation support (real time, fly-away, law enforcement coordination)
- Technical SCADA/ICS cyber security exercise development and execution; mock audits; no-knowledge security reviews; OSINT and exposure analysis programs
- Procurement language support and development of security-focused procurement specifications for pre-acquisition activities
- SCADA/ICS cyber risk management framework development, policy development services, business impact analysis, inventory and asset prioritization programs
- Comprehensive curriculum of SCADA/ICS security training and awareness (introductory, intermediate, advanced, and executive-level)
- AMI and Distribution Automation security assessments, including laboratory and field testing, reverse engineering code/firmware analysis, cryptographic analysis, and standards compliance (NISTR 7628, DHS, AMISEC, etc.)
- Unique services specifically designed for military, intelligence and law enforcement activities
With extensive experience in risk analysis and consequence mitigation, Lofty Perch will help you create an effective protection framework to get you aligned with standards, empowering you with a proven, repeatable and self-sustaining capability. Our experienced professionals bring outstanding capabilities in cyber security, physical security, operational security (OPSEC), and industrial engineering to help you get the tactical real-world solutions that work including:
- Sector Specific Risk Profiling
- Critical Asset Identification
- Interdependency Analysis
- Scenario Planning
- Consequence Analysis Studies
- Multi-sector Exercises
Lofty Perch has supported projects that scale from several thousand devices to millions of telemetry points and include integrated assessments of head-end and backhaul as well as the vendor upgrade process. Lofty Perch capabilities are extensive and include:
- Comprehensive solution architecture security reviews
- Smart grid security plan reviews
- Head-end, backhaul, and field-level aggregation/device security analysis
- Security analysis of embedded metering/radio solutions and field support systems
- Back-end SCADA (transmission/distribution) cyber security assessments, including application security, operational security, and communications resiliency
- Smart Meter testing for electric, gas, and water infrastructures (C12.18/C12.19/C12.21/C12.22)
- Data collection and customer care system (AMI integrated) security analysis
- Power-line monitoring data security analysis, vault monitoring, and integrated transformer metering assessments
- SCADA radio system security analysis, including FHSS and dedicated channel analysis, 802.15.4 security analysis, interference and jamming analysis
- Chipset and memory analysis, cryptographic analysis
- Meter mesh security analysis and anomaly detection solutions
The scope of capabilities that Lofty Perch provides is extensive and it is recommended that you contact us for more information. At a high level, our scope of services includes:
- Comprehensive (blended) cyber/physical threat assessments
- Detailed exposure analysis, OSINT profiling and target folder development
- Technical attack tree (kill chain) models and condition-based attack scenario model development
- Topic-specific training (based on outputs from technical/tactical security assessments and penetration testing)
- Cyber-based human factor security analysis (SCADA/ICS focused)
- Security analysis of commercial SCADA/ICS/DCS/PCS solutions
- Detailed developer-level security analysis of vital technology (software, firmware, hardware, logic, embedded systems, etc.)
- Static analysis, manual analysis, runtime analysis, binary analysis, hardware analysis, protocol analysis and automated/manual testing
- Comprehensive supply-chain security analysis (no-notice site visits, interviews, back-checks, random device poll analysis, SDLC review, etc.)