Lofty Perch Solutions
See How Lofty Perch Protects OT Systems
OT/ICS Cybersecurity Assessment Services
As the leader in OT/ICS cybersecurity, Lofty Perch provides an unparalleled capability in delivering accurate and effective assessment programs for their customers. With a core focus on control system cybersecurity, the Lofty Perch security services portfolio can be tuned to accommodate any industrial architecture. With proven experience delivering services across the globe and in every infrastructure sector,
Lofty Perch can assist you and your organization with a broad set of assessment services that can be customized to your programmatic requirements:
-
- OT/ICS cyber threat risk assessments including penetration testing, vulnerability analysis, threat modeling, consequence analysis and cybersecurity review is applied to system design basis
- OT/ICS cyber risk management framework development, policy development services, business impact analysis, inventory and asset prioritization programs (cyber-risk driven, stakeholder-prioritized)
- Development of customized OT/ICS security solution requirements and subsequent architecture-specific procurement specifications for commercial OT/ICS products
- Sector-specific assessment and compliance services (NERC, ISA/IEC, NIST, ISO etc.) including cross-standard analysis and referencing (i.e. NIST/ISO, ISO/AWWA, etc.)
- Security architecture assessments for both existing and yet-to-be-built production environments
- Technical OT/ICS cybersecurity exercise development and execution; mock audits; no-knowledge security reviews; OSINT and exposure analysis programs .
As the leader in OT/ICS cybersecurity, Lofty Perch provides an unparalleled capability in delivering accurate and effective assessment programs for their customers. With a core focus on control system cybersecurity, the Lofty Perch security services portfolio can be tuned to accommodate any industrial architecture. With proven experience delivering services across the globe and in every infrastructure sector,
Lofty Perch can assist you and your organization with a broad set of assessment services that can be customized to your programmatic requirements:
-
- OT/ICS cyber threat risk assessments including penetration testing, vulnerability analysis, threat modeling, consequence analysis and cybersecurity review is applied to system design basis
- OT/ICS cyber risk management framework development, policy development services, business impact analysis, inventory and asset prioritization programs (cyber-risk driven, stakeholder-prioritized)
- Development of customized OT/ICS security solution requirements and subsequent architecture-specific procurement specifications for commercial OT/ICS products
- Sector-specific assessment and compliance services (NERC, ISA/IEC, NIST, ISO etc.) including cross-standard analysis and referencing (i.e. NIST/ISO, ISO/AWWA, etc.)
- Security architecture assessments for both existing and yet-to-be-built production environments
- Technical OT/ICS cybersecurity exercise development and execution; mock audits; no-knowledge security reviews; OSINT and exposure analysis programs .
Lofty Perch leverages over 20 years of experience supporting the development of all major OT/ICS cybersecurity standards, frameworks and best practices. With global experience applying NIST, ISA/IEC, APTA, ISO, AWWA and more, Lofty Perch is the preferred partner for helping organizations in their OT/ICS cybersecurity compliance programs. Whether you are just starting your compliance efforts or need to accommodate new requirements, Lofty Perch can help you meet your compliance goals regardless of the standard, framework or regulatory/corporate requirement.
By addressing core security domains of operational, physical, and cyber, our security compliance programs provide for robust and effective solutions that meet the emerging requirements of any asset owner. Moreover, Lofty Perch has well defined and proven processes to aid in the development and delivery of programs that support both public and private initiatives. With extensive experience in risk analysis and consequence mitigation, Lofty Perch will help you create an effective protection framework to get you aligned with standards, empowering you with a proven, repeatable and self-sustaining capability.
Our experienced professionals help you get the tactical real-world solutions that work including:
-
- Developing and delivering efficient programs to ensure the most realistic and accurate understanding of the required cybersecurity standard is being used
- Assist in the interpretation and application of the standard as it relates the goals and objectives of stakeholders and overarching corporate cybersecurity objectives
- Leveraging 20 years of standards-based OT/ICS security assessment and compliance services, greatly reducing the traditional cost associated with implementing and maintaining cybersecurity compliance programs
- Unparalleled experience in evaluating current organizational cybersecurity maturity to contemporary OT/ICS cybersecurity maturity
- Combined engineering and cybersecurity subject matter expertise to ensure alignment between development of applicable compliance standards and realistic cyber risk within the control system environments
- Comprehensive subject matter expertise and experience performing standards assessments and compliance reviews for NIST 800-53, NIST 800-82, IEC 62443, APTA, AWWA and more
OT/ICS Cybersecurity Compliance Services
Lofty Perch leverages over 20 years of experience supporting the development of all major OT/ICS cybersecurity standards, frameworks and best practices. With global experience applying NIST, ISA/IEC, APTA, ISO, AWWA and more, Lofty Perch is the preferred partner for helping organizations in their OT/ICS cybersecurity compliance programs. Whether you are just starting your compliance efforts or need to accommodate new requirements, Lofty Perch can help you meet your compliance goals regardless of the standard, framework or regulatory/corporate requirement.
By addressing core security domains of operational, physical, and cyber, our security compliance programs provide for robust and effective solutions that meet the emerging requirements of any asset owner. Moreover, Lofty Perch has well defined and proven processes to aid in the development and delivery of programs that support both public and private initiatives. With extensive experience in risk analysis and consequence mitigation, Lofty Perch will help you create an effective protection framework to get you aligned with standards, empowering you with a proven, repeatable and self-sustaining capability.
Our experienced professionals help you get the tactical real-world solutions that work including:
-
- Developing and delivering efficient programs to ensure the most realistic and accurate understanding of the required cybersecurity standard is being used
- Assist in the interpretation and application of the standard as it relates the goals and objectives of stakeholders and overarching corporate cybersecurity objectives
- Leveraging 20 years of standards-based OT/ICS security assessment and compliance services, greatly reducing the traditional cost associated with implementing and maintaining cybersecurity compliance programs
- Unparalleled experience in evaluating current organizational cybersecurity maturity to contemporary OT/ICS cybersecurity maturity
- Combined engineering and cybersecurity subject matter expertise to ensure alignment between development of applicable compliance standards and realistic cyber risk within the control system environments
- Comprehensive subject matter expertise and experience performing standards assessments and compliance reviews for NIST 800-53, NIST 800-82, IEC 62443, APTA, AWWA and more
Organizations around the world have come to trust Lofty Perch and their engineering-informed, consequence-driven approach to understanding cyber risk in control system environments. Lofty Perch specializes in providing customers realistic, accurate and usable approaches to OT/ICS cyber risk management because Lofty Perch understands reducing cyber risk in automation environments is an engineering problem and not an IT security problem.
Capitalizing on 20 years of practical, real-world experience Lofty Perch provides solutions that your entire stakeholder community can use:
-
- Support the development of OT/ICS cyber risk program elements to align with overarching corporate requirements and integrate with traditional risk registries
- Develop and deliver the entire lifecycle of OT/ICS cyber risk management programs from engineering-informed, consequence-driven assessments to the construction of standards-based compliance with sector or corporate governance
- Comprehensive analysis and review of existing OT/ICS cyber risk management programs in the development of accurate, applicable updates is driven by engineering, stakeholder and executive-level requirements
- Modernization of cyber risk management programs to accommodate emerging national or international cybersecurity requirements
- Development or update of entire OT/ICS cyber risk management portfolios including policies/procedures, governance, risk assessment, OT/ICS cybersecurity roadmaps, OT/ICS cybersecurity frameworks, supply chain security, procurement specifications, compliance testing and development of OT/ICS risk registry elements
OT/ICS Cyber Risk Management Programs
Organizations around the world have come to trust Lofty Perch and their engineering-informed, consequence-driven approach to understanding cyber risk in control system environments. Lofty Perch specializes in providing customers realistic, accurate and usable approaches to OT/ICS cyber risk management because Lofty Perch understands reducing cyber risk in automation environments is an engineering problem and not an IT security problem.
Capitalizing on 20 years of practical, real-world experience Lofty Perch provides solutions that your entire stakeholder community can use:
-
- Support the development of OT/ICS cyber risk program elements to align with overarching corporate requirements and integrate with traditional risk registries
- Develop and deliver the entire lifecycle of OT/ICS cyber risk management programs from engineering-informed, consequence-driven assessments to the construction of standards-based compliance with sector or corporate governance
- Comprehensive analysis and review of existing OT/ICS cyber risk management programs in the development of accurate, applicable updates is driven by engineering, stakeholder and executive-level requirements
- Modernization of cyber risk management programs to accommodate emerging national or international cybersecurity requirements
- Development or update of entire OT/ICS cyber risk management portfolios including policies/procedures, governance, risk assessment, OT/ICS cybersecurity roadmaps, OT/ICS cybersecurity frameworks, supply chain security, procurement specifications, compliance testing and development of OT/ICS risk registry elements
Lofty Perch Customized Solutions addresses the need for customers requiring support that exceeds conventional service offerings and assists in meeting non-traditional project objectives. In these cases, Lofty Perch leverages their extensive ‘real world’ experience and creates customized solutions to help their clients achieve their goals. As these service offerings are tailored to meet very specific objectives, no two projects are alike. Whether it is hybrid cyber/physical campaigns, support for cyber incident response/forensics or the development of customized, engineering-informed ‘kill chains’ Lofty Perch is your partner to take your OT/ICS cybersecurity program to the next level.
At a high level, our scope of services have included (but by no means are limited to):
-
- Comprehensive (blended) cyber/physical threat assessments
Detailed exposure analysis, OSINT profiling and target folder development - Technical attack tree (kill chain) models and condition-based attack scenario model development
- Advanced support for cyber incident response and forensics specific to OT/ICS environments
- Topic-specific training (based on outputs from technical/tactical security assessments and penetration testing)
- Security analysis of commercial OT/ICS solutions
Detailed developer-level security analysis of vital technology (software, firmware, hardware, logic, embedded systems, etc.) - Comprehensive supply-chain security analysis (no-notice site visits, interviews, back-checks, random device poll analysis, SDLC review, etc.)
- Comprehensive (blended) cyber/physical threat assessments
The scope of customized services provided by Lofty Perch is extensive. It is recommended that you contact us for more information.
Customized Solutions
Lofty Perch Customized Solutions addresses the need for customers requiring support that exceeds conventional service offerings and assists in meeting non-traditional project objectives. In these cases, Lofty Perch leverages their extensive ‘real world’ experience and creates customized solutions to help their clients achieve their goals. As these service offerings are tailored to meet very specific objectives, no two projects are alike. Whether it is hybrid cyber/physical campaigns, support for cyber incident response/forensics or the development of customized, engineering-informed ‘kill chains’ Lofty Perch is your partner to take your OT/ICS cybersecurity program to the next level.
At a high level, our scope of services have included (but by no means are limited to):
-
- Comprehensive (blended) cyber/physical threat assessments
Detailed exposure analysis, OSINT profiling and target folder development - Technical attack tree (kill chain) models and condition-based attack scenario model development
- Advanced support for cyber incident response and forensics specific to OT/ICS environments
- Topic-specific training (based on outputs from technical/tactical security assessments and penetration testing)
- Security analysis of commercial OT/ICS solutions
Detailed developer-level security analysis of vital technology (software, firmware, hardware, logic, embedded systems, etc.) - Comprehensive supply-chain security analysis (no-notice site visits, interviews, back-checks, random device poll analysis, SDLC review, etc.)
- Comprehensive (blended) cyber/physical threat assessments
The scope of customized services provided by Lofty Perch is extensive. It is recommended that you contact us for more information.