Citicus’ model for measuring risk has been uniquely developed from the world's largest set of data on what causes IT systems to suffer incidents. Citicus ICS extends this to optimize the specific ways in which risk factors should be evaluated for industrial control systems - using criticality assessments, balanced risk scorecards and supporting control and threat checklists. The use of 'risk dependency mapping' helps to identify and track interdependencies between control systems, other IT systems and key parts of the risk chain, including external suppliers and the services they provide.
Citicus ICS incorporates a knowledgebase of key controls drawn from recognized specialist standards from the US NIST, the UK Centre for the Protection of National Infrastructure (CPNI) and other bodies. Citicus' research and development of the new application was completed in partnership with organizations in the electricity, water and food production industries, and was part-funded by the UK Government’s Technology Strategy Board.
Simon Oxley, Managing Director at Citicus said, “There is a lot of interest in the robustness of critical national infrastructures in the face of evolving threats, especially following the recent Stuxnet and Night Dragon attacks. Although there’s much guidance being published – primarily by governments - there are few automated tools that allow organizations to manage risks to industrial control systems efficiently or that scale well. Our Citicus ICS risk management software represents a significant step forward in ensuring the adequate protection of the critical infrastructures that our society takes for granted.”
Marco Kapp, Director and co-founder of Citicus adds, “Citicus has a strong track record of partnering with our customers to deliver practical risk management tools based on real-world experience. We think the new capabilities that have emerged from this collaboration will be of great interest and value to organizations in process-based industries of all types and sizes.”
Citicus ICS is available from Citicus as an installable software application or as software-as-a-service.
Citicus Limited was formed in 2000 by Simon Oxley, Sian Alcock and Marco Kapp. The company provides world-class automated risk management tools that have been implemented in public and private sector enterprises of all sizes around the world, and helps customers implement them successfully.