Cybersecurity
Practical security for operational technology — not IT practice bolted onto a controller.
Cybersecurity regulations are now a reality for engineered systems. Whether you're building vehicles, vessels, industrial machinery or energy installations, there are standards you need to meet — and increasingly, your customers and class societies are asking for evidence that you've met them.
We help you make sense of what actually applies and get to a defensible position. That typically starts with a threat analysis and risk assessment (TARA) — the cybersecurity equivalent of a HARA — telling us which assets matter, how they could be attacked, and which controls are worth putting in. From there we translate the findings into concrete recommendations, help you implement the technical controls, build the management framework your customers and class societies expect, and produce the compliance evidence needed for audit and approval.
The Problem
It's not enough to know the regulations exist
The challenge is understanding what they actually require in practice, and implementing security measures that work without making the system harder to operate, maintain or update. Many of the systems we work with — controllers, PLCs, communication networks, converter interfaces — were never designed with cybersecurity in mind.
Retrofitting security into operational technology is a different problem from securing an IT network, and it's one that IT-centric approaches tend to get wrong.
What We Do
Threat analysis & risk assessment (TARA)
The equivalent of a HARA for cybersecurity. We identify the assets that matter, characterise the attack paths that could reach them, and rank the risks — so the effort and investment goes where it'll actually make a difference. Done to the methodology that applies in your sector: ISO 21434 for automotive, IACS UR E26/E27 for marine, IEC 62443 for industrial.
Recommendations, controls and implementation
Findings translated into concrete engineering actions — the technical controls that belong in the architecture, the procedural ones that belong in operations, and the changes that belong in the development process itself. Where useful we implement them with you; where you'd rather implement in-house, we support the team doing it.
Management framework & audit evidence
A cybersecurity management system sized to the organisation — policies, processes, roles, vulnerability handling, incident response — and the documented evidence your customers, class societies and regulators ask for. Not a templated stack of documents: one that reflects how your organisation actually works.
Coordinated with functional safety
Cybersecurity and functional safety easily end up duplicating effort or working against each other if they're not coordinated. We do both, and we coordinate them — so you end up with one coherent engineering case, not two competing ones.
Get in touch
Talk to us about cybersecurity
Our Address
Bracken House, 51 BRACKEN ROAD, SANDYFORD BUSINESS PARK, DUBLIN, Dublin 18, Ireland, D18 CV48
