June 11-14, 2017
Baltimore, MD USA

ICSJWG Fall Conference
September 12-14, 2017
Pittsburgh, PA USA

APTA Annual & Expo
October 8-11, 2017
Atlanta, GA USA

We look forward to meeting you!
For details & contact information »

Building bridges and reducing risk is what sets Cybersecurity Analysis, Ltd apart from its competitors. We bridge the knowledge gaps between executives, Operations, IT and business partners. Then we reduce identified cyber risks throughout the organization. We help you ensure that your company is properly protected to avoid catastrophic failures, costly errors, destruction of property and equipment, environmental damage, and most importantly, health and safety risks to your employees and partners.

We remove Fear, Uncertainty and Doubt (FUD) giving our customers piece of mind. Learn more about what we do »

Industrial Cybersecurity Services

  • Cybersecurity Strategy We help you determine an approach to industrial/process control system cybersecurity risk management that is appropriate to your risk profile and that meets industry best practices.
  • Governance Governance requires an effective set of checks and balances. We work together to define appropriate processes to help you stay in your chosen defensive posture.
  • Risk & Vulnerability Assessments Our methodical approach gives you a consistent insight into your current risk state. We define the boundaries of your system, plants, and facilities, and then we look within and without to determine your current risks. We help you factor in both the likelihood and the impact of any potential security-breach scenario.
  • Defensive Architecture In an ever-changing threat environment, what do you need to stay ahead of the risks? We work with your technical and business teams to design passive and active defensive architectures and strategies.
  • Compliance Monitoring We help you go from “We’re secure (we think)” to “We stand ready to react.” We work with you to define compliance monitoring and quick detection approaches so that your plant can run when it’s safe and you can take prudent defensive action when it isn’t.
  • Remediation Project Management Got gaps? We’ll help define projects to remediate gaps and get your systems to your baseline defensive posture – while keeping your plants and facilities on-line, productive, and safe. Our team works with you and your selected vendors to ensure you get to hardened, remediated operations as quickly as possible.
  • Shared CISO Programprovides your organization with a risk-prioritized, cybersecurity risk management program. It is based upon your industry's evolving standards and recommended practices from NIST, ISA, API, APTA, ISO, IEC, et al.

    An effective cybersecurity risk management program requires broad and deep expertise. Retaining that expertise is hard. The Shared CISO Program frees your organization from the staffing concern. Cybersecurity Analysis, Ltd. provides the expert knowledge and services you must have. Learn more »

Industries Served

Public Transportation – Rail

We understand rail, we co-wrote the APTA Recommended Practices. Whether it’s commuter, subway, light rail, or unattended systems, we’ve been in the facilities and know what to do.

Learn more »

Public Transportation – Bus

Buses are “rolling networks”. We secure the video/camera (CCTV) systems, fare collection methods, dispatch and vehicle location (CAD/AVL) as well as the on-board safety systems. There is a lot of risks to be dealt with. We help!

Learn more »

Rail – Freight

Positive Train Control (PTC) represents new risks and new safety - have you fully investigated your business cases? There are critical interfaces to dispatch and monitoring, Network Operations Centers (NOCs), maintenance facilities, and communications. How do you ensure that the vast array of technology you use is properly protected from information poisoning and cyber attack?

Critical Infrastructure

We work in other critical infrastructure areas including mining, chemical plants, manufacturing, and water / wastewater systems. We coordinate with Subject Matter Experts and your team to get to the key issues facing you and your organization.

Oil & Gas

We understand how these systems — especially those that are geographically far apart — present unique challenges to ICS/PCN. We look at how the enterprise systems inter-operate with your PCN to identify risks and formulate solutions to each problem. We have experience with oil & gas fields, pumping stations, steam generation, flare systems, oil separation plants, water purification, storage systems, custody transfer, tar sands, synthetic oil production, and gas plants, including hydrogen, oxygen, nitrogen, and rare earth gases.


Securing the process control systems that govern pipelines can be challenging due to geographical distribution, central management structures, and the simultaneous handling of multiple and diverse products. On top of that, remote locations may cause maintenance, physical security, and primary/secondary communications challenges. We know how to address these risks while advising you on your overall automation/ICS cybersecurity risk management approach.

Contact Us

Cybersecurity Analysis, Ltd.
333 W North Ave PMB 119
Chicago, IL 60610-1293
Phone: +1 484.844.1832

Proud member of the: