New cybersecurity risk management tool for industrial control systems

Citicus has launched Citicus ICS, a new application to manage industrial process control risk. This enables organizations to identify and manage risks in SCADA and other process control systems, such as those supporting electricity generation, oil and gas production, water distribution and factory automation. These processes are the keystones of critical national infrastructure - which is now facing an increasing number of threats.

Citicus’ model for measuring risk has been uniquely developed from the world's largest set of data on what causes IT systems to suffer incidents. Citicus ICS extends this to optimize the specific ways in which risk factors should be evaluated for industrial control systems - using criticality assessments, balanced risk scorecards and supporting control and threat checklists. The use of 'risk dependency mapping' helps to identify and track interdependencies between control systems, other IT systems and key parts of the risk chain, including external suppliers and the services they provide.

Citicus ICS incorporates a knowledgebase of key controls drawn from recognized specialist standards from the US NIST, the UK Centre for the Protection of National Infrastructure (CPNI) and other bodies. Citicus' research and development of the new application was completed in partnership with organizations in the electricity, water and food production industries, and was part-funded by the UK Government’s Technology Strategy Board.

Simon Oxley, Managing Director at Citicus said,

“There is a lot of interest in the robustness of critical national infrastructures in the face of evolving threats, especially following the recent Stuxnet and Night Dragon attacks. Although there’s much guidance being published – primarily by governments - there are few automated tools that allow organizations to manage risks to industrial control systems efficiently or that scale well. Our Citicus ICS risk management software represents a significant step forward in ensuring the adequate protection of the critical infrastructures that our society takes for granted.”

Marco Kapp, Director and co-founder of Citicus adds,

“Citicus has a strong track record of partnering with our customers to deliver practical risk management tools based on real-world experience. We think the new capabilities that have emerged from this collaboration will be of great interest and value to organizations in process-based industries of all types and sizes.”

Citicus ICS is available from Citicus as an installable software application or as software-as-a-service.

About Citicus (

Citicus Limited was formed in 2000 by Sian Alcock, Marco Kapp, and Simon Oxley. Its award-winning Citicus ONE risk and compliance management software has been implemented in public and private sector enterprises of all sizes around the world, and Citicus’ partnership relationship with customers helps them implement and run their risk programmes successfully.

For more information, contact:

Simon Oxley, Citicus Ltd, Tel: +44 (0)20 7203 8405

Nick Hall, Citicus media relations: Tel: + 44 (0)7949 111174

Back to News


Share this post