Opswright Pre-Release

Be part of the team and contribute to the security engineering solution revolutionizing how critical infrastructure looks at operations.

OT Profiles

Pre-configured but flexible profiles such as substation or water treatment plant to accelerate your configuration. These profiles include common critical processes and functions, asset configurations and recommended security controls and align to industry standards such as IEC 62443.

Risk Scoring

Visual dashboard illustrating impact-driven quantitative risk scoring assumes compromise, but identifies the boundary condition between adversary objectives and your risk tolerance for failure to identify where security investment is needed.

Critical Functions

Pre-configured but flexible functions defined based on your OT site profile help to focus on the critical functions that must be protected. This creates the backbone for the protective characteristics that come later.

Consequence Prioritization

Lasers in on the consequences that must never happen in order for your organization’s mission to be fulfilled. The connectivity of consequences and risk appetite to adversary objectives creates the boundary condition for action.

Failure Mode Event Analysis

We support process and cyber security control Failure Mode Event Analysis to help you understand where the components you rely on may fail and how to build redundancies to ensure your mission remains on target.

Project Status

Visual dashboard shows you where project status is at all times so you can stay on top of current and future project work required to ruggedize your OT environment. Project tracking is managed native within Opswright, with optional connectors to 3rd party project management tools.

Engineering Design Validation

Validate the engineering designs suggested in capital construction projects meet your security requirements and ensure that all project stakeholders are on the same page when it comes to security engineering design.

Adversary Objective Analysis

We analyze the likely objectives of your adversaries to help you understand what they may be targeting. This helps to prioritize where to apply controls, as these decision points intersect with your risk appetite for failure.

Task Prioritization

By understanding adversary objectives and the boundary condition for failure, we use risk scoring to help prioritize the tasks that must be completed to ensure that your operation remains within acceptable operating parameters at all times, and associate these tasks to relevant projects in the status tracker.

Frequently Asked Questions

As this is a pre-release, we are just getting started. Keep an eye on this page for more FAQs

What am I buying?

You will receive early access to the Opswright platform for at least 3 months prior to release, and become a design partner in the future of securing critical infrastructure. We are offering a future discount of 10% on future sales for all pre-release customers.

No, really, what does this mean?

CCE prescribes a 4 step process comprised of:

  • Consequence Prioritization
  • System of Systems Analysis
  • Consequences-based Targeting
  • Mitigations and Protections

This pre-release focuses on the first of these 4 phases, but also aligns with the concepts of Failure Mode Event Analysis (FMEA) and Business Impact Analysis (BIA) and is an excellent way to orient your security program.

What is Opswright and why should I care?

Opswright is taking the concepts of Consequences-Driven Cyber-Informed Engineering (CCE) from the US Department of Energy and Idaho National Labs, and making them available for software-based and robust security engineering for the masses.

So when will the rest of this be ready?

We are targeting Q3 2023 for our initial pre-release, with later phases, including a community as well as an enterprise edition once we exit beta. We are hard at work and will keep the community updated as we progress.

 

As we are a #buildinpublic company, you can sign up to our newsletter below for product updates and current news related to security engineering in critical infrastructure.