ResilTech offers leading-edge consultancies and technical support for the following activities:
Design of safe systems
Resiltech offers support for the design of safe systems; at system level:
- Architecting and Implementation of Dependable Systems
- Trade-off analysis and design based on qualitative and quantitative models for:
- large-scale complex critical infrastructures.
- embedded systems.
Support for SW design:
- Application SW,
- Communication Middlewares,
- Diagnostic Libraries,
- Secure communication Libraries
- Software/tool development.
Verification & Validation
Full V&V&S Cycles activities according to latest standards of SW intensive system.
Creation of Verification and Validation plan:
- V&V Plan,
- RAM Plan,
- Safety Plan.
Creation of Verification and Validation reports:
- V&V Report,
- RAM Report,
- Safety Report.
Planning and management of Safety Cases at:
- System level,
- Sub-system level,
- Component level.
Functional and Safety Requirements Analysis:
- System, Sub-system and HW/SW Component level,
- Formal Technical Inspection,
- Traceability Analysis using commercial (as DOORS and RequisitePro) and custom proprietary solutions.
Tests Definition and Execution
- at System and HW/SW Component level,
- Coverage Analysis using commercial (Cantata, Logiscope, Test Checker) and custom code instrumentation,
- Unit/Integration tests,
- Functional Analysis,
- Robustness Analysis,
- Fault Injection Tests,
- Performance Analysis.
- Hazard Analysis:
- Preliminary Hazard Analysis,
- Interface Hazard Analysis,
- System Hazard Anakysis.
- Failure Mode and Effective Analysis (FMEA) and FTA (Fault Tree Analysis) both HW and SW,
- ISO26262 SW architecture Assessment – SW FMEA based,
- Formal Verification,
- Safety Analysis of HW microarchitectures: Systems on Chip and MCUs.
Software Quality Functional Assurance:
- Analysis and assessment of SW Architecture,
- Static Code Analysis,
- Quality Rule Checking supported by commercial (e.g. Logiscope) and custom tools.
Quantitative (model-based) Analysis:
- Analytic Evaluation
- RBD, Fault tree Analysis (FTA), SAN and Petri Nets
- SAN, Petri nets
- Using commercial (e.g. Moebius), academic (e.g. Deem) and proprietary solutions
Quantitative analysis is used to evaluate fundamental metrics demanded by IEC 61508 (functional safety standard):
- ISO 26262 (for automotive Electric/Electronic Systems)
- PMHF, SPFM, LFM
- CENELEC 501XX
- MTTF (Mean Time To Failure), MTTR (mean time to repair), MTBHE (Mean Time Between Hazardous Events).
Support for safety certification
Resiltech provides support for certification of safety-related products according to the most important international standards of railway and automotive domains: EN50126, EN50128, EN50129 and EN50159-1-2, Functional Safety Standards such as ISO26262, IEC61508.
Cybersecurity posture evaluation
According to NIST, the security posture is:
“The security status of an enterprise’s networks, information, and systems based on information security resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes.”.
To react to an always growing and challenging threat landscape we strongly suggest to measure and keep under control your cyber security posture. We might help you with the following services:
- Gap analysis of your CSMS against reference security standards from your domain.
- Identification of your Enterprise attack surface.
- Evalutation of the potential threats you are facing.
- Overall Risk exposure quantification.
Threat Analysis and Risk Assessment
Threat analysis and Risk assessment is a key step towards a secure system architecture.
Our cybersecurity experts will assure valuable results by leveraging the following points:
- Deep knowledge of the threat landscape related to your domain.
- Clear identification of the system under analysis, its border and its assets list.
- A complete identification and evaluation of System and products vulnerabilities.
- Full comprehension of the impact of each potential threats to your business.
- A Sound model based enabled methodology to handle the process.
Defence in depth architecture design
To keep the all unauthorized person away from your systems you must let their life to be as much difficult as possible.
System networks and subnetworks shal be organized according to the defence in depth approach that foresees multiple layer of security with multiple and different security solutions in place for each layer.
Resiltech has the expertise to support you in the design of a new ICS system architecture or in the identification of additional measure to strengthened what is already in place.
Preparation to security standard compliance
Planning of technical measures to improve the secure posture basing on Cyber Risk Assessment
- System decomposition in Zones and Conduits (ISA 62443-1-1, ISA 62443-3-2).
- Vulnerabilities and required Security Level (SL) identification (ISA 62443-3-2, ISA 62443-3-3, ISA 62443-4-1, ISA 62443-4-2).
- Risk reduction with opportune cybersecurity measures (ISA 62443-3-2).
Cybersecurity management in the context of railway systems
- Basing on CLC/TS 50701 that extends ISA 62443 for railway.
Support for the IEC 62443 certification of IACS systems for a specific Security Level (SL) (IEC 62443-3-3)
- Starting from the needed SL by system, cybersecurity requirements are verified in order to give evidence of the compliance of a system or component.
Support certification for ISMS systems, in accordance with the ISO/IEC 27001 standard
- Cybersecurity measures of the ISMS are verified with ISO/IEC 27001 requirements, for giving evidence of compliance.
Support for ISO/IEC 15408 (Common Criteria) certification of a «Target of Evaluation» (TOE) product for a given Evaluation Assurance Level (EAL).
- The procedure for verifying the ISO/IEC 15408 compliance is executed in accordance with ISO/IEC 18045 that provides verification requirements.
Support for R-155 regulation compliance
- Iso/Sae 21434 lifecycle and work products implementation.
ResilTech offers on-demand Professional High-Quality Training Courses on several topics related to RAMS, security and Functional Safety including:
- Safety Critical Systems and Architectures
- V&V Processes
- Fundaments of Dependability of Computing Systems
- Quantitative Evaluation of Resilient Computing Systems
- National and International safety standard specific courses (E.g.: ISO26262, EN50128).
- National and International security standard specific courses (E.g.: ISO/SAE 21434, ISA/IEC 62443, ISO/IEC 15408 common criteria).
ResilTech organizes cybersecurity training courses regarding:
- Methodologies of Cyber Risk Assessment and Risk Reduction based on
- NIST-SP-800-30, NIST 800-53
- CLC/TS 50701
- ISA 62443-3-2, ISA 62443-3-3, ISA 62443-4-1, ISA 62443-4-2
- Cybersecurity Standards:
- ISA/IEC ISO/IEC 27001 – ISA/IEC 62443 – ISO/IEC 15408 – NIST SP 800-30 – CLC/TS 50701 – ISO/IEC 33003 – ISO 21434 – ISO 24089
- European Directive on Cybersecurity and data protection
- NIS Directive and its actuation for DSP and OES, relating on cybersecurity standard