top of page
- Strategy




The current state of the Building Automation Systems (BAS) or the Industrial Control Systems (ICS) security, or lack thereof, has resulted in the potential for extensive security breaches to occur. 


IT-security implementations may not be directly applicable to the BAS/ICS due to the specific domain concerns, and the differing requirements and multiple devices and protocols present in these networks, and the uniqueness of each BAS, with its combination of physical media, protocols, and devices effectively that precludes a universal approach to security. 


With the increasing threat of terrorism and hacktivism, physical repercussions from cyber attack is an increasing concern.


While security in ICS systems managing critical infrastructure is improving, awareness has not arrived for those in the building automation realm - 2019 technology is being used with 1990s security practices.


ICS Cyber Threat Assessment.gif

Service Overview


EYP MCF, Part of Ramboll provides an assessment of the Critical Facilities Industrial Controls Systems (ICS)

  • Architecture

  • Installation

  • Security programs

  • Incident response readiness



Final deliverables include a defined roadmap of short, medium, and long-term improvement initiatives.




  • Cyber Threat Briefing: provide an overview of potential threats and recommendations on how  to protect  against those threats


  • DC Controls Systems security gap analysis: A detailed report is provided that includes observations from the assessment and recommendations on how to further develop and strengthen the focused areas assessed.


  • Threat Model Diagram: Build a representative diagram of your Data Center control system, map the various threat vectors that could be used to disrupt or degrade your operations and discuss how to prioritize the appropriate security controls.


  • Improvement/Mitigation roadmap: Provide a roadmap highlighting strategic and tactical improvements along with the sequence and prioritized recommendations.



- Other Services


  • Commissioning

  • Probability Risk Assessment

  • Policies, Practices, and Procedures (MOP/SOP)

  • Continual Staff Training

  • On-Call Services

  • Operational Facilities Consulting

  • Maintenance Management Programs 

  • Building Management Systems Review of Program and Sequences 

  • Annual Infrastructure Evaluation (Identify Level of Degradation & Assign Action Timeframe)

  • Root Cause Failure Analysis

  • Power Quality Analysis

  • Infrared Inspections


Critical Facilities Infrastructure

System Threat Assessment (CFISTA™)

bottom of page