Explore

Experience

Inside SDI | Mission & Values | Made in Italy | Team & Governance

Innovation

Talent

We are SDI | Work with us | SDI Academy

Responsibility

Ethics | Certifications | Environment | People | Society

CYBERSECURITY

Advanced Technologies to Counter Modern Cyber Threats

Our Cybersecurity Vision: Reliability, Security, and Operational Continuity
In recent years, cyberattacks have increased in both frequency and severity. As a specialized partner in supervision, automation, control, and remote monitoring of critical assets and processes within strategic industrial sectors, we have invested significant resources in developing a cybersecurity approach that ensures three key objectives for businesses: reliability, security, and operational continuity.

Our Architectures: Resilient and Customizable

With 50 years of field experience, we have developed intrinsically resilient architectures, incorporating redundant systems (with hot-backup) and network redundancy (including PRP – Parallel Redundancy Protocol). Upon request, we also provide customized disaster recovery architectures with geographically separated hot-backup replicas of the main system.

Regulatory-conscious solutions

SDI’s solutions are developed in collaboration with our clients, adopting cybersecurity policies at both the application and architectural levels, based on risk assessment and aligned with the relevant national and international regulations, including: ISO 27001 and the Cyber Resilience Act (Europe), NIST (USA and Latin America) and other regional and global cybersecurity frameworks

We ensure compliance with these regulatory frameworks, offering a flexible approach to meet different regulatory requirements.

ISO/IEC 27000 Family

Defines the requirements for implementing and continuously improving an Information Security Management System (ISMS). Some standards in this family can be adapted to meet the specific security needs of Industrial Control Systems (ICS).
SDI is ISO/IEC 27001:2022 certified for the design, development, implementation, commissioning, and post-sales support of computerized control systems (hardware and software) for industrial processes and dedicated microprocessor-based systems.

BSI 100-2

Guidelines from the German Federal Office for Information Security for managing information security within organizations.

NIST SP 800-82 Guide to Industrial Control Systems (ICS) Security (USA)

An extension of the NIST Cybersecurity Core Framework, providing security guidelines for Industrial Control Systems (ICS) while considering performance, reliability, and safety requirements.

IEC 62443

A global standard designed to secure ICS and Operational Technology (OT) networks, offering cybersecurity guidelines for manufacturers, system integrators, and industrial plant operators.

NIS 2 Directive (EU Directive 2022/2555)

Effective since 2022, this update to the 2016 NIS Directive strengthens cybersecurity measures for critical infrastructures and essential sectors across the European Union.

ENISA Good Practice Guide on National Cyber Security Strategies (EU)

In line with the regulatory requirements of the NIS 2 Standard, the ENISA Good Practice Guide on National Cyber Security Strategies provides a framework for EU member states to create and maintain consistent, robust security strategies capable of responding to emerging threats.

Security at Every Level

EU Regulations

SDI is ready to comply with the new EU regulations that will come into effect on Oct. 17, 2024, under which companies operating critical infrastructure and essential services must take into account the security requirements defined by the European Union with the new NIS2 directive focused on network and information system security and the Cyber Resilience Act (CRA) directive that sets requirements for products to provide a high level of security

Non-EU regulations

SDI ensures compliance with the most stringent cybersecurity policies worldwide, adapting to local regulations and specific client needs.

Cybersecurity Policies

SDI applies comprehensive cybersecurity policies to ICS systems that manage energy production and distribution as well as SCADA systems used for critical infrastructure supervision and control.

Our Cybersecurity Paradigm: Five Layers of Advanced Security

The universally recognized layered security model ensures protection at every architectural level. SDI’s cybersecurity approach is structured into five layers:

1. Design

Redundancy

Disaster Recovery

Recovery Strategies Planning

Network Architecture

Firewalling

Segmentation

2. Protection

Vulnerability Assessment

Malware protection

White-listing

Hardening

3. Maintenance

Asset Management

Operative system patching

Software patching

4. Surveillance

Devices or software probes

Event Logging

SIEM log management

KPI calculation

XDR/EDR AI pattern recognition/prognostic

5. Response

Containment

Mitigation

Blocking

Collaboration with Client CERT (Computer Emergency Response Team)

Recovery Strategy Execution

Example: SDI SCADA Architecture

Our systems are segmented into multiple zones, each protected by dedicated firewalls, ensuring secure data flow from the field level to the network infrastructure.

Download the full version