Risk and Resilience Assessments
Assess cyber, physical, operational, and emergency readiness risk. Prioritize improvements that support essential service continuity.
Critical infrastructure risk and resilience
Cyber, Physical, and Operational Resilience for Critical Infrastructure
Systems Risk Advisory helps organizations that operate essential services reduce cyber, physical, OT/ICS, SCADA, emergency planning, and operational readiness risk.
Security and resilience support for organizations that cannot stop operating.
Systems Risk Advisory helps utilities, public works agencies, local governments, electric power organizations, and other critical infrastructure operators strengthen the systems, facilities, plans, and teams that keep essential services running.
The firm focuses on the practical overlap between cybersecurity, physical security, OT/ICS, SCADA, emergency planning, incident response, training, and operational continuity.
Engagements are principal-led and supported by qualified specialists when a project requires added technical, operational, physical security, emergency management, training, or facilitation depth.
Common risk questions
- Who has access to critical systems, facilities, and vendors?
- Where could a cyber or physical incident affect operations?
- What must keep working during a disruption?
- Who makes decisions when normal visibility is reduced?
- Which fixes should come first?
Core services
SRA services can be delivered as focused projects, combined assessments, leadership briefings, planning support, workshops, or exercises.
AWIA RRA and ERP Support
Support water utilities with Risk and Resilience Assessment and Emergency Response Plan updates tied to practical utility operations.
OT/ICS and SCADA Security
Review control-system security, remote access, vendor access, segmentation, monitoring, and readiness without disrupting operations.
Cybersecurity Assessments
Evaluate access, accounts, policies, remote access, backups, monitoring, vendor exposure, and practical cyber hygiene.
Physical Security
Review facilities, gates, doors, lighting, cameras, keys, access control, field sites, and physical response concerns.
Incident Response Planning
Define roles, escalation paths, communications, containment decisions, recovery priorities, and leadership decision points.
Emergency Response Planning
Strengthen planning for degraded operations, communications issues, staffing constraints, public messaging, and restoration priorities.
Tabletop Exercises and Training
Design and facilitate exercises, workshops, and training for executives, operators, IT, OT, emergency managers, and partner agencies.
Sectors served
The work is focused on organizations where cyber, physical, technical, and operational risk can affect public health, safety, reliability, continuity, and public trust.
Water and Wastewater Utilities
Support for AWIA RRA and ERP updates, SCADA security, physical security, ransomware readiness, and continuity of service.
Electric Power
Support for municipal electric utilities, public power, co-ops, substations, distribution automation, and control-system risk.
Local Government and Public Works
Support for cities, counties, public works, municipal utilities, facilities, emergency management, and public-sector leadership.
Critical Infrastructure Organizations
Support for organizations that must keep essential services operating during cyber, physical, operational, and emergency conditions.
Why Systems Risk Advisory
SRA provides practical, senior-level risk and resilience support for organizations that need clear priorities and usable work products.
- Critical infrastructure focus, not generic office IT only
- Cyber, physical, and operational risk considered together
- Engineering-informed review of systems, facilities, people, and procedures
- Water and wastewater expertise, including AWIA RRA and ERP concerns
- OT/ICS and SCADA awareness shaped by real operational constraints
- Executive-ready findings, practical priorities, and clear next steps
- Principal-led delivery with qualified specialist support when needed
- National support with onsite and remote options depending on scope
Built for real operating environments
Critical infrastructure organizations need recommendations that respect operational constraints, staff capacity, budget limits, public accountability, and the need to keep service running.
SRA connects leadership decisions with technical, physical, procedural, and emergency planning realities.
A practical engagement approach
The work starts with mission impact and ends with usable outputs. SRA avoids generic checklists when the client needs decisions, priorities, and readiness.
Understand the mission
Start with the services your organization must keep operating, the consequences of disruption, and the people who must make decisions under pressure.
Review the environment
Look across cyber, physical, OT/ICS, SCADA, facilities, vendors, procedures, emergency plans, staffing, and leadership expectations.
Prioritize what matters
Separate urgent fixes from larger planning, budget, training, technical, and governance items. Avoid overwhelming teams with unranked findings.
Support action
Translate findings into reports, briefings, plans, workshops, tabletop exercises, and improvement roadmaps that clients can use.
Leadership, firm support, and delivery
Systems Risk Advisory combines senior engagement leadership with the ability to bring in focused support when the work requires added depth.
Principal-led expertise
Kevin J. Owens leads engagements for Systems Risk Advisory. He brings 30+ years of cybersecurity, engineering, OT/ICS, critical infrastructure, and water-sector experience.
Firm-level support
Systems Risk Advisory is structured to lead focused engagements and coordinate qualified specialists when a project requires additional technical, operational, physical security, emergency management, training, or facilitation depth.
Practical delivery
Recommendations are written for decision-makers and implementers. The goal is clear risk reduction, better readiness, and stronger continuity of essential services.
Education, briefings, workshops, and practical guidance
SRA supports conference sessions, executive briefings, board education, workshops, exercises, and practical cybersecurity guidance for utility and critical infrastructure audiences.
Resource pages connect visitors to books, downloadable checklists, companion toolkits, and short guides for water, wastewater, public works, and other infrastructure teams.
A good fit if you need to:
- Update an AWIA Risk and Resilience Assessment or Emergency Response Plan.
- Get a practical review of OT/ICS, SCADA, remote access, or vendor access risk.
- Prepare for ransomware, loss of visibility, compromised access, or a cyber-physical incident.
- Brief executives, boards, commissioners, councils, or utility leadership.
- Run a tabletop exercise, workshop, or training event for a cross-functional team.
Start with a focused scoping discussion.
Use the contact page to request a discussion about an assessment, planning project, workshop, tabletop exercise, speaking engagement, or other critical infrastructure security need. Do not submit sensitive security details through the website form.