White SIGAML Logo

Process-oriented OT Cybersecurity 
for Critical Infrastructure

Multi-Level OT Cybersecurity

REQUEST SOLUTION DEMO

Multi-Level Machine Learning For OT Resilience

Uninterrupted processes are the core of every critical operation.

SigaML² provides early alerts and real-time decision support during the "expression phase" of an attack, when traditional tools are often blinded.

The Core of the Solution

Automated Process Baselining

SigaML² continuously learns the normal behavior of critical OT processes to automatically detect malicious process manipulations designed to cause shutdowns or physical damage.

Cross-Level Data Comparison

By comparing raw Level 0 electrical signals with reporting data from Levels 1–4, the platform instantly catches discrepancies.

A tamper-proof source of truth that ensures process integrity, prevents operational damage, and supports regulatory compliance.

Our comprehensive, multi-level OT cybersecurity suite, comprising three standalone cybersecurity solutions:

Level 0 Detection Incident Response

The physical foundation. An out-of-band hardware sensor that captures raw electrical signals to establish uncompromised "Physical Truth".

Levels 1-4 Detection Incident Response

The analytical engine. Advanced software that correlates Level 0-4 data to identify False Data Injection and stealth attacks in real-time.

Simulation

A simulator that safely injects software-based anomalies to train teams on real attack patterns without risking live equipment.

SigaGuard - Level 0 SigaGuardX - Levels 1-4 SigaPAS - Training

Key Benefits

Early Threat Detection

Detects physical impact during the exploitation phase, before processes are compromised.

High-Certainty Insights

Distinguishes genuine cyber incidents from operational faults using physical validation.

Regulatory Compliance

Provides the forensic evidence needed for NERC, NIS2, and CIRCIA reporting.

Zero Operational Risk

Fully non-intrusive, out-of-band architecture with no impact on live equipment.

Incident Response Lifecycle (NIST Framework)

SigaML² serves as a Decision Support System (OT-DSS), providing the intelligence needed to manage cyber events across all NIST framework phases.
1. Preparation
  • Readiness: Train teams using Siga-PAS to simulate realistic attack scenarios and build shared operational playbooks without affecting live equipment.
  • Safety: Identify security gaps through full-scale simulations in a controlled, software-only environment.
2. Detection & Analysis
  • Visibility: SigaGuard captures the "physical truth" at Level 0, detecting the earliest expressions of an attack via raw electrical signals.
  • Verification: SigaGuardX uses ML to immediately expose False Data Injection by comparing reported HMI data against physical behavior.
3. Containment & Eradication
  • Decisive Action: Provides the real-time assessment needed to safely decide whether to shut down, disconnect, or continue operations.
  • Intelligence: Identifies the exact attack vector and spread, enabling surgical eradication of the threat.
4. Recovery & Forensics
  • Validation: Use unfiltered Level 0 data to verify the process has safely returned to a stable state.
  • Evidence: Maintain forensics-ready records with high-resolution sampling (10–100 Hz) to reconstruct how and where an attack occurred.

Core Standards Support

For organizations facing increasing regulatory pressure, the SigaML² suite provides a verifiable physical evidence base to support global governance requirements. By monitoring the "physical truth" at Level 0, SIGA helps asset owners bridge the gap between technical reality and mandatory reporting mandates.

Regulatory Compliance & Global Standards Alignment

NIS2 Directive (EU)

Delivers continuous process integrity evidence required for European regulatory reporting and internal assurance. SigaGuardX provides high-resolution forensic records to meet strict 24-72 hour incident notification clocks.

NERC CIP

Supports grid reliability and mandatory field I/O monitoring for critical power infrastructure. It provides real-time validation to detect incorrect data in SCADA systems, aligning with current reliability standards.

U.S. CIRCIA / TSA

Enables mandatory impact verification and reporting compliance through validated Level 0 data. This ensures that even "blinded" SCADA systems do not prevent accurate forensic reconstruction of a cyber event for federal reporting.

Protecting the process layer of critical infrastructure with an unhackable source of truth

Frequently Asked Questions

What is SigaML²?
SigaML² is a suite of OT cybersecurity solutions that uses Machine Learning to analyze data gathered from all levels of OT SCADA (Purdue Model 0–4). It combines advanced machine learning with multi-level data collection, including the process level (Level 0).
What makes SigaML² different from traditional OT cybersecurity tools?
Traditional OT tools focus on early-stage detection at specific Purdue levels and often miss attacks once they reach the execution phase. SigaML² extracts data across multiple OT levels (including raw electrical signals at Level 0) to detect how an attack is unfolding in real time.
How does SigaML² help with incident response?
The suite acts as an OT Decision Support System (OT-DSS), providing critical data during the containment, eradication, and recovery phases to help CISOs decide whether to shut down, disconnect, or continue operations with caution.
Do I need to install SigaGuard hardware to use the platform?
While SigaGuardX software can be applied to Level 1–4 data alone, full Level 0 visibility and protection against False Data Injection require connecting SigaGuard hardware to a subset of critical I/Os.
Is there an on-premise version?
Yes. SigaML² offers flexible deployment options for on-premise, cloud, or hybrid environments, and is available as a VM on the Azure Marketplace.

Still have questions?

Can’t find the answer you’re looking for? Please chat to our friendly team.

Get in touch