White Sigaguard Logo

Level 0 Hardware for Electrical Signal Monitoring

Early detection of cyber-physical manipulation from Level 0 signals.

REQUEST SOLUTION DEMO

SigaGuard provides the earliest and most reliable form of OT attack detection by monitoring electrical signals directly from sensors and actuators - independent of PLCs, HMIs, or networks.

A field-deployed hardware device that passively duplicates Level 0 analog and digital I/O signals to establish uncompromised physical truth.

Key Benefits

Immune to Manipulation

Because it monitors the physical process itself via raw electrical signals, SigaGuard remains accurate even if higher-level systems like PLCs or HMIs are compromised or blinded.

Zero Operational Disruption

The out-of-band installation requires no changes to PLC logic, and has no impact on process stability.

Independent Source of Truth

It provides a trusted reference for real-time assessments of physical asset behavior, ensuring process visibility even during major incidents like Ransomware.

SigaGuard Industrial Enclosure Hardware

Built on a dependable hardware platform assembled from standard, off-the-shelf industrial components.

Analytic Engine

Model-Free Design

Analyzes observed data patterns directly, eliminating dependence on predefined system models in dynamic or evolving operational environments.

Resilience to Model-Based Attacks

Algorithm detects anomalies using real-time data patterns alone, remaining effective even when manipulated data mimics expected system behavior.

Multivariate and Correlation Analysis

Analyzes relationships across multiple variables simultaneously, enabling detection of correlated anomalies that simpler or rule-based methods may overlook.

CUSTOMER EVIDENCE

Validated in high-voltage substation testing

New York Power Authority: Proving Level 0 Monitoring in a 345 kv Substation Environment

Attack Detection Speed: < 1S
4/4 Attacks Detected
2 Weeks Baseline Learning
Detected Attacks Masked From PLC/SCADA
Forensic Level 0 Data Recorded

The Challenge

High-voltage substations can be vulnerable to cyber-physical manipulation where attackers alter field-level behavior while reporting normal values to PLCs, RTUs, HMIs, or SCADA systems.

NYPA needed a way to detect changes in the physical process that would not appear in controller or network data.

The Solution

SigaGuard was deployed in a simulated high-voltage substation to monitor Level 0 electrical signals independently of the control system.

Engineers ran targeted cyber-physical attack scenarios to test SigaGuard’s ability to detect hidden changes in process behavior

The Results

SigaGuard detected all simulated attacks in under one second, including manipulations that did not appear in PLC, RTU, HMI, or SCADA values.

Parallel Reference Monitoring triggered multiple detection models for each event, and Level 0 signal logs enabled detailed forensic reconstruction.

“The results showed promise in helping seal our infrastructures from any cyber threat, at Level 0 of any machinery, equipment or process”
Kenneth (KC) Carnes VP Critical Secure Services and CISO at New York Power Authority

Protecting the Process Layer of Critical Infrastructure with an unhackable source of truth

SIGA OT Cybersecurity Platform

SIGA’s Multi-Level OT cybersecurity suite that applies Machine Learning across ICS Levels 0–4 and supports the full lifecycle of the NIST SP 800-82 Incident Response Framework.

LEVEL 0 detection
INCIDENT RESPONSE

OT Cybersecurity Physical Layer, Hardware Sensor

  • Unparalleled Level 0 visibility with full trustworthiness
  • Installed on a selected array of electrical I/Os
  • Passively gathering raw signal data
LEVELS 1-4 detection
INCIDENT RESPONSE

Process Oriented Cybersecurity Guardian

  • Real-time detection of process anomalies and critical decision support for managing OT cyber-attacks
  • SaaS solution
simulation

Process Attack Simulator & Training Tool

  • SaaS add-on to SigaGuard and SigaGuardX
  • Real time simulation for attack training and readiness
  • Leverage on the cooperation between security and operation teams
Level 0 Detection Levels 1-4 Detection INCIDENT RESPONSE SIMULATION

The complete and integrated suite that brings SigaGuard, SigaGuardX, and SigaPAS together under one multi-level OT cybersecurity framework.

Frequently Asked Questions

What problem does SigaGuard solve that traditional OT security tools cannot?
Traditional OT monitoring depends on PLC, HMI, and SCADA data - values that can be manipulated during a cyberattack. SigaGuard provides independent Level 0 electrical measurements that reveal the true state of the physical process, even when higher-level systems are compromised.
How is SigaGuard different from network or controller-based OT monitoring tools?
Most OT tools focus on network traffic or controller-reported values. SigaGuard monitors the physical process itself by capturing raw electrical signals directly from sensors and actuators, making it immune to false-data injection and ICS manipulation.
Does installing SigaGuard interrupt operations?
No. SigaGuard passively duplicates electrical signals without affecting the control loop. It does not introduce latency, modify signals, or require downtime.
How many I/O points need to be monitored?
Typically, only 3-10% of critical I/O points are needed to achieve effective Level 0 visibility and ML-based detection. SigaGuard focuses on the most meaningful signals rather than full coverage.
Does SigaGuard continue to work if SCADA is unavailable or blinded?
Yes. Because SigaGuard operates independently of the control system, it continues providing trusted Level 0 data even when SCADA, PLCs, or HMIs are offline, encrypted, or manipulated.

Still have questions?

Can’t find the answer you’re looking for? Please chat to our friendly team.

Get in touch