Design-time OT cybersecurity · IEC 62443

The nervous system for secure-by-design OT networks.

Synapse lets power-systems engineers model a site, apply a defensible IEC 62443 zone-and-conduit architecture, and validate it against the standards — producing the diagram and audit-ready evidence in minutes, not weeks.

Easy to use. Easy to learn. Easy to adopt across the organisation.

See how it works ↓
Standards baked inIEC 62443IEC 62351IEC 61850

The studio — model to evidence, in one loop

Synapse Studio
Check designGenerate report
Palette
Enterprise / Remote
SL-T 1
Remote WS
Historian
DMZ
SL-T 2
Firewall
Jump Host
Collector
Site SCADA
SL-T 3
SCADA
HMI
Switch
Turbine Control
SL-T 3
WTG-01
WTG-02
Met Mast
Relay
Grid Interface
SL-T 3
Grid Relay
Meter
REPORT.pdf
Properties
Name
Vendor
Firmware
Criticality
SL-T

Built for the engineers designing the grid's edge

EPCsSystems integratorsPower-systems engineering firmsDER developersRenewable IPPs

Validation that keeps pace with design

Compliance shouldn't be a chore at the end of a project. With Synapse, evidence is produced as a side effect of designing.

Start from a working architecture

Not a blank canvas. A 20-asset wind farm — already zoned, conduited and security-levelled to IEC 62443 — opens in a single click.

Validated by design

Every zone, conduit and data flow is checked against IEC 62443-3-3 and NIST SP 800-82 automatically. Gaps surface inline, the moment you create them.

Audit-ready evidence

Generate the zone/conduit diagram, asset inventory and compliance gap report your asset owner needs to sign off — in one click.

From diagram to enforced design

The manual pain worth automating

Segmentation work breaks down in the gap between the architecture and its enforcement — where zones, addressing and rule bases are kept in sync by hand. That is exactly the gap Synapse closes.

Zoning & security levels

The manual way

Hand-deciding which assets sit at which Purdue level, then arguing the target security level zone by zone — undocumented and inconsistent between reviewers.

With Synapse

Place assets on the canvas; zones, conduits and SL-T are first-class and template-seeded, checked against IEC 62443-3-3 the moment you assign them.

IP & VLAN addressing plan

The manual way

An addressing plan living in a spreadsheet — overlapping subnets, accidental flat networks and wrong-VLAN assignments no one catches until commissioning.

With Synapse

The addressing plan is part of the model. Overlaps, flat segments and mismatched VLANs surface inline, the instant they are introduced.

Conduits → rule base

The manual way

Translating every conduit — “SCADA ↔ DMZ permits OPC UA / 4840” — into the real firewall rule base, switch ACLs and trunk config by hand, then keeping it in sync as the design moves.

With Synapse

Each conduit is least-privilege by construction: one explicit rule per permitted flow, default-deny everything else — the bridge from zones & conduits to true micro-segmentation.

The core loop

Model → Zone → Check → Evidence

01

Model

Drag DER assets onto the canvas and annotate flows with protocol, port and direction.

02

Zone

Apply 62443 zones, conduits and target security levels — or start from a template that already has them.

03

Check

Run the engine. Cross-zone flows with no conduit, a missing DMZ, an unassigned SL-T — caught deterministically.

04

Evidence

Export an audit-ready PDF: zone diagram, asset inventory, and the prioritised gap list.

Network engineering. Validated. Secured.

What we engineer

Design resilient utility networks, validate their performance, and reduce risk — across the full communication stack of a modern power-system site.

A living model, not a picture

Explorable, structured, and always in sync.

Everything on the canvas is queryable data, not pixels. The same model powers the segmentation checks, the compliance report, and the export — so the “as-designed” record never drifts out of sync at handoff or audit.

  • Assets, flows, zones and conduits as first-class entities
  • IEC 61850 / 61400-25, DNP3, Modbus TCP and IEEE 2030.5 protocols
  • Deterministic checks — re-run any time, identical results
Open the live studio
wind-farm-reference.synapse
Enterprise / RemoteSL-T 1DMZSL-T 2Site SCADASL-T 3Turbine ControlSL-T 3Grid InterfaceSL-T 3

The standards, encoded

Synapse models the requirement structure of the standards that govern secure power-system design — so your architecture is checkable, not just drawable.

Who it's for

One model, the whole 62443 delivery chain

Built around the Cyber Engineering Manager who owns the secure-network design — and the engineering, operations, audit and procurement roles who depend on it.

Cyber Engineering Manager

Primary

You own the secure-network design and you're accountable for proving it meets the standards. Synapse gives you speed, consistency, and evidence that holds up at audit — without ever leaving the canvas.

OT / Control Systems Engineer

Builds the model day to day — an intuitive canvas and reusable templates instead of Visio and spreadsheets.

Systems Integrator / EPC

Delivers DER projects against a defensible reference architecture, reused per site instead of rebuilt from scratch.

Asset Owner / Operator

Receives a clear, defensible zone-and-conduit diagram and gap report for sign-off — not the editing environment.

Compliance & Audit

Reads the 62443 coverage and gap analysis, with each control traceable to the asset, zone or conduit that satisfies it.

Procurement & Supply Chain

Acquires and validates security solutions against a clear cybersecurity requirements spec, aligned to the design.

Operations & Maintenance

Inherits an accurate as-designed record — asset inventory, addressing and conduits that don't drift out of sync.

Collaboration

Design together — across roles, sites and time zones

Synapse is a single shared model your whole organisation works from. Engineering, operations, audit and procurement collaborate on one source of truth — so nothing drifts, and everything is accountable.

AR
AB
MS
LH
PN
5 collaborators · 3 online
Dublin · Hamburg · Austin

One source of truth

The model, the checks, the report and the export all read from one structure — distributed teams never work off a stale drawing.

Roles & approvals

Editor, approver and auditor roles with a review-and-approval workflow and a recorded, timestamped sign-off.

Versioned & auditable

Every change is captured with author and timestamp — return to a safe version, compare configurations, and evidence the evolution.

Easy to use. Easy to learn. Easy to adopt across a global organisation.

Bring your next site online — secure by design.

Book a demo to see the model-to-evidence loop on your own architecture — or open the live studio and explore the wind-farm reference now.