Industrial_OT_security_cover

Industrial (OT) Cybersecurity

Industrial assets are of vital importance to our society. They embed more and more software and connectivity into their core, but this makes them increasingly vulnerable to hostile or accidental security breaches. Our services help asset owners and operators assess and mitigate risks associated with their industrial systems—loss of availability, integrity and/or confidentiality—while ensuring efficient operations.

context

Safety, reliability and availability are key in industrial organizations. This is put at serious risk today with the connectivity explosion of industrial (OT) systems (PLCs, ICS SCADA). All systems, sensors and networks must be assessed and protected from cyber attacks.

For these reasons, regulators see clearly the need for better security in the world of industrial organizations. The European Union parliament adopted the Network and Information Security (NIS) directive in 2016 and converted it to law in most EU nations in 2018. This is complemented by ENISA guidelines and by the IEC 62443 standard. In the US, several OT and ICS SCADA guidelines and standards were released by NIST, NERC and DHS.

our services for people, process and technology

People working on computer
People
Security Awareness and Behavior (SAFE including an OT e-learning module)
Phishing tests
Social Engineering
Training Courses: ICS/SCADA Security and hands-on training
Secure Software Development Lifecycle (SSDLC)
Multiple devices connected
Process
IT/OT Security Maturity Review including building roadmaps
NIS / WBNI Compliance Review and Assessment
IT/OT Risk/Site Assessment – Security Roadmap against relevant standards (IEC 62443 & others)
Design Review / Threat Modeling / Code Review
Elaboration of OT Governance (strategies, policies and processes)
Elaboration of Incident Response Planning
Business Continuity Planning
Support in building OT cyber security teams and a cyber-ready governance structures
Support in OT cyber tenders: technical specifications for RFPs, evaluation of offers, etc.
Vendor (3rd party) Review/Assessments
Maritime security assessment and classification
fiber connection tree
Technology
Threat Modeling, Design/Capabilities Review, Configuration Review, Code Review
Red Teaming in IT/OT environments
IT/OT Vulnerability Assessments (penetration testing, robustness testing)

For more details on Industrial (OT) cybersecurity services, please refer to Secura Industrial Market Page
For Marine & Offshore cybersecurity services, please refer to Marine & Offshore Services Page