Security Assessment of OT Environment

Can your OT environment withstand a cyber attack?

Service

Most Industrial networks have been neglected in terms of security, which is increasingly becoming an issue as parts of the environment becomes accessible from the internet.

Our OT Security Assessment helps identify known vulnerabilities and security issues in your OT environment. We identify the overall security posture and define actions for improvement. The actions are prioritized in collaboration with you using a Consequence-Driven approach to evaluate the risk.

We deliver an independent holistic security assessment of the current cyber security posture of the OT environment. The assessment is based on a publicly available modification of the normal CIS 20 framework adjusted for ICS systems along with being enhanced with our knowledge of hacking and OT environments.

Value

  • Gain overview of the overall security posture of the OT environment

  • Identify threats to your OT environment and prioritize remediation efforts using a Consequence-Driven approach.

  • Use of publicly available framework.

  • Tangible and tailored remediation efforts

Deliverables

  • Detailed report with executive summary of current risks

  • Roadmap containing prioritized tasks for increasing the security. The tasks are prioritized in close collaboration with your team using a Consequence-Driven approach.

  • Workshop going over the observations, threats, and their implications.

 

Methodology

Our method is inspired from our Cyber Security Maturity Assessment adjusted for OT environments, so we use a tailored CIS Critical Security Controls 20 framework. Our assessment strategy uses interviews, reviews of systems, configurations and documents, and limited technical testing which is mostly passive and non-intrusive as to not disrupt normal operations.

In our assessment we especially investigate:

  • connections to the internet and to the IT environment

  • network segregation

  • access management

  • security hardening

  • detection capabilities.

 
 

Involvement

Significant involvement from your team is required for interviews, tour of the facility, supplying configurations and documents along with meetings for elaboration. Finally, for the technical testing presence of relevant IT staff is required at least partially.

 
 

See our other services