CYBER SECURITY SERVICES

We Understand The Risk Posed To The Operating Technology And Industrial Control System Environments

OT\ICS SECURITY SERVICES

CYBER ASSESSMENT SERVICES

Understanding the risk posed to the Operating Technology and Industrial Control System environments in order to plan and remediate the risk through a structured approach.

INVENTORY ASSESSMENT SERVICE

​An accurate assessment of the OT/ICS assets deployed in an industrial environment.​ Most OT/ICS environments are built over extended periods and the documentation of the actual inventory is generally poor.​ Attempting to protect an environment without understanding the inventory is impossible.  In addition, interdependencies are documented to eliminate risks and enable the optimisation of processes.

VULNERABILITY ASSESSMENT

This service assesses the vulnerabilities in the OT/ICS environments. This service includes the Inventory Assessment Service as part of its output as it is imperative to know the inventory in order to determine the vulnerabilities in the environment. This service ensures that the actual risk that the environment is exposed to is understood.  Its output ensures that applicable remediation strategies can be planned.  Periodic repetition is important to ensure that changes in the environment are tracked and new vulnerabilities discovered since the last assessment was uncovered.

CYBER ASSESSMENT

​A comprehensive cyber assessment of the OT/ICS environments that provides a remediation plan and roadmap to address the risks uncovered.​ This service includes the Inventory Assessment and Vulnerability Assessment services as input but further assesses the environment against the chosen Cyber Security Framework (CSF) to address people and process vulnerabilities.

ASSURANCE SERVICE

​Periodic assurance that the OT/ICS environment conforms to defined configuration and vulnerability management best practices. ​This is an independent audit service to determine that the inventory of assets is correctly documented and configured to reduce the attack surface. This provides assurance that the OT/ICS environment is protected to an appropriate standard.

MANAGED CYBER SERVICES

Continuous management of the OT/ICS environment to ensure that it is appropriately protected.

CONTINUOUS COMPLIANCE AND ASSURANCE

​Continuous assurance that the OT/ICS environment conforms to defined configuration and vulnerability management best practices.​ This is an independent audit service to determine that the inventory of assets is correctly documented and configured to reduce the attack surface. This provides assurance that the OT/ICS environment is protected to an appropriate standard.

VULNERABILITY REPORTING

​Periodic reporting of the vulnerabilities in the OT/ICS environments. This ensures that the risk that the environment is exposed to is understood and managed. Its output ensures vulnerabilities are discovered as they become known and can be provided to control engineers to remediate as soon as production allows.​ The service reports vulnerabilities based on the discovered inventory.

ENDPOINT THREAT PROTECTION

​Periodic report that confirms all ICS changes were authorised and had valid MOC entries. The endpoint for every ICS modification will be investigated to determine the cyber security impact.  This involves detailed reviews of the underlying ICS software program (i.e. ladder logic, FBD, SFC, and Structured Text) against an established baseline.​ This service is vital in critical production and industrial environments where service interruption is not an option.

INVENTORY MANAGEMENT

​This service provides an accurate continuously updated inventory of the OT/ICS assets deployed in an industrial environment.​ This is done independently of the control engineering team.​ Interdependencies are documented to eliminate risks and enable optimisation of processes on a continuous basis.

CYBER RESPONSE SERVICES

When a cyber incident impacts an OT/ICS environment it must be possible to understand the root cause, gather evidence, act against the perpetrators and be in a position to restore production as quickly as possible.

ANALYSIS AND INVESTIGATION

​Investigation of a cyber incident to understand the root cause, analyses data to understand the impact, and assist in remediating the underlying risk to prevent future reoccurrences.​ The service is often the starting point for a larger risk management process that is triggered due to a cyber incident.​ Upon completion of the investigation, a detailed incident report is released outlining the root causes and recommendations for remediation.

FORENSIC INVESTIGATION

​This service is similar to the Analysis and Investigation service, but with the addition of a forensic investigation approach.​ The forensic investigation approach ensures that evidence is gathered on a forensically sound basis to preserve the chain of evidence so that the evidence can be used in legal proceedings.​

RESTORATION PREPARATION

​This service ensures that the OT/ICS environment is properly documented, by collecting configuration backups and preserving them in case of disaster.​ It assists in creating a recovery plan to ensure the organisation is prepared in case of a disaster and assists the organisation with training in order to simulate a disaster situation.​