0333 444 0881
0333 444 0881

Operational Technology (OT) Services

Where cyber security for IT has traditionally been concerned with information confidentiality, integrity and availability, Operational Technology priorities are often safety, reliability, and availability, as there are clearly physical dangers associated with Operational Technology failure or malfunction. Information technology (IT) and operational technology (OT), with the adoption of Industrial Internet of Things (IIoT), are rapidly changing and converging. As they evolve, hackers search for new attack vectors and new attack surfaces to compromise.

Our Operational Technology Service identifies, analyses cyber risk exposure, and helps you ensure that the security controls you choose are appropriate to the risks your organisation faces. Our OT Security Architecture Assessment analyses the security abstract of your Operational Technology architecture design from a Cyber Kill Chain basis and provides an in depth, expert-led assessment of your Industrial Control Systems. Leveraging Cyber Smart Associate’s’ view of proprietary & industry best practices, the assessment outlines and guides actionable next steps to improve your security.

Service Description

OT is defined as technology that interfaces with the physical world and includes Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS). Industrial control systems (ICS) is a major segment within the operational technology industry. It comprises systems that are used to monitor and control industrial processes. This could be mine site conveyor belts, oil refinery cracking towers, power consumption on electricity grids or alarms from building information systems. ICSs are typically mission-critical applications with a high-availability requirement.

Most ICSs fall into either a continuous process control system, typically managed via programmable logic controllers (PLCs), or discrete process control systems (DPC), that might use a PLC or some other batch process control device. Industrial control systems (ICS) are often managed via a Supervisory Control and Data Acquisition (SCADA) systems that provides a graphical user interface for operators to easily observe the status of a system, receive any alarms indicating out-of-band operation, or to enter system adjustments to manage the process under control.

The main components are:

  • SCADA display unit that shows the process under management in a graphic display with status messages and alarms shown at the appropriate place on the screen. Operators can typically use the SCADA system to enter controls to modify the operation in real-time. For instance, there might be a control to turn a valve off, or turn a thermostat down;
  • Control Unit that attaches the remote terminal units to the SCADA system. The Control unit must pass data to and from the SCADA system in real-time with low latency;
  • Remote terminal units (RTUs) are positioned close to the process being managed or monitored and are used to connect one or more devices (monitors or actuators) to the control unit, a PLC can fulfil this requirement. RTUs may be in the next room or hundreds of kilometres away;
  • Communication links can be Ethernet for a production system, a WAN link over the Internet or private radio for a distributed operation or a telemetry link for equipment in a remote area without communications facilities.

Service Features

The OT Security review includes:

  • Management system access
  • Network interconnections
  • Management processes
  • Monitoring and reporting
  • Disaster recovery planning
  • Governance

OT Security Architecture Assessment

The OT Security Architecture Assessment takes a holistic approach to assessing the security design of your operational technology and based on your unique business context provides an in depth, expert-led assessment of your Industrial Control Systems. Leveraging Cyber Smart Associate’s’ view of proprietary & industry best practices, the assessment outlines and guides actionable next steps to improve your security.

  • Inform OT operations, & security architecture built on prioritised risk based guidance
  • Define OT ‘Protection Profiles’ to help guide technical refresh programmes

Service Benefits

 

Gain independent assurance by measuring security effectiveness.

Determine areas of risk measured against contextualised potential business impact.

Partner with security experts who provide trusted guidance to improve security.

Inform more effective operations, architecture, strategy built on prioritised guidance.

Getting Started

During a Client engagement our Consultants pass through five key phases that form the anatomy of how we manage a typical consulting project.  We appreciate every assignment is different, so we have flexible processes in place to bring our experts onboard quickly and effectively without disrupting existing work programmes. We are happy to provide our services at any stage of the lifecycle.

Security Engagement Lifecycle

Pragmatic & Business Focused Security Consultancy Services

We deliver security capability at all levels of an organisation and are on hand to help ensure that your projects deliver solutions
that are appropriately aligned to your cyber security risk position and satisfy your regulatory compliance requirements.
Learn more about how we can help you achieve your critical priorities:

The Cyber Smart Consulting Team will respond within 48 hours.