0333 444 0881
0333 444 0881

Operational Technology (OT) Services

What would life be like without energy at the touch of a button, light controlled traffic systems, or easily available motor fuel? Operational Technology (OT) makes all these things happen and pervades our lives in both obvious and hidden ways, automatically monitoring and controlling processes and equipment that are too dangerous, too demanding or too monotonous for manual operation. Operational systems include production line management, mining operations control, oil & gas monitoring etc.

Where cyber security for IT has traditionally been concerned with information confidentiality, integrity and availability, Operational Technology priorities are often safety, reliability and availability, as there are clearly physical dangers associated with Operational Technology failure or malfunction. Information technology (IT) and operational technology (OT), with the adoption of Industrial Internet of Things (IIoT), are rapidly changing and converging. As they evolve, hackers search for new attack vectors and new attack surfaces to compromise.

ICS security services

Many businesses strive for improved Operational Technology process efficiency and reliability for their customers, which often results in increased connectivity to enterprise technologies and the Internet. This convergence has the potential to increase system vulnerabilities, but can be addressed by adopting sound risk management systems, which are the same regardless of the underlying system type. Air gapping used to be a sufficient way to protect networks and devices. Today, it’s impossible to ignore that your mission-critical and industrial processes are vulnerable to intrusion and disruption. The Stuxnet worm of 2010, which targeted and disrupted an air-gapped system, is over a decade behind us, and since then, IT and OT attacks have continued to increase.

OT is defined as technology that interfaces with the physical world and includes Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS). Industrial control systems (ICS) is a major segment within the operational technology industry. It comprises systems that are used to monitor and control industrial processes. This could be mine site conveyor belts, oil refinery cracking towers, power consumption on electricity grids or alarms from building information systems. ICSs are typically mission-critical applications with a high-availability requirement.

Most ICSs fall into either a continuous process control system, typically managed via programmable logic controllers (PLCs), or discrete process control systems (DPC), that might use a PLC or some other batch process control device.

Industrial control systems (ICS) are often managed via a Supervisory Control and Data Acquisition (SCADA) systems that provides a graphical user interface for operators to easily observe the status of a system, receive any alarms indicating out-of-band operation, or to enter system adjustments to manage the process under control.

The main components are:

  • SCADA display unit that shows the process under management in a graphic display with status messages and alarms shown at the appropriate place on the screen. Operators can typically use the SCADA system to enter controls to modify the operation in real-time. For instance, there might be a control to turn a valve off, or turn a thermostat down;
  • Control Unit that attaches the remote terminal units to the SCADA system. The Control unit must pass data to and from the SCADA system in real-time with low latency;
  • Remote terminal units (RTUs) are positioned close to the process being managed or monitored and are used to connect one or more devices (monitors or actuators) to the control unit, a PLC can fulfil this requirement. RTUs may be in the next room or hundreds of kilometres away;
  • Communication links can be Ethernet for a production system, a WAN link over the Internet or private radio for a distributed operation or a telemetry link for equipment in a remote area without communications facilities.

OUR OT SECURITY SERVICES

The OT industry is evolving. Organisations want to leverage their OT assets for business purposes, they want to be agile and have the ability to make modifications to their OT configurations. They want to take advantage of new, cheaper, IP sensors and actuators. They want to leverage their corporate identity provider service to authenticate operational personnel. These type of change programmes require a Security Consultant who can deliver sound risk management in the OT delivery environment. Our OT Security Consultants are experts in this sector and utilise tools that have been specifically designed to support effective risk management and design assurance for OT change programmes.

Many OT environments form part of the UK’s Critical National Infrastructure, so disruption to services that they control is potentially of concern. Our Operational Technology Services can help OT managers ensure that any connectivity between their OT environments and their wider enterprise networks or the Internet is managed securely.

The OT Security review includes:

  • Management system access
  • Network interconnections
  • Management processes
  • Monitoring and reporting
  • Disaster recovery planning
  • Governance

OT Security Architecture Assessment

The OT Security Architecture Assessment takes a holistic approach to assessing the security design of your operational technology and based on your unique business context provides an in depth, expert-led assessment of your Industrial Control Systems. Leveraging Cyber Smart Associate’s’ view of proprietary & industry best practices, the assessment outlines and guides actionable next steps to improve your security.

  • Inform OT operations, & security architecture built on prioritised risk based guidance
  • Define OT ‘Protection Profiles’ to help guide technical refresh programmes

Service Features

Examination of OT management teams with security-focused approach.

Written reporting providing prioritised improvement recommendations.

Analysis and validation led by experienced CNI security experts.

Service Benefits

 

Gain independent assurance by measuring security effectiveness.

Determine areas of risk measured against contextualised potential business impact.

Partner with security experts who provide trusted guidance to improve security.

Upload your CV today and we’ll be in touch to discuss what are looking for from your next opportunity.

Alternatively, feel free to call us on 0333 444 0881. Our team of experienced, friendly and proactive professionals are always happy to give you advice on the very latest opportunities and market conditions.