Industries

We have experience across a broad spectrum of industries that require cyber security support.

We refer to technology systems that manage industrial operations as Operational Technology (OT). This differs from the more widely understood Information Technology (IT) systems many of us use daily in our homes and offices.

Within the OT environment are Industrial Control Systems (ICS). ICS is further broken down to Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS), but, for now, we’ll focus on ICS.

NIST defines an Industrial Control System as “an information system used to control industrial processes such as manufacturing, product handling, production and distribution. Industrial control systems include supervisory control and data acquisition systems used to control geographically dispersed assets, as well as distributed control systems and smaller control systems using programmable logic controllers to control localised processes”.

Using an extremely simple example, a home heating system will collect data from a thermostat. It will perform a function based on that data using a set of established parameters to adjust the heating within the house accordingly. If the thermostat where to fail, what would happen? In an industrial context, failure of a safety system could not only stop production, in extreme scenarios, it could cause loss of life.

Challenges

  • Attractive targets: Organisations with industrial processes, some of which may be categorised as a country’s critical national infrastructure, become attractive targets for cyber attack.

  • Legacy systems: OT environments often contain legacy systems. ICS proprietary systems were not originally designed to be connected to the internet, so are inherently insecure.

  • Business pressure: Modernisation of OT environments to enable real-time monitoring and control has started to connect legacy systems to the internet. Not only does this open an avenue of opportunity for an attacker, the multitude of new modern IP-based sensors, commonly referred to as Internet of Things (IoT) also increases the attack surface area. In an industrial context, ICS / OT is the business. Its continued operation and maintenance often puts pressure on security as a lower priority. Furthermore, “the biggest challenge with securing control systems technologies and processes is the technical integration of legacy and aging ICS/OT technology with modern IT systems”  (The State of ICS/OT Cybersecurity in 2022 and beyond). 

  • Resource constrains: Traditionally, engineering and facilities departments were responsible for the OT environment. IT often did not have the skillset nor engaged with engineering team. The tide is turning: with more OT budgeting and greater integration, collaboration between functions is happening, yet roles and responsibility often remain unclear.

  • Fragmented industry:  The OT industry consists of owner/operators, product suppliers, integrators and even government. Only if a consistent approach is taken across each constituent part will cyber security risk be effectively reduced.

This makes tackling cyber security risk far more complicated then installing some industrial firewalls.

How we can help you

At Opliciti we create strategic direction, helping you build cyber security capability; not just deploy technology.

Energy: Oil and Gas

Transport and Logistics

Healthcare: Medical Devices

Manufacturing

Real Estate and Construction

Utilities

Opliciti

Our staff have experience of working with transport and logistics, combining both physical and cyber security risk to create comprehensive approaches to reducing risk.

Let us help you:

  • Assess and present cyber security as a business risk to drive board ownership and risk appetite.

  • Create business-integrated or aligned cyber security strategy across IT and OT environments to enable safety, resilience and create and protect value.

  • Align with industry accepted best practice, ISO27001, NIST, NIS CAF, IEC62443 etc, identifying prioritised risk and aligning appropriate proportionate controls that are suitably governed.

  • Manage security operations using artificial intelligence and machine learning with automated response to stop cyber threats efficiently and effectively.