Red Teaming in OT
Next to Red Teaming in IT, we also perform Red Teaming in OT
Covering all aspects
All expertise inhouse, assessing OT from A to Z
Years of experience
Experience in wide variety of OT globally
Industrial infrastructure is of vital importance to our society. Whether you are an energy company, an oil & gas distributer, a water management organization, a chemical plant or a railway operator: critical processes are usually managed through (potentially vulnerable) operational technology (OT) and information technology (IT) systems.
In industrial infrastructure “safety first!” is of utmost importance. At Secura we tend to say: “no safety without security”, because today, most critical infrastructure systems are controlled through IT and OT systems.
Digital security is of increasing importance, as more and more OT systems are connected and controlled through IT systems. Think for instance of smart meters, smart grid, and industry 4.0 (IIot). All these systems and sensors need to be protected in order to control them properly.
Moreover, cybercrime is growing: also in the world of critical infrastructure. Nation states used cybercrime to sabotage critical infra, like the energy production (in Ukraine) or oil production (in Saudi Arabia).
Regulators see the need for better security in the world of critical infrastructure.
- In Europe the Network and Information Security (NIS) directive was adopted by the EU parliament in 2016 and converted to law in most European Countries in 2018. Its successor NIS2 will come into force in 2024.
- This is complimented with ENISA guidelines and the IEC 62443 standard.
- In the USA several guidelines and standards in the domain of OT and ICS SCADA were released by NIST, NERC and DHS.
How to secure the industrial domain?
Security is a matter of People, Process and Technology. Recent large cases of phishing and social engineering are proof that even established organizations that take IT security seriously, have to face the reality that the human factor needs to be addressed continuously. Employees have access to important data, exchange important files, and even though they might have the knowledge and be aware of security aspects, however to get them to behave accordingly requires a comprehensive security awareness program (which includes an ICS/OT module).
Within critical infrastructure, potential vulnerabilities within OT systems could lead to impactful catastrophes. Even with reputable SIEM/SOCs in place, these systems can’t be blindly trusted. Next to Red Teaming in IT, Secura also performs Red Teaming in Operational Technology domain and tests to what extent SIEM/SOC solutions actually protect against attacks.
Deep dive - Offshore Wind
Cyber criminals are increasingly targeting offshore wind assets for their cyber attacks. What are best practices for offshore wind companies to stay on top of the latest vulnerabilities? Watch the replay of the webinar: "Raising Your Cyber Resilience in Offshore Wind".