OT Site Assessment

Securing your systems: Comprehensive OT Site Assessment for industrial cyber resilience

OT Site Assessment to address cybersecurity risks

As industrial control systems become more connected, they also become more exposed to cyber threats. The consequences of a cyberattack could negatively affect the organization’s efficiency, continuity, and even safety. Addressing these risks is essential for organizations looking to protect their Industrial Control Systems (ICS).

Discover more about OT Site Assessment:

  1. The risks of cyberattacks on ICS and SCADA systems
  2. What is an OT Site Assessment?
  3. The deliverables of an OT Site Assessment
  4. Insights provided by Secura

Risks of Attacks on ICS and SCADA systems

Cyberattacks on ICS and SCADA systems can impact the safety, availability, and reliability of systems, operations, and value chains leading to catastrophic consequences. Organizations that are potentially impacted by these consequences are located in various industries, including but not limited to electric power, water, nuclear, manufacturing, infrastructure, transport (railways, ports, and airports), and oil & gas (upstream, midstream, downstream).

Organizations within these industries have a variety of concerns such as cyberattacks that could cause damage to reputation, shareholder confidence, environment, or cause system outage, loss of production, injury, or even loss of life. Organizations therefore must assess if they have the right mitigations in place to sustain ICS security. While IT and OT have been increasingly convergent over the years, a gap in understanding and solid practice between OT and IT security tends to remain. This critical skills gap contributes to security vulnerabilities, which are often overseen but must be identified and addressed appropriately.


What is an OT Site Assessment?

An OT Site Assessment is a crucial evaluation process performed to determine the security level of Industrial Control Systems (ICS) and SCADA systems, which are vulnerable to cyberattacks.

These attacks can severely affect the safety, availability, and reliability of systems and operations. This can potentially lead to catastrophic outcomes, such as damaged reputation, environmental harm, system outages, production loss, injury, or even loss of life.

Secura's OT Site Assessment helps organizations ensure they have adequate mitigation strategies against cyber threats. Aligned with international standards like IEC 62443, NIST SP 800-82, and ALARP, it involves site visits, system architecture reviews, and expert consultations to identify and address security weaknesses.

Optional high-level penetration testing is available to validate the level of protection between IT-OT. The assessment covers key IEC 62443 aspects:

The Deliverables of an OT Site Assessment

A detailed OT site assessment report will be delivered with all identified risks, each with an explanation and recommendation. All findings are given a qualitative risk rating. Secura follows a standard risk rating system which can be adjusted based on your organization. Not only are the risks to the ICS identified, but areas to sustain are also included in the report indicating the security strengths of the facility in scope.

Cyber-physical attack scenarios are outlined by giving a detailed description of how an attacker could potentially target the specific site in scope. Cyber-physical attack scenarios could encompass all functional requirements of IEC 62443.

Your Insights from the Assessment

The results of the OT Site Assessment presented by Secura will provide you with the following insights:

  • How effective the implemented OT security controls are
  • How these risks are mapped to relevant parts of the IEC 62443 requirements
  • Were improvements might be required, including our recommendations.




Identify technical site-level risks, as opposed to organizational-level risks.


IEC 62443 functional requirements

IEC 62443

OT Site Assessment Areas

FR 1

Identification and authentication control
Assessing the extent of insider risks focusing on the impact that can be caused per group of insiders based on existing mitigating controls.

FR 2

Use control
Investigating external exposure in the form of undesirable externally accessible domains, IPs, and modem connectivity as well as physical security vulnerabilities of the entire site, which could impact the availability and safety of the site.


System integrity
Assessing OT Network Traffic analysis to discover various kinds of connectivity present on-site, exposure outside of designated areas and physical perimeters, and any security issues that can be identified passively.

Assessing the inherent cyber resilience of your organization both on an architectural and configuration level.


Data confidentiality
Assessing data exfiltration risks such as obtaining intellectual property and corporate secrets up to obtaining technical information to prepare for sabotage.


Restricted data flow
Collecting Network Traffic passively at agreed-upon locations utilizing passive network taps or monitor ports. No active scanning, man-in-the-middle, or other measures which might interfere with traffic will be used.


Timely response to events
Assessing OT network and systems security aims to see if malicious entities can get into your OT network and see what they can potentially compromise (e.g., checking firewall configuration, lateral movement, and checking for insecure protocols).


Resource availability
Conducting a discrepancy analysis between asset inventory, architecture maps, and perimeter to see whether ICS Visibility and Control is addressed coherently.

More Information

Would you like to learn more about an OT Site Assessment? Please fill out the form below, and we will contact you within one business day.


Related Services


Article image

Enhance the cybersecurity of your Industrial Control Systems with Secura's ICS Cyber FAT/SAT services. We provide rigorous checks during the FAT and SAT phases, ensuring effective security throughout your project lifecycle.

Threat Modeling for Industrial Control Systems

Article image

Discover potential cyber threats to your Industrial Control Systems with Secura's Threat Modeling service, so you can proactively implement effective security measures.

Industrial VAPT

Article image

VAPT, Vulnerability Assessment & Penetration Testing, provides insight into the cyber resilience of your IT and OT networks. Cybersecurity testing in industrial environments requires a specialized approach due to different risks and threat models within OT. We know. Learn about different VAPT approaches in OT.

Threat Modeling Training

Article image

In the Threat Modeling Training, you will learn how to get a broad picture of potential risks using the STRIDE methodology. This works both for existing systems and new designs.

OT Cybersecurity Fundamentals Training

Article image

Master the essentials of OT cybersecurity with our comprehensive 'OT Cybersecurity Fundamentals Training' course. Grasp the complexities of Industrial Control Systems (ICS) security and navigate applicable standards to apply effective security controls.


Secura is a leading cybersecurity expert. Our customers range from government and healthcare to finance and industry worldwide. Secura offers technical services, such as vulnerability assessments, penetration testing and red teaming. We also provide certification for IoT and industrial environments, as well as audits, forensic services and awareness training. Our goal is to raise your cyber resilience.

Secura is a Bureau Veritas company. Bureau Veritas (BV) is a publicly listed company specialized in testing, inspection and certification. BV was founded in 1828, has over 80.000 employees and is active in 140 countries. Secura is the cornerstone of the cybersecurity strategy of Bureau Veritas.