Where organisations use Operational Technology (OT), it's often their most critical infrastructure. This is especially true in Critical National Infrastructure (CNI), which relies heavily on OT and its secure operation.
The Importance of Securing Operational Technology
Operational technologies are computer-based systems that interact with the physical world, and are typically used to provide automation, remote visibility, and control of physical processes. OT environments present unique security challenges that require specific experience and skillsets to be addressed appropriately.
- OT and Cloud - The use of the cloud for OT applications is still in its infancy, and the reliance upon third-party hosting and network services to deliver critical OT services is a concern for most operators.
- Unique Regulations, Frameworks and Standards - Organisations with OT environments are typically subject to frameworks and regulations such as the Cyber Assessment Framework (CAF), OG86, and ISA/ IEC 62443.
- Security Architecture - Poorly secured pathways in your security architecture can expose your critical systems to cyber threats. Simple controls assessments don’t always reveal open attack vectors and a more holistic analysis of the security architecture is required.
Bridewell's OT Security Services
We offer a broad range of services to meet all aspects of cyber security within OT.
ISA/IEC 62443
The ISA/IEC 62443 series of standards defines a range of controls and processes designed specifically for the electronic security of industrial automation and control systems (IACS). Bridewell’s consultants are not only certified against these standards but are also active contributors to their ongoing upkeep and development. Against this standard series, we offer: 62443-3-2 risk assessment, 62443-3-3 assessment, and 62443-3-3 system design.
NCSC Cyber Assessment Framework (CAF)
The CAF is intended for use by organisations forming part of the UK’s Critical National Infrastructure (CNI), especially those subject to the Network & Information Systems (NIS) regulations. For many of these organisations, OT networks and systems are their most critical. We have extensive experience applying the CAF within OT environments across multiple sectors and provide a full suite of CAF services, from assessment to delivering full remediation to attain the required CAF outcomes.
OG86
Health and Safety Executive (HSE) OG86 – Cyber Security for Industrial Automation and Control Systems (IACS) is designed for securing OT at facilities subject to the Control of Major Accident Hazards (COMAH) regulations. OG86 is principally based on IEC62443, but additionally bolstered by requirements of the NCSC Cyber Assessment Framework (CAF). By combining our depth of expertise in OT, IEC62443, and CAF, we assess your current position and develop remediations to meet any areas of deficiency.
OT Security Architecture Assessments
Our OT security architecture assessment maps your network architecture to show: data pathways, protection of data-in-transit, network security controls, host (endpoint) security controls, IDAM controls, security monitoring, and system resilience and redundancy. Mapping these areas exposes any weak pathways where you are most vulnerable to attack. Our security architecture assessments are conducted independently of any specific framework or standard, allowing us to highlight anything concerning we come across while not focusing unduly on less applicable areas for the specific system. The output of these assessments are proposed remediations to address deficiencies and improve security defences.
OT Security Architecture Design
We deliver high and low-level designs detailing system and network architectures, and the specification of security controls and configuration. This is accompanied by a full set of security requirements for action by the delivery team, which can be further supported by our own Security Architecture team. We also offer an assurance service for the duration of delivery that validates security requirements are being correctly interpreted and delivered. This includes re-working security requirements should technical challenges be encountered in their implementation and attending factory and site acceptance tests to verify requirements have been successfully met.
OT in the Cloud
There are many non-mission critical aspects of OT that can only be successfully delivered in the cloud (e.g, storage of historic data, hosting of security management services, and delivery of remote access systems). The use of hybrid cloud is also an exciting opportunity to allow the delivery of mission-critical OT services. Bridewell is ideally placed to support operators of essential OT services in navigating this landscape, due to the expertise and firsthand experience held within our OT function and Security Architecture team.
Why Bridewell for OT Cyber Security Services?
Specialist OT Cyber Security Consultants
Securing OT systems presents many additional challenges compared to their IT counterparts. Addressing these challenges requires in-depth knowledge of both OT and cyber security; our OT cyber security consultants are highly skilled in both areas.
Expertise Across Sectors
Our OT cyber security consultants have extensive experience across: aviation, energy and renewables, heavy metals and mining, oil and gas, water, and more.
Trusted by the NCSC
Our consultants are active participants in NCSC’s ICS Community of Interest (COI) and Industry 100 schemes, supporting the development of guidance for ICS/OT cyber security across a wide range of important topics.
Start your OT Security Journey
Speak with one of our consultants to see how we can support your organisation in securing its OT environments.
How we Deliver OT Security Services
How OT is used within an organisation will vary significanly, depending on their specific applications, vendors, heritage of equipment, external integration/ connectivity and cyber security maturity. While we see synergies across the clients we work with, this often makes for a unique set of challenges to be addressed.
We tailor all our OT security services to meet the specific requirements of each client, ensuring we provide the greatest value possible. At the core of every OT engagement are one or more of our specialist OT cyber security consultants. Where additional specialisms are needed, we will also draw upon the full breadth of expertise across Bridewell to provide a multi-disciplined teams of experts.
Watch On Demand
Rewatch or catch up on our OT webinars
Why Us?
Awards
Our team have won numerous industry awards, including ‘Best Security Company of the Year' at the Cyber Security Awards 2023 and 'Best Cyber Security Company Europe' at the Cyber Security Awards 2022.
Certifications
Our people and services are highly accredited by leading industry bodies including CREST, the NCSC, and more. Our SOC holds extensive accreditations from CREST (including for CSIR and SOC2) and works closely with our cyber consultancy services.
Partnerships
As a Microsoft Partner, we also hold advanced specialisms in Cloud Security and Threat Protection. We’ve also implemented some of the UK’s largest deployments of the Microsoft Security stack, inc. Sentinel, Defender, Purview and more.