Operational Technology Cyber Security Services

Our dedicated OT function brings together both OT and cyber security experts, many of whom have first-hand experience of designing, delivering and managing OT systems and associated cyber security measures.

Where organisations use Operational Technology (OT), it's often their most critical infrastructure. This is especially true in Critical National Infrastructure (CNI), which relies heavily on OT and its secure operation.

The Importance of Securing Operational Technology

Operational technologies are computer-based systems that interact with the physical world, and are typically used to provide automation, remote visibility, and control of physical processes. OT environments present unique security challenges that require specific experience and skillsets to be addressed appropriately.

  • OT and Cloud - The use of the cloud for OT applications is still in its infancy, and the reliance upon third-party hosting and network services to deliver critical OT services is a concern for most operators.
  • Unique Regulations, Frameworks and Standards - Organisations with OT environments are typically subject to frameworks and regulations such as the Cyber Assessment Framework (CAF), OG86, and ISA/ IEC 62443.
  • Security Architecture - Poorly secured pathways in your security architecture can expose your critical systems to cyber threats. Simple controls assessments don’t always reveal open attack vectors and a more holistic analysis of the security architecture is required.
Man standing at control panel

Bridewell's OT Security Services

We offer a broad range of services to meet all aspects of cyber security within OT.

ISA/IEC 62443

The ISA/IEC 62443 series of standards defines a range of controls and processes designed specifically for the electronic security of industrial automation and control systems (IACS). Bridewell’s consultants are not only certified against these standards but are also active contributors to their ongoing upkeep and development. Against this standard series, we offer: 62443-3-2 risk assessment, 62443-3-3 assessment, and 62443-3-3 system design.

NCSC Cyber Assessment Framework (CAF)

The CAF is intended for use by organisations forming part of the UK’s Critical National Infrastructure (CNI), especially those subject to the Network & Information Systems (NIS) regulations. For many of these organisations, OT networks and systems are their most critical. We have extensive experience applying the CAF within OT environments across multiple sectors and provide a full suite of CAF services, from assessment to delivering full remediation to attain the required CAF outcomes.

OG86

Health and Safety Executive (HSE) OG86 – Cyber Security for Industrial Automation and Control Systems (IACS) is designed for securing OT at facilities subject to the Control of Major Accident Hazards (COMAH) regulations. OG86 is principally based on IEC62443, but additionally bolstered by requirements of the NCSC Cyber Assessment Framework (CAF). By combining our depth of expertise in OT, IEC62443, and CAF, we assess your current position and develop remediations to meet any areas of deficiency.

OT Security Architecture Assessments

Our OT security architecture assessment maps your network architecture to show: data pathways, protection of data-in-transit, network security controls, host (endpoint) security controls, IDAM controls, security monitoring, and system resilience and redundancy. Mapping these areas exposes any weak pathways where you are most vulnerable to attack. Our security architecture assessments are conducted independently of any specific framework or standard, allowing us to highlight anything concerning we come across while not focusing unduly on less applicable areas for the specific system. The output of these assessments are proposed remediations to address deficiencies and improve security defences.

OT Security Architecture Design

We deliver high and low-level designs detailing system and network architectures, and the specification of security controls and configuration. This is accompanied by a full set of security requirements for action by the delivery team, which can be further supported by our own Security Architecture team. We also offer an assurance service for the duration of delivery that validates security requirements are being correctly interpreted and delivered. This includes re-working security requirements should technical challenges be encountered in their implementation and attending factory and site acceptance tests to verify requirements have been successfully met.

OT in the Cloud

There are many non-mission critical aspects of OT that can only be successfully delivered in the cloud (e.g, storage of historic data, hosting of security management services, and delivery of remote access systems). The use of hybrid cloud is also an exciting opportunity to allow the delivery of mission-critical OT services. Bridewell is ideally placed to support operators of essential OT services in navigating this landscape, due to the expertise and firsthand experience held within our OT function and Security Architecture team.

Why Bridewell for OT Cyber Security Services?

card icon

Specialist OT Cyber Security Consultants

Securing OT systems presents many additional challenges compared to their IT counterparts. Addressing these challenges requires in-depth knowledge of both OT and cyber security; our OT cyber security consultants are highly skilled in both areas.

card icon

Expertise Across Sectors

Our OT cyber security consultants have extensive experience across: aviation, energy and renewables, heavy metals and mining, oil and gas, water, and more.

card icon

Trusted by the NCSC

Our consultants are active participants in NCSC’s ICS Community of Interest (COI) and Industry 100 schemes, supporting the development of guidance for ICS/OT cyber security across a wide range of important topics.

Start your OT Security Journey

Speak with one of our consultants to see how we can support your organisation in securing its OT environments.

man at desk with computer

How we Deliver OT Security Services

woman at screen

How OT is used within an organisation will vary significanly, depending on their specific applications, vendors, heritage of equipment, external integration/ connectivity and cyber security maturity. While we see synergies across the clients we work with, this often makes for a unique set of challenges to be addressed.

We tailor all our OT security services to meet the specific requirements of each client, ensuring we provide the greatest value possible. At the core of every OT engagement are one or more of our specialist OT cyber security consultants. Where additional specialisms are needed, we will also draw upon the full breadth of expertise across Bridewell to provide a multi-disciplined teams of experts.


Watch On Demand

Rewatch or catch up on our OT webinars

Why Us?

card icon

180+ Security Specialists

Our team have diverse experience across sectors and disciplines, and hold accreditations from numerous industry bodies.

card icon

Certifications

Our people and services are highly accredited by leading industry bodies including CREST, the NCSC, and more. Our SOC holds extensive accreditations from CREST (including for CSIR and SOC2) and works closely with our cyber consultancy services.

card icon

Partnerships

As a Microsoft Partner, we also hold advanced specialisms in Cloud Security and Threat Protection. We’ve also implemented some of the UK’s largest deployments of the Microsoft Security stack, inc. Sentinel, Defender, Purview and more.

Accreditations and Certifications

Our cybersecurity consultants and services are globally recognized for meeting the highest standards of accreditation and have leading industry certifications.

Accreditations - Other