SEC Consult offers you comprehensive support in increasing cyber security in the OT environment in the long term. Based on established standards and best practices, we analyse your processes as well as technical and organisational measures, identify vulnerabilities and risks and define customised security measures for you.
Designing operational technology securely
Our experts are always there for you ...
Experienced and certified security experts from various areas in the IT and OT environment (network, application, hardware, ISM and incident) support you in developing a multi-layered security approach (defence in-depth).
... and know all norms and standards.
The team of SEC Consult experts can draw on a variety of established implementation and testing processes for technical and organisational measures: such as the ISO/IEC 27000-series, the NIST SP 800 series, IEC 62443, the BSI IT-Grundschutz and the ICS Security Compendium, NIS, CREST, OSCP and many more.
OT Security made by SEC Consult
- State-of-the-art security
- Optimised development, operation and maintenance processes
- Detailed know-how about vulnerabilities and risks in the OT environment
- Compliance thanks to certification maturity in ISO and IEC
The path to sustainable OT security
In addition to the threat from cyberspace, extensive and demanding legal and contractual requirements as well as the digital transformation in industry are serious challenges for many companies and organisations. As a result, OT landscapes vary greatly from case to case and our security specialists work in close consultation with you to assess all your specific security needs.
- A joint review of infrastructure and operated components through documentation and interviews leads to the definition of the scope. The scope varies from individual installations to the entire networked infrastructure.
- Our experts from different disciplines (organisational and technical) can identify a holistic list of vulnerabilities and threats by looking in detail at your documentation, configurations, assets, systems and components.
- In order for you to be able to establish a context for your business environment, we determine the risks in joint workshops on the basis of relevant and realistic scenarios. SEC Consult also offers a whole range of templates, questionnaires and predefined scenarios to support you.
- Don't worry, we won't leave you alone with the results! Based on the insights gained from the process so far, we identify improvement and risk treatment measures and formally prepare them for you in a report.
- The defined measures are always based on established standards (ISO 27001, NIST SP 800-82, IEC 62443) and thus ensure state-of-the-art technology for your future cyber security as well.
What you should know about OT Security
The use of hardware and software to monitor and control physical processes, devices and infrastructures is at the core of businesses and organisations. Many OT systems have been connected to IT systems in recent years to improve workflows and increase productivity. However, this also increases the attack surface for cyber criminals.
OT Security describes the secure operation of networked systems for controlling and monitoring physical processes, devices and infrastructures.
Our consulting activities are based on common standards for industrial control and automation systems. These include the IEC 62443 series of standards, the ICS Security Compendium and NIST SP 800-82r2.
- A close exchange with experts
- A wide range of consulting services - from logical/process-related to physical analyses and recommendations for measures (framework, guidelines, procedures to the inspection of physical components in the area of industrial control systems)
- State-of-the-art security
- Optimisation of development, operation and maintenance processes
- Conformity with established standards
- Certification maturity in ISO and IEC
- Detailed knowledge of vulnerabilities and risks in the OT environment with regard to life and limb (safety), availability, integrity and confidentiality
Different target groups have different needs. Therefore we offer tailor-made services for
- Operators of critical infrastructures
- Operators and manufacturers of industrial automation systems and components
- CISOs, automation technicians, engineers, developers and IT administrators