Thales’ Operational Technology Security Assessment identifies your installed OT assets, carries out a technical inspection of those assets to determine dependencies and vulnerabilities, and reviews site operating procedures. The assessment's output is a quantified risk report, showing our analysis with proposed recommendations on how to improve your OT security posture.
|
|
|
|
| Device and System Vulnerabilities | Inadequate Processes | Gaps in Regulatory Knowledge | Gaps in Specialist OT Knowledge |
The OT Security Assessment service is designed to gather all information required to establish an OT security programme. It provides an overview of the current state, identifying where the above challenges may be present in a client organisation, delivering recommendations, including a high-level road map detailing next steps. Thales' assessment provides actionable feedback that can serve as critical input when designing and implementing future security initiatives, as part of an OT security programme. The assessment covers the following areas:
1 |
Technical inspection of OT assets and dependencies to identify vulnerabilities and associated risks, which could ultimately be exploited and result in business disruption. |
2 |
Passive network monitoring and data capture, using state of the art probes to aid identification of assets and their associated vulnerabilities. In Thales’ experience, the passive analysis method is the safest way to analyse the network, compared with active techniques which may have unintended consequences. |
3 |
Review of the site operating procedures and ‘as-is’ situation against IEC 62443-2-1. The IEC 62443 series of standards are an internationally recognised benchmark of good practices when striving for OT security and resiliency. The controls listed in the IEC 62443-2-1 standard provide the ideal framework for assessing organisations, in the early stages of their OT security journey. |
4 |
Offline data analysis following assessment, with findings presented clearly and concisely in the context which they were observed. The deliverables include strategic and tactical recommendations to address each finding, taking into consideration severity, likelihood, and context of the findings within a client organisation. |
OT Security Assessment Tailored to Your Specific Circumstances
Thales specialises in Operation Technology cybersecurity and has built the security assessment based on our extensive knowledge of mission critical systems and OT best practice. As every company has different requirements and processes, we build our assessments around your specific needs and examine your OT security against what is needed for your specific organisation.
Assessment Against Rigorous International Standard IEC 62443-2-1
The IEC 62443 series are an internationally recognised benchmark of good practice when striving for OT security and resilience. IEC 62443-2-1 sets out security program requirements for IACS (OT) asset owners and provides guidance on how to develop and evolve the security program. In Thales’ experience, the controls listed in the 62443-2-1 standard provide the ideal framework for organisational assessments, in the early stages of their OT security journey. The output of the assessment against this standard is a quantified risk report, covering: the operational score, how you work, governance score, and how you should work against the key pillars of IEC 62443-2-1.
Impartial and Dedicated Focus on Cyber Security
Thales is vendor agnostic. We do not have a bias towards particular OEM’s, hardware or software vendors. Thales’ only goal is to achieve the best possible coverage, quality and deliverables. We provide independent assessments without any motivation to either maintain or increase its position as an OT security vendor.
