Industrial OT Cyber Security
Risk Assessment
First, understand your weaknesses. Then execute a plan to mitigate them.
The digitisation of industrial systems exposes a new class of risk
As industrial systems become increasingly digitised, connected and fragmented, a new class of threat has emerged which has critical impacts on processes, operational security and physical safety. The first step in building cyber security resilience is to be aware of the emerging threats facing your industry and know precisely where you are most vulnerable.
Peloton takes a holistic approach to cyber risk assessment that is aligned with your organisation’s overall approach to risk management. We start by working closely with your team to understand the maturity and weaknesses of your operational, hazard management and functional safety processes, before preparing a prioritised risk remediation and mitigation roadmap.
We use industry-standard cyber risk assessment frameworks such as ISA/IEC 62443, NIST CSF, NIST SP 800-82, ISO27001 and FAIR.
Why perform a risk assessment?
Make a step-by-step plan with practical recommendations for tactical and strategic steps to strengthen your security posture.
What to expect with a Peloton risk assessment
Starting with a project kick-off workshop to align on agreed objectives, scope, timeline and intended outcomes, Peloton’s Risk Assessment services include:
- Interviews with key business process personnel and functional leaders across your organisation
- Detailed onsite and digital process walk-throughs with process owners
- In-depth information gathering to understand how operations, functional safety and alarm management are managed throughout your operation
- Review and visual inspections of policies, procedures, reports, tolerable risk guidelines and functional specifications of your OT environment
- Analysis of network architecture, documentation review and comparison against relevant standards (Purdue Model)
- Review and assessment of key supply chain processes
- Assessment of data points against security risk and control frameworks including ISA/IEC 62443, NIST CSF, NIST SP 800-82, ISO27001, FAIR and ASD guidelines and threat intelligence related to your industry vertical
The Peloton difference
Experienced experts
Specialist team of ICS practitioners and indistrial cyber security experts with deep understanding of operational risk, functional safety and risk management.
Tailored to your operation
Assessments and recommendations are customised to your needs, industry and relevant mandatory compliance regulations.
Outcome driven approach
Informed by the gap analysis, we make practical recommendations to mature your security posture mapped to relevant standards like IEC 62443, NIST 800-82 and NISF CSF.
Related industrial OT services
Frequently Asked Questions
As industrial control systems become more connected, they also become more exposed to cyber threats. The consequence of a cyberattack could negatively impact the safety, reliability and availability of systems, operations and value chains leading to catastrophic consequences. Addressing these risks is essential for organisations looking to protect their industrial control systems (ICS). OT Risk assessment as the starting point can provide a high-level view of what needs to be addressed at technical and governance levels by obtaining the OT security baseline.
It is important to do an OT risk assessment to:
- Establish a baseline by assessing your current cyber security maturity level in line with physical impact and process reliability
- Understand your vulnerabilities by establishing a clear view of risk associated with critical assets safety, and business continuity
- Make a step-by-step plan with practical recommendations for tactical and strategic steps to strengthen your security posture.
Using an external provider to conduct an OT risk assessment has a range of benefits including utilising their expertise and experience, their use of advanced tools, techniques and their knowledge of compliance and regulations. External providers offer an objective view when identifying, quantifying and prioritising risk mitigating strategies without the subjective judgements of internal employees affecting the outcome.
