Explore

ICS/OT Security

ICS/OT security is a horizontal specialization across Black Cell solution areas: Fusion Center, Integration, Offensive Security and Compliance.

Data-driven IT/OT convergence accelerated by Industry 4.0 increases cybersecurity exposure of critical infrastructures, especially which are responsible for human lives. Accordingly Black Cell ICS/OT is facing these increasingly pressing challenges with the appropriate humility and sense of vocation.

Our ICS/OT security service portfolio has been built around four core pillars: assess, build, measure, and enhance.

Download our latest ICS Security Feed
Get Started

How we start

01 Assess

We should have an up-to-date view of the organization’s status, competences, exposure, technical capabilities, policies, and processes to enable making informed decisions. The following services can also be conducted separately, but together provide a complete overview of the maturity.

Vulnerability assessment

For entities that never had a vulnerability assessment, we highly suggest performing it immediately. The aim is, on the one hand, to reduce exposure, which can reduce opportunistic attacks, and, on the other hand, to receive a report of the security state of the infrastructure and its elements. We approach our customers’ systems with the attacker’s methods, resulting is the intrusion paths and steps that an attacker would take.

NIST 800-82 assessment

This type of assessment is based on best practice guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC), while addressing their unique performance, reliability, and safety requirements. The service provides recommended security countermeasures to mitigate the associated risks.

MITRE ATT&CK-based assessment

The analysis is based on the merged version of MITRE ATT&CK for ICS and for Enterprise frameworks describing the attack techniques and tactics and procedures of industrial control units. The assessment uses a passive methodology; therefore, it does not affect ICS/OT devices. The outcome is a detection gap analysis that we compare with a sector-specific heatmap. The heatmap covers the most used attack techniques and procedures providing a prioritised risk management plan.

Submit inquiry

Explore

Next step

02 Build

Building cybersecurity resilience is a continuous effort comprising many activities. Based on the results of the assessment phase, our engineers not only recommend products and services, but create intelligent cybersecurity ecosystems for securing critical infrastructures. The sub-pillars below cover a wide range of solutions, subject to individual consultation.

Visibility

When building cyber defenses for ICS/OT environments, one of the first steps is to ensure visibility without disruption. Primarily, we secure OT environments through passive network monitoring, analyzing mirrored traffic to prevent potential disruptions. The option of active response is also available, if desired. To achieve comprehensive network visibility, we offer multiple solutions, tailored to your specific needs and environmental characteristics.

Our signature Network Security Monitoring (NSM) product offers comprehensive network traffic analysis, transforming raw network traffic into structured, easily analyzable data. Protocol analysis, metadata extraction, anomaly detection, and file extraction provide deep visibility into your network traffic.

Detection

The development of the detection pillar is a continuous effort. Black Cell’s team develops a prioritized action plan based on the MITRE ATT&CK framework, considering the most common attack techniques and procedures in our customers’ sector. Leveraging our proven and up-to-date detection rule stack, expanded with additional tailored detections, enables security alerting and anomaly detection, which is further enhanced by machine learning when integrated with our ESM product.

Alternatively, we provide Nozomi Networks solutions, renowned for their robust OT network monitoring and anomaly detection capabilities. Both options provide security that grows with you, customized to your current and future needs.

         

Hardware-Based Security Solutions

In environments where security demands are exceptionally stringent, we deploy Waterfall Security’s Unidirectional Gateways (UGW). This hardware-based solution enforces secure, one-way information flow, preventing any possibility of remote intrusion or data manipulation from external networks.

For secure remote access, a common challenge in OT environments, we implement Waterfall Security’s Hardware-Enforced Secure Remote Access (HERA) solution. Traditional remote access methods, often relying on VPNs and software-based security, introduce significant vulnerabilities. HERA provides a robust, hardware-based alternative that physically isolates the OT network from external connections. It allows authorized personnel to access necessary data and systems without exposing the core operational network to cyber threats.

Response
Black Cell’s team offers flexible support across various security domains, including fully managed services, system integration, process design, automation, and the creation of tailored security procedures and playbooks. Specifically for incident response, we provide assistance at any phase and ensure seamless integration of these procedures into your Incident Response Plan (IRP).
    Submit inquiry

    What’s next

    03 Measure

    The goal of this phase is to have a measurement that can be used to validate both areas already marked as solved and underpin the upcoming improvements. Our compliance, offensive security and detection engineering teams can be of great help in areas requiring specific expertise such as Red Teaming, organizing a table-top exercise (TTX) that might be a practical review of the incident response plan (IRP) as well. At the same time, it could be a simple PCAP-based audit with targets for teamwork and processes.

    Submit inquiry

    Explore

    Last step

    04 Enhance

    There will always be opportunities for improvement. Once the highest priority tasks – e.g. “baseline” use-case and playbook implementation, attack surface reduction – are performed, one should turn its focus on enhancing the cybersecurity ecosystem.

    What are the key benefits?

    • Comprehensive Protection – Safeguard industrial control systems (ICS) and operational technology (OT) from cyber threats with tailored security solutions.
    • Proactive Threat Detection – Identify vulnerabilities and detect threats in real time with advanced monitoring and threat intelligence.
    • Compliance & Risk Management – Ensure alignment with industry regulations like NIS 2, IEC 62443, and more, reducing compliance risks.
    • Minimized Downtime – Protect critical infrastructure with rapid incident response and robust resilience strategies to maintain operational continuity.
    Submit inquiry

    Deception

    Our sophisticated OT deception portfolio contains a wide range of solutions. From DNS honeypots to high-interactivity OT honeynets, where we can detect the intent and motivation as well a proper early warning system. Deception-based detection is an efficient and pragmatic way to build granular detection capabilities in OT environments.

    Information security training modules

    Honing knowledge is essential. Our tailor-made information security training modules include:

    • OSINT
    • Red/Blue teaming exercises
    • OT cyber ranges
    • OT incident response
    • Forensics
    • Post incident remediation
    • Detection capabilities

    Threat hunting

    OT threat hunting is an advanced task where Black Cell professionals try to reveal those threats that may have been hiding in the shadows. Our services are based on strict use-cases like retrospective analysis, protocol mismatches and so on.