ICS/OT security is a horizontal specialization across Black Cell solution areas: Fusion Center, Integration, Offensive Security and Compliance.

ICS/OT Security

Data-driven IT/OT convergence accelerated by Industry 4.0 increases cybersecurity exposure of critical infrastructures, especially which are responsible for human lives. Accordingly Black Cell ICS/OT is facing these increasingly pressing challenges with the appropriate humility and sense of vocation.

Our ICS/OT security service portfolio has been built around four core pillars: assess, build, measure, and enhance.

ICS/OT Security

Data-driven IT/OT convergence accelerated by Industry 4.0 increases cybersecurity exposure of critical infrastructures, especially which are responsible for human lives. Accordingly Black Cell ICS/OT is facing these increasingly pressing challenges with the appropriate humility and sense of vocation.

ICS/OT security is a horizontal specialization across Black Cell solution areas: Fusion Center, Integration, Offensive Security and Compliance.

Our ICS/OT security service portfolio has been built around four core pillars: assess, build, measure, and enhance.

Assess

We should have an up-to-date view of the organization’s status, competences, exposure, technical capabilities, policies, and processes to enable making informed decisions. The following services can also be conducted separately, but together provide a complete overview of the maturity.

Vulnerability assessment: For entities that never had a vulnerability assessment, we highly suggest performing it immediately. The aim is, on the one hand, to reduce exposure, which can reduce opportunistic attacks, and, on the other hand, to receive a report of the security state of the infrastructure and its elements. We approach our customers’ systems with the attacker’s methods, resulting is the intrusion paths and steps that an attacker would take.

NIST 800-82 assessment: This type of assessment is based on best practice guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC), while addressing their unique performance, reliability, and safety requirements. The service provides recommended security countermeasures to mitigate the associated risks.

MITRE ATT&CK-based assessment: The analysis is based on the merged version of MITRE ATT&CK for ICS and for Enterprise frameworks describing the attack techniques and tactics and procedures of industrial control units. The assessment uses a passive methodology; therefore, it does not affect ICS/OT devices. The outcome is a detection gap analysis that we compare with a sector-specific heatmap. The heatmap covers the most used attack techniques and procedures providing a prioritised risk management plan.

Build

Building cybersecurity resilience is a continuous effort comprising of many activities. Based on the results of the assessment phase, our engineers not only recommend products and services, but create intelligent cybersecurity ecosystems for securing critical infrastructures. The sub-pillars below cover a wide area of solutions, subject to individual consultation.

Visibility: When building cyber defences for ICS/OT environments, one of the first steps is to ensure visibility without any disruption.

Response: Black Cell’s team can be of assistance at any stage of the incident response, be it fully managed services, system integration or process design, automation or definition of specific procedures, and playbooks, which can be included in the incident response plan (IRP).

Detection: The development of the detection pillar is a continuous effort. Black Cell’s team develops a prioritized action plan based on the MITRE ATT&CK framework, based on the most common attack techniques and procedures in our customer’s sector, and then builds the detections and relevant alert rules based on this.

Measure

The goal of this phase is to have a measurement that can be used to validate both areas already marked as solved and underpin the upcoming improvements. Our compliance, offensive security and detection engineering teams can be of great help in areas requiring specific expertise such as Red Teaming, organizing a table-top exercise (TTX) that might be a practical review of the incident response plan (IRP) as well. At the same time, it could be a simple PCAP-based audit with targets for teamwork and processes.

Enhance

There will always be opportunities for improvement. Once the highest priority tasks – e.g. “baseline” use-case and playbook implementation, attack surface reduction – are performed, one should turn its focus on enhancing the cybersecurity ecosystem.

Deception: Our sophisticated OT deception portfolio contains a wide range of solutions. From DNS honeypots to high-interactivity OT honeynets, where we can detect the intent and motivation as well a proper early warning system. Deception-based detection is an efficient and pragmatic way to build granular detection capabilities in OT environments.

Threat hunting: OT threat hunting is an advanced task where Black Cell professionals try to reveal those threats that may have been hiding in the shadows. Our services are based on strict use-cases like retrospective analysis, protocol mismatches and so on.

Honing knowledge is essential. Our tailor-made information security training modules include

  • OSINT
  • Red/Blue teaming exercises
  • OT cyber ranges
  • OT incident response
  • Forensics
  • Post incident remediation
  • Detection capabilities