Explore
ICS/OT Security
ICS/OT security is a horizontal specialization across Black Cell solution areas: Fusion Center, Integration, Offensive Security and Compliance.
Data-driven IT/OT convergence accelerated by Industry 4.0 increases cybersecurity exposure of critical infrastructures, especially which are responsible for human lives. Accordingly Black Cell ICS/OT is facing these increasingly pressing challenges with the appropriate humility and sense of vocation.
Our ICS/OT security service portfolio has been built around four core pillars: assess, build, measure, and enhance.
How we start
01 Assess
We should have an up-to-date view of the organization’s status, competences, exposure, technical capabilities, policies, and processes to enable making informed decisions. The following services can also be conducted separately, but together provide a complete overview of the maturity.
Vulnerability assessment
For entities that never had a vulnerability assessment, we highly suggest performing it immediately. The aim is, on the one hand, to reduce exposure, which can reduce opportunistic attacks, and, on the other hand, to receive a report of the security state of the infrastructure and its elements. We approach our customers’ systems with the attacker’s methods, resulting is the intrusion paths and steps that an attacker would take.
NIST 800-82 assessment
This type of assessment is based on best practice guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC), while addressing their unique performance, reliability, and safety requirements. The service provides recommended security countermeasures to mitigate the associated risks.
MITRE ATT&CK-based assessment
The analysis is based on the merged version of MITRE ATT&CK for ICS and for Enterprise frameworks describing the attack techniques and tactics and procedures of industrial control units. The assessment uses a passive methodology; therefore, it does not affect ICS/OT devices. The outcome is a detection gap analysis that we compare with a sector-specific heatmap. The heatmap covers the most used attack techniques and procedures providing a prioritised risk management plan.
Explore
Next step
02 Build
Building cybersecurity resilience is a continuous effort comprising of many activities. Based on the results of the assessment phase, our engineers not only recommend products and services, but create intelligent cybersecurity ecosystems for securing critical infrastructures. The sub-pillars below cover a wide area of solutions, subject to individual consultation.
Visibility
When building cyber defences for ICS/OT environments, one of the first steps is to ensure visibility without any disruption.
Detection
The development of the detection pillar is a continuous effort. Black Cell’s team develops a prioritized action plan based on the MITRE ATT&CK framework, based on the most common attack techniques and procedures in our customer’s sector, and then builds the detections and relevant alert rules based on this.
Response
Black Cell’s team can be of assistance at any stage of the incident response, be it fully managed services, system integration or process design, automation or definition of specific procedures, and playbooks, which can be included in the incident response plan (IRP)
What’s next
03 Measure
The goal of this phase is to have a measurement that can be used to validate both areas already marked as solved and underpin the upcoming improvements. Our compliance, offensive security and detection engineering teams can be of great help in areas requiring specific expertise such as Red Teaming, organizing a table-top exercise (TTX) that might be a practical review of the incident response plan (IRP) as well. At the same time, it could be a simple PCAP-based audit with targets for teamwork and processes.
Explore
Last step
04 Enhance
There will always be opportunities for improvement. Once the highest priority tasks – e.g. “baseline” use-case and playbook implementation, attack surface reduction – are performed, one should turn its focus on enhancing the cybersecurity ecosystem.
What are the key benefits?
- Comprehensive Protection – Safeguard industrial control systems (ICS) and operational technology (OT) from cyber threats with tailored security solutions.
- Proactive Threat Detection – Identify vulnerabilities and detect threats in real time with advanced monitoring and threat intelligence.
- Compliance & Risk Management – Ensure alignment with industry regulations like NIS 2, IEC 62443, and more, reducing compliance risks.
- Minimized Downtime – Protect critical infrastructure with rapid incident response and robust resilience strategies to maintain operational continuity.
Deception
Our sophisticated OT deception portfolio contains a wide range of solutions. From DNS honeypots to high-interactivity OT honeynets, where we can detect the intent and motivation as well a proper early warning system. Deception-based detection is an efficient and pragmatic way to build granular detection capabilities in OT environments.
Information security training modules
Honing knowledge is essential. Our tailor-made information security training modules include:
- OSINT
- Red/Blue teaming exercises
- OT cyber ranges
- OT incident response
- Forensics
- Post incident remediation
- Detection capabilities
Threat hunting
OT threat hunting is an advanced task where Black Cell professionals try to reveal those threats that may have been hiding in the shadows. Our services are based on strict use-cases like retrospective analysis, protocol mismatches and so on.