The exposure surface of communication systems and networks in industrial environments has increased exponentially. This raises the likelihood of experiencing an incident in Operation Technology (OT) environments.

Industrial Control Systems

Certain industrial automation and control systems, or ICS, and SCADA systems are no longer as isolated from IT as they should be, or manufacturers have ceased support years ago.
IT and OT systems are environments with different knowledge, control, and auditing needs.

Assessment & Securing SCI-SCADA

Action Plan





Local logical access & Physical security

Control, traceability, and session times. Passwords, users, 2FA. Physical access control.

Remote access / Mobile devices

VPN, maintenance policies, OT interconnection (cloud), third-party delegations, external connectivities.

Protection Against Attacks

Proactive security, EDR/XDR, DDoS, uncontrolled events, OT resilience, APT.

Inventory - Training & Education

Lack of inventories, control in the deployment of IoT devices, training and education for personnel.

Network Architecture & Analysis

Secure architecture design in OT environment, network segmentation failures, data diodes, ISA99/IEC62443, IT/OT convergence, wireless elements, topology documentation, NIST 1800-23, DLP.

Network Protocols

Industrial protocols without control or encryption mechanisms, insecure protocols, IEC 62351 (energy), or others.


Certified products, backups and management of them, precarious or default configurations, deficiencies in software, and operation console configuration.

Updates and Obsolescence / Providers

Outdated software and firmware, lack of support, endpoints, monopolistic suppliers, supply chain, and suitability of contracting.

Traceability & Monitoring

Records of activity in logic controllers (PLCs, RTUs, DCS), reporting and integration, automatic OT monitoring, change records, lack of OT traffic visibility.


Laboratory OT, business continuity plan, impact analysis, regular reviews, appropriate documentation.

Let's talk

Feel free to contact us to evaluate the suitability of a security audit in your company’s operational environments.