OT & Site Resilience

Where operational technology (OT) meets IT, particular risks arise - and particular opportunities for resilience. NIST SP 800-82 Rev.3 explicitly addresses OT security including building automation, physical access controls and transport. CISA and ENISA stress the benefits of converged security functions, especially for energy, water, manufacturing and critical facilities.

We start with an OT/ICS assessment: which control and automation systems are in use, how are they networked, and where do legacy and implementation burdens lie? Particularly in areas such as water, gas and parts of transport, criticality and maturity still diverge - this is where we apply ourselves deliberately.

On this basis we develop robust network segmentation and a remote-access governance that controls, logs and secures remote access - an entry point often underestimated in practice. We reconcile OT reality and security requirements without slowing operations.

The conclusion is the link between digital and physical: site risk analyses, protection-needs assessments and cyber-physical protection concepts that bring together access, perimeter, threat detection and emergency governance. This makes a site resilient as a whole, not just in parts.

We deliver each of these services in three stages: as an assessment (baseline and gap analysis), as program build and implementation (structures, measures, evidence) and as ongoing steering - optionally as an interim mandate, fractional lead, evidence office or exercise and audit office. You decide how much responsibility to outsource and where to build your own capacity.