Securing Federal and Commercial ICS/OT Environments
Cyber adversaries are increasingly gaining malicious access through neglected and unsecured operational technology (OT) and industrial control systems (ICS). Critical infrastructure and industrial systems that once stood alone are now converging with IT networks, increasing the attack surface.
Recognizing this shift, defense, government, and commercial entities are reexamining the security of their control systems. Where does the OT network converge with enterprise IT? What are the best ways to secure these control systems to improve cyber resiliency? Who has ownership over this new problem and what can be done to reduce the risk?
RMC is at the forefront of ICS/OT cybersecurity, and we provide the solutions needed to make mission-critical control systems secure.
48%
of participants don’t know whether or not their OT environment was compromised within the last year
(2021 SANS Survey)
less than
5%
of OT professionals said they were confident in their company's ability to secure IoT devices and systems
(2018 SANS Survey)
42%
of companies do not have a formal program to inventory OT assets
(2021 SANS Survey)
1
in
3
cybersecurity jobs in the U.S. is vacant due to a lack of cybersecurity professionals
(https://www.cyberseek.org)
Industrial Cybersecurity Services
Our cybersecurity specialists have unmatched OT and ICS cybersecurity experience across the U.S. Department of Defense, civilian government agencies, and commercial organizations. We see and understand the increasing risks from control system vulnerabilities – and work with you to create and implement the policies, programs, plans, and actions to better protect your non-traditional IT. It’s not enough to know that control systems need to be secured. Sometimes it helps to have an expert in your corner who can help. We’ll conduct a risk analysis to understand your system vulnerabilities, determine which ones you really do need to worry about, and recommend how to remediate them. Then, our team can implement the controls you need to prevent or mitigate the harm from attacks.
Governance and Strategy
Taking an executive-level perspective on cybersecurity, our team sits with yours to create and execute the strategies and policies you need to protect your assets, your mission, and your organization from OT cyber threats and attacks. We review, assess, and create the cybersecurity strategy and policy, continuity of operations, disaster recovery plans, configuration management plans, quality assurance plans, application user manuals, and information system security plans to ensure organizational alignment. Policy Development is an important early step in building your OT cybersecurity program. We work with you to select or adapt, from the many available models, the one that is a best fit for your industry and organization.
Asset Inventory and Assessment
Whether your control system is part of a military base, airport, hospital, production line, office building, utility system, or any other facility, our cybersecurity team can safely conduct an asset inventory and assessment to pinpoint and mitigate your vulnerabilities. We work carefully with the system owners to ensure that our assessments do not impact operations.
- Asset Inventory Services illuminate the assets and network, providing visibility and opening the door for our assessment services.
- Risk Assessments start by identifying the vulnerabilities of an OT or ICS system. We then assess your operational environment and the mitigation you already have in place. We drive to insight by focusing on the vulnerabilities that pose the greatest risk.
- Compliance Assessments are inspections of a pre-determined set of system and process attributes to identify which are – and which are not – configured to meet specifications.
- Vulnerability Assessments identify the vulnerabilities of an OT or ICS asset, so you and your team are aware and can take action.
- Adversarial – Red Teaming adopts an adversarial perspective to attempt gaining access to connected systems.
- Adversarial – Penetration Testing is the intentional launching of simulated cyberattacks designed to exploit control system and operational technology.
Compliance Management
Government and industry certifications are meant to ensure that organizations are doing everything that’s expected to protect their systems. If you’re working toward achieving an OT system or industrial cybersecurity accreditation or certification, we serve as your guide to help you establish your compliance program – regardless of the framework. RMC helps you select the framework, set up your policies, and ensure that your team is following through on necessary practices.
- Full Managed Industrial Cybersecurity Compliance Services to support NIST 800-82, IEC 62443, and NERC CIP compliance frameworks. We meet you where you are and provide the advisory and expertise you need to reach certification. RMC manages the process and serves as your security and compliance team.
- Risk Management Framework, or RMF, is a government-directed model for securing computer systems. The U.S. Department of Defense amplifies the framework with additional policies and guidance. Our cybersecurity team uses a standardized approach to the RMF process, ensuring that you have policies and procedures in place – and that they are documented. We also validate your cybersecurity controls and that your team is modeling your policies. Together, we’ll ensure that you’re ready for the credentialing review, meeting your own standards and the RMF requirements for validated cybersecurity controls.
Why RMC for ICS/OT Cybersecurity
- We’ve done this before. We’ve been doing OT cybersecurity for more than 10 years with a proven track record of results and safety.
- We have an expert team. We have, hire, and train OT cybersecurity experts, whose focus is control system cybersecurity. On average, our cyber experts have over 12 years of ICS and OT specific cyber experience.
- We do no harm. We know the danger of causing downtime and introducing delays to your essential systems. We prioritize safety above all.
- We have a high success rate for achieving ATO status for our customers. Our team has inside expertise, knowledge of the landscape, and skills forged in the accreditation offices to build accreditation packages that achieve and maintain your authority to operate.
Our Experience
- Critical manufacturing
- Pharmaceutical
- Healthcare and medical devices
- Transportation
- Water and wastewater utilities
- Communications and telecom
- Government facilities
- Building management
- Emergency services
- Power and energy systems
