Industrial Control Systems Cybersecurity

Industrial Control Systems Cybersecurity

By approaching operations as an integrated system, we safeguard your business-critical information and Operational Technology / Industrial Control Systems (OT/ICS) from cyber threats.

By approaching operations as an integrated system, AcuTech safeguards your business-critical information, operational technology, and industrial control systems from cyber threats. Our consultants conduct holistic evaluations, review system designs and functionality and identify vulnerabilities and risks. Additionally, they recommend robust mitigations and countermeasures.

We assist companies in navigating evolving regulatory landscapes, meeting compliance requirements, and adopting best practices. Our seasoned consultants bring expertise in Operational Technology/Industrial Control Systems (OT/ICS) cybersecurity, offering strategic security planning, cost/benefit analyses, and tailored security measures.

Comprehensive Industrial Cybersecurity Capabilities

AcuTech’s capabilities span a range of services designed to meet the unique cybersecurity needs of industrial enterprises. These services help ensure the resilience of your organization’s security.

AcuTech conducts a thorough assessment of industrial cybersecurity systems and associated information technology systems. Our consultants pinpoint vulnerabilities and recommend countermeasures to empower our partners in the face of evolving cyber threats and expanding regulatory demands. They excel at providing comprehensive cost-benefit analyses, strategically emphasizing security measures that offer optimal utility.

Cybersecurity Standards, Benchmarks, and Best Practices

Well-versed in industry best practices, we consistently guide organizations toward meeting and exceeding established benchmarks. Through AcuTech’s dedicated team, companies gain access to in-depth Cyber-Security Risk Assessments (C-SRA). We scrutinize all aspects, from overarching cyber policies to practices, procedures, and platforms, rectifying potential vulnerabilities. Our expertise extends to the latest cybersecurity standards, including ISO 27001/27002, NIST 800 series, NERC CIP/FERC, and ISA/IEC-62443 (formerly ISA-99). 

Cybersecurity Services for Critical Industrial Systems

Our services include Cybersecurity Risk Analyses, OT/ICS Cyber Vulnerability Assessments, and Operational Technology/Industrial Control Systems Cybersecurity Program Development. We conduct Cybersecurity Program Audits, identify vital data, systems, and resources for post-cyber event recovery, and plan for business continuity and disaster recovery. Additionally, we offer sector-specific services including MTSA/ISPS vulnerability assessment and plan support, maritime cybersecurity drills & exercises, and hydrogen value chain cybersecurity.

AcuTech provides a holistic, integrated approach to industrial cybersecurity, combining deep technical expertise, regulatory knowledge, and strategic guidance to help organizations anticipate, prevent, and respond to evolving cyber threats while maintaining operational resilience. Partner with AcuTech to navigate the evolving landscape of industrial cybersecurity threats. Secure the continuity of your critical operations. 

Integrated ICS/OT Cybersecurity Capabilities

Governance, Maturity & Program Development
  • Cybersecurity Program Development & Enhancement: The cybersecurity program development work process builds a robust, functional, enterprise-wide program by taking a holistic approach to managing an organization’s cybersecurity risksBy putting governance at the core, this work process helps build a robust, sustainable cybersecurity program that incorporates all aspects of the organization, from people to technology and the work processes that support them.  
  • Capability Maturity Assessments: Using frameworks like C2M2, NIST CSF, and others.
  • National Cybersecurity Framework Assessments & Audits
  • Policy, Procedure, Maintenance Planning & Program Development and Assessment
  • System Security Scorecard Development, Verification & Validation
  • Security Target Level (SL) Calculation, Verification & Validation
  • OEM Design, Engineering & Project Specification Review and Verification
  • Cybersecurity Program Audit: The cybersecurity program audit is a process for reviewing an organization’s cybersecurity risk management program to ensure compliance and adherence to industry best practices. The process evaluates policies, procedures, security controls, and cyber management tools, helping an organization understand how effectively and comprehensively they are managing their cybersecurity risks.
Risk, Vulnerability & Compliance Assessments
  • Cyber Process Hazard Analysis (Cyber PHA / Cyber HAZOP): The Cyber Process Hazard Analysis (Cyber PHA) risk assessment work process follows a systematic, safety-oriented methodology to ascertain the risks of cybersecurity as it relates to Operational Technology (OT), Industrial Controls Systems (ICS), Safety Instrumented Systems (SIS), and their networks, processes, and support systems and utilities. The methodology integrates multiple engineering disciplines, including process safety, industrial automation, industrial IT, and cybersecurity. It leverages established process safety management methodologies and uses that information to perform a Cyber PHA, using HAZOP-like worksheets.
  • ICS/OT Cybersecurity Risk Assessments
  • OT/ICS Cyber Vulnerability Assessments: Cyber vulnerability assessment is a work process of identifying, analyzing, and evaluating security vulnerabilities and weaknesses in an organization’s Operational Technology (OT) and Industrial Automation and Control System (IACS) infrastructure. The process helps organizations reduce their cybersecurity risks, improve their cybersecurity posture, and better understand their operational equipment, processes, procedures, and management systems.
  • Vulnerability, Gap & Compliance Assessments
  • Regulatory & Standards Alignment Assessments: Including ISA/IEC 62443, NIST SP 800-82, and other industry standards.
  • Threat-Driven Security & SOC-OT Enablement
  • OT Threat Modeling: Using frameworks like MITRE ATT&CK for ICS and STRIDE.
  • Indicators of Compromise (IoC) & Indicators of Attack (IoA) Assessments
  • SOC-OT Use Case & Playbook Development, Review & Optimization
  • OT Alarm & Alert Rationalization and Documentation
  • Dark Web Reconnaissance and Threat Intelligence Services
Operational Resilience & Recovery
  • Identification of Vital Data, Systems, and Resources: For post-cyber event recovery.
  • Business Continuity & Disaster Recovery Planning (BCP & DRP): Development and assessment.
  • ICS/OT Backup & Recovery Assessments
  • OT Incident Response Readiness Assessments
  • Incident Response Tabletop Exercises: Technical and executive-level simulations.
Architecture, Controls & Technical Validation
  • ICS/OT Network Segmentation Design & Assessment
  • Zone & Conduit Design, Review & Validation: Aligning with ISA/IEC 62443.
  • OT Firewall Architecture & Ruleset Review
  • Safe & Secure Penetration Testing (SSPT) Design & Risk Assessment
Sector-Specific Cybersecurity Services
  • Maritime Cybersecurity: Facility vulnerability assessments, integration into security plans, personnel training, risk mitigation, drills & exercises, and international audit support. MTSA Vulnerability Assessment & Plan Support
  • Hydrogen Value Chain Cybersecurity: Specialized assessments and safeguards for hydrogen production, transport, and storage operations.
Training & Capability Enablement
  • Role-Based & Technical ICS/OT Cybersecurity Training
  • Cybersecurity Training Center Design: Physical & virtual labs, cyber-ranges.
  • Team Capability Assessments & Skills Development Roadmaps

AcuTech’s consultants are well versed in codes and standards developed by industry bodies and will refer to these as well as each client’s local jurisdiction codes and standards.

  • IEC 62443 – Industrial communication networks – Cybersecurity. IEC 62443 provides guidelines and requirements for implementing cybersecurity measures in industrial automation and control systems (IACS). It aims to protect critical infrastructure from cyber threats by establishing principles for secure system design, operation, and maintenance.
  • NIST Cybersecurity Framework (CSF). Developed by the National Institute of Standards and Technology (NIST), the Cybersecurity Framework is organized around five (5) key functions – Identify, Protect, Detect, Respond, and Recover – and is a tool designed to help organizations improve their cybersecurity posture by effectively communicating, integrating, and aligning on cybersecurity risk management across all levels of their organization.
  • NIST SP 800-53 Rev. 5. Published by the National Institute of Standards and Technology (NIST), Special Publication 800-53 Rev. 5 provides guidelines on security and privacy controls information systems and organizations to protect operations, assets, individuals, and other organizations. It covers various aspects of cybersecurity, including risk management, functional security and assurance, and incident response.
  • NIST SP 800-82 Rev. 2. Published by the National Institute of Standards and Technology (NIST), Special Publication 800-82 Revision 2 provides guidelines on securing industrial control systems. It covers various aspects of cybersecurity, including risk management, access control, and incident response.
  • IEC 61511. The International Electrotechnical Commission (IEC) 61511 standard focuses on the functional safety of safety instrumented systems (SIS) used in the process industry. While not explicitly a cybersecurity standard, it emphasizes the importance of considering security aspects in the design and operation of safety systems.
  • ISA TR 84.00.09 – ICS Cybersecurity. ISA TR 84.00.09 focuses on cybersecurity for industrial control systems (ICS). It provides recommendations for securing ICS networks and devices against cyber threats, including guidelines for risk assessment, access control, and incident response.
  • ISO 27001. Although not specific to industrial control systems, ISO 27001 is a widely recognized international standard for information security management systems (ISMS). Organizations can use ISO 27001 to establish, implement, maintain, and continually improve their information security management.
  • ISACA COBIT. Published by ISACA, the COBIT (Control Objectives for Information and Related Technologies) framework is designed for businesses and is focused on IT management, with each process defined together with process inputs and outputs, process activities, process objectives, performance measures, and measures for organizational maturity.
  • API 1164. Published by the American Petroleum Institute (API), API 1164 provides guidelines for pipeline supervisory control and data acquisition (SCADA) systems. While focused on the oil and gas industry, its principles are applicable to other process industries. It addresses aspects of security, including network design and data integrity.
  • CFATS (Chemical Facility Anti-Terrorism Standards). Administered by the U.S. Department of Homeland Security (DHS), CFATS provides a set of standards and regulations to enhance security at high-risk chemical facilities, including those in the process industries.
  • NERC CIP (Critical Infrastructure Protection). The North American Electric Reliability Corporation (NERC) CIP standards are a set of requirements designed to secure the cyber assets of the bulk power system. While specific to the electric utility industry, these standards have implications for other critical infrastructure sectors.
Request A Call
Related Services
Mining Safety & Security
Metal and Steel Safety & Security
Pulp and Paper Safety & Security
View All
View All Services
Get in Touch
Ready to kick off your next project? We are too.