OT Site Assessment

Securing your systems: Comprehensive OT Site Assessment for industrial cyber resilience

> OT | SITE ASSESSMENT & MORE > Site Assessment

OT Site Assessment to address cybersecurity risks

As industrial control systems become more connected, they also become more exposed to cyber threats. The consequences of a cyberattack could negatively affect the organization’s efficiency, continuity, and even safety. Addressing these risks is essential for organizations looking to protect their Industrial Control Systems (ICS).

Discover more about OT Site Assessment:

  1. The risks of cyberattacks on ICS and SCADA systems
  2. What is an OT Site Assessment?
  3. The deliverables of an OT Site Assessment
  4. Insights provided by Bureau Veritas Cybersecurity

Risks of Attacks on ICS and SCADA systems

Cyberattacks on ICS and SCADA systems can impact the safety, availability, and reliability of systems, operations, and value chains leading to catastrophic consequences. Organizations that are potentially impacted by these consequences are located in various industries, including but not limited to electric power, water, nuclear, manufacturing, infrastructure, transport (railways, ports, and airports), and oil and gas (upstream, midstream, downstream).

Organizations within these industries have a variety of concerns such as cyberattacks that could cause damage to reputation, shareholder confidence, environment, or cause system outage, loss of production, injury, or even loss of life. Organizations therefore must assess if they have the right mitigations in place to sustain ICS security. While IT and OT have been increasingly convergent over the years, a gap in understanding and solid practice between OT and IT security tends to remain. This critical skills gap contributes to security vulnerabilities, which are often overseen but must be identified and addressed appropriately.

Highlight-image

What is an OT Site Assessment?

An OT Site Assessment is a crucial evaluation process performed to determine the security level of Industrial Control Systems (ICS) and SCADA systems, which are vulnerable to cyberattacks.

These attacks can severely affect the safety, availability, and reliability of systems and operations. This can potentially lead to catastrophic outcomes, such as damaged reputation, environmental harm, system outages, production loss, injury, or even loss of life.

Bureau Veritas Cybersecurity's OT Site Assessment helps organizations ensure they have adequate mitigation strategies against cyber threats. Aligned with international standards like IEC 62443, NIST SP 800-82, and ALARP, it involves site visits, system architecture reviews, and expert consultations to identify and address security weaknesses.

Optional high-level penetration testing is available to validate the level of protection between IT-OT. The assessment covers key IEC 62443 aspects:

The Deliverables of an OT Site Assessment


A detailed OT site assessment report will be delivered with all identified risks, each with an explanation and recommendation. All findings are given a qualitative risk rating. Bureau Veritas Cybersecurity follows a standard risk rating system which can be adjusted based on your organization. Not only are the risks to the ICS identified, but areas to sustain are also included in the report indicating the security strengths of the facility in scope.

Cyber-physical attack scenarios are outlined by giving a detailed description of how an attacker could potentially target the specific site in scope. Cyber-physical attack scenarios could encompass all functional requirements of IEC 62443.

Your Insights from the Assessment

The results of the OT Site Assessment presented by Bureau Veritas Cybersecurity will provide you with the following insights:

  • How effective the implemented OT security controls are
  • How these risks are mapped to relevant parts of the IEC 62443 requirements
  • Were improvements might be required, including our recommendations.

IEC 62443 functional requirements

IEC 62443

OT Site Assessment Areas

FR 1

Identification and authentication control
Assessing the extent of insider risks focusing on the impact that can be caused per group of insiders based on existing mitigating controls.

FR 2

Use control
Investigating external exposure in the form of undesirable externally accessible domains, IPs, and modem connectivity as well as physical security vulnerabilities of the entire site, which could impact the availability and safety of the site.

FR3

System integrity
Assessing OT Network Traffic analysis to discover various kinds of connectivity present on-site, exposure outside of designated areas and physical perimeters, and any security issues that can be identified passively.

Assessing the inherent cyber resilience of your organization both on an architectural and configuration level.

FR4

Data confidentiality
Assessing data exfiltration risks such as obtaining intellectual property and corporate secrets up to obtaining technical information to prepare for sabotage.

FR5

Restricted data flow
Collecting Network Traffic passively at agreed-upon locations utilizing passive network taps or monitor ports. No active scanning, man-in-the-middle, or other measures which might interfere with traffic will be used.

FR6

Timely response to events
Assessing OT network and systems security aims to see if malicious entities can get into your OT network and see what they can potentially compromise (e.g., checking firewall configuration, lateral movement, and checking for insecure protocols).

FR7

Resource availability
Conducting a discrepancy analysis between asset inventory, architecture maps, and perimeter to see whether ICS Visibility and Control is addressed coherently.

More Information

Would you like to learn more about an OT Site Assessment? Please fill out the form below, and we will contact you within one business day.

USP

Related Services

OT Cyber FAT/SAT

OT Cyber FATSAT

Enhance the cybersecurity of your Industrial Control Systems with Bureau Veritas Cybersecurity's ICS Cyber FAT/SAT services. We provide rigorous checks during the FAT and SAT phases, ensuring effective security throughout your project lifecycle.

Threat Modeling for Industrial Control Systems

Secura Threat Modeling Service

Discover potential cyber threats to your Industrial Control Systems with Bureau Veritas Cybersecurity's Threat Modeling service, so you can proactively implement effective security measures.

Industrial VAPT

VAPT Industrial

VAPT, Vulnerability Assessment & Penetration Testing, provides insight into the cyber resilience of your IT and OT networks. Cybersecurity testing in industrial environments requires a specialized approach due to different risks and threat models within OT. We know. Learn about different VAPT approaches in OT.

Threat Modeling Training

In company training course or open to public

In the Threat Modeling Training, you will learn how to get a broad picture of potential risks using the STRIDE methodology. This works both for existing systems and new designs.

OT Cybersecurity Fundamentals Training

OT Cybersecurity

Master the essentials of OT cybersecurity with our comprehensive 'OT Cybersecurity Fundamentals Training' course. Grasp the complexities of Industrial Control Systems (ICS) security and navigate applicable standards to apply effective security controls.

Why choose Bureau Veritas Cybersecurity

Bureau Veritas Cybersecurity is your expert partner in cybersecurity. We help organizations identify risks, strengthen defenses and comply with cybersecurity standards and regulations. Our services cover people, processes and technology, ranging from awareness training and social engineering to security advice, compliance and penetration testing.

We operate across IT, OT and IoT environments, supporting both digital systems and connected products. With over 300 cybersecurity professionals worldwide, we combine deep technical expertise with a global presence. Bureau Veritas Cybersecurity is part of the Bureau Veritas Group, a global leader in testing, inspection and certification.