Our ICS/OT services include:
ICS/OT Secure Networking
The Strive team can design, implement, and test comprehensive ICS/OT security solutions including integration of new applications, control upgrades, network segmentation, industrial grade firewall implementation, and network infrastructure LAN/WAN upgrades. Strive has the skills to achieve results in a secure manner while minimizing impact to production environments.
ICS/OT Vulnerability Assessment
Strive will work with onsite staff to walk clients through our cyber vulnerability and risk assessment methodology, identifying and documenting weak points in your ICS/OT environment and providing a detailed remediation plan for your organization.
Supported Frameworks include ISA/IEC-62443, NIST 800-82, NIST 800-53, ONG-C2M2, CIS, MITRE ATT&CK for ICS, and ISO 2700X series
Strive SMEs will assess your organization’s chosen compliance framework and identify any operational gaps. Strive will provide a detailed report as well as a plan of action and milestones (POA&M) to remediate any deficiencies found.
Supported Frameworks: ISA/IEC-62443, NIST 800-82, NIST 800-53, ONG-C2M2, CIS, MITRE ATT&CK for ICS, and ISO 2700X series
Incident Response for Enterprise and OT Environments
Industrial control systems, like traditional business information systems, are increasingly under attack from a variety of malicious sources. Since the IT Environment is a likely attack vector to the OT environment, having an incident response plan that incorporates IT and OT is critical in preparing to handle a cybersecurity incident. Strive can work with you to create a comprehensive incident response plan, so your organization is prepared to identify, contain, eradicate, and recover from a cybersecurity incident within your production and enterprise environments.
Penetration testing in an ICS/OT environment needs to be handled with the utmost caution as to not create operational impact to the client. Our ICS penetration testing services utilize certified individuals with decades of experience within ICS/OT environments, enabling your organization to determine whether attackers can successfully turn a breach into extortion or create other operational impacts. Deliverables include a step-by-step report detailing the vulnerabilities exploited, the path to achieving operational impact, and a remediation plan to prevent such a campaign from reoccurring.
Policies and Procedures
Policies and procedures are essential to ICS/OT security: they provide a manual for handling day-to-day operations and incidents within your production networks. Strive consultants will work with clients to develop policies and procedures that will foster a strong security posture and reduce risk.
Policy and Procedures can be written to adhere to the following Frameworks: ISA/IEC-62443, NIST 800-82, NIST 800-53, ONG-C2M2, CIS, MITRE ATT&CK for ICS, and ISO 2700X series
Cybersecurity Awareness Training
The cybersecurity threat landscape is vast. Many IT professionals face challenges in creating a Cybersecurity Awareness & Training Program that can prepare employees for all the relevant threats facing their organization. Strive can help build the right program for you. Our instructors are industry experts and will educate employees on the latest threats along with the dos and don’ts for both traditional enterprise and production-ICS/OT networks.
Supply Chain Risk Management
Globalization of supply chains has made them vulnerable to disruptions such as economic unrest, cybersecurity risks, demand fluctuations, or natural and man-made disasters with potentially damaging long and short-term impacts on the business.
Enterprises and today’s production environments need resilient supply chains to minimize the negative impacts of disruptions to revenue, costs, and clients. Effective supply chain risk management is key to building and maintaining resilient supply chains. Strive can help your organization mitigate its supply chain risk.
Secure Remote Access
The Strive Cybersecurity experts will design, implement, and test secure interactive remote access for your organization using industry best practices. Our Cybersecurity experts leverage two-factor authentication, secure trust zones (utilizing least-privilege access control lists), intermediate systems, remote access monitoring, and alerting to ensure your environment has a state-of-the-art, defense-in-depth approach applied for all remote access.
Change Configuration Management
Change management is a set of standardized methods and procedures that minimize the effect of change-related incidents within the IT and ICS/OT environment. It’s the process by which IT and ICS/OT administrators track and identify changes that occur within an environment. This process generally ensures that only authorized modifications are made to an item to mitigate risks. It defines the communication and rollback plans by which the change will be executed and that all modifications are well-planned and executed. Strive personnel have decades of experience developing policies, procedures, and processes surrounding change management. We also offer state-of-the-art change configuration management software integration and testing.
Risk Management Frameworks
Risk Management Frameworks provide a process that integrates security, privacy, and cyber supply chain risk management activities into the system development life cycle. The risk-based approach to control selection and specification considers effectiveness, efficiency, and constraints due to applicable laws, directives, executive orders, policies, standards, or regulations. Managing organizational risk is paramount to effective information security and privacy programs; the RMF approach can be applied to new and legacy systems, any type of system or technology within any organization regardless of size or sector. Strive will work with your organization’s stakeholders to design and implement an effective risk management framework within your organization.
In the event of an outage or disaster scenario, your organization needs to have confidence in the ability to recover quickly in production environments. Strive can develop policies and processes, design, implement, and test disaster recovery solutions to minimize the impact to your ICS network and quickly return you to production.