Industrial Cyber Security

Enabling Industry to build and maintain cyber resilience for the connected operational enterprise of tomorrow.

As technology continues to evolve at an unprecedented pace many businesses are embracing these developments to help enhance their operations in order to deliver greater efficiency, optimise their assets and improve safety and sustainability. However, these enhancements are bringing with them a raft of security challenges.

The Challenges

IT-OT Convergence

This transition from closed to open systems has generated a slew of new security risks that need to be addressed.

Evolution of threat landscape

The threat landscape is evolving, becoming more sophisticated and doing so at a faster pace than many organisations can keep up with. According to The annual IBM X-Force® Threat Intelligence Index Operational technology (OT) attacks surged 2,000% year-over-year.

Failure destroys brand reputation

The cyber threat and possible impact it can have on critical infrastructure and operations has placed an even greater board level focus on OT Security. Failure to manage or mitigate such threats is well understood to significantly impact on reputation as well as shareholder value.

Helping critical infrastructure and industrial enterprises to build and maintain persistent Cyber resilience for the interconnected industrial systems of tomorrow.

Increasing Pressure

Industrial businesses are being pressured from multiple angles to take advantage of these new technologies whilst maintaining Cyber resilience. For companies managing these OT environments this is resulting in a number of concerns and challenges.

Compliance & Regulation

Shortage of skills

Managing legacy equipment

Disruption to operations

Constrained resource

74%

Of businesses don’t have current OT risk assessment

78%

Of companies don’t have OT-specific security policies*

81%

Of businesses don’t have an OT-specific security incident response plan*

Our Holistic Approach

Our end to end security approach is built on 5 key pillars – with each stage ensuring businesses are either able to anticipate and prevent security risks, or respond to managing threats in urgent situations. Furthermore, this aids organisations to express their management of cyber security risk at a high level and identify clear risk management activities.

What’s more, we can work with you whatever the size or scale, whether delivering standalone consultancy; embedded as part of a larger support contract; or delivering a full end-to-end managed service.

Our Verticals

As threats targeting critical infrastructure increase, choosing the right advisor and technology partner to secure your systems has never been more important. Our comprehensive portfolio of services & solutions are delivered by OT and industrial security experts with a demonstrable track record and over five decades of experience in the development and support of Industrial Control Systems (ICS) for customers in security-critical sectors.

Oil & Gas

Nuclear

Process Industries

Water

Chemicals & Pharmaceuticals

Power Generation

Manufacturing

Transmission & Distribution

Our Services

Our comprehensive portfolio adds value to any stage of the OT security process – wherever you are in your journey – from risk assessments and training, to advanced real-time vulnerability management and service recovery.

Process based Cyber Security Management System (CSMS) Compliance

Capula’s cyber security compliance assessment services are targeted at organisational level management processes to identify the applicable requirements (defined for example in laws, regulations, contracts, strategies and policies) to asses the state of compliance, assess the risks and potential costs of noncompliance against quantified remediation control deployment and prioritise remediation based on the most impactful correcitve actions necessary.

Performance based CSMS risk assessments

Capula risk assessment services identify and analyse where risks might adversely affect the realisation of the organisations objectives. We then report on prioritised, quantifiable risk treatment to bring risks to an acceptable level.

Our bespoke Secure Platform Management services include:

Real-time vulnerability management

Capula security services consulting team work with organisations to build an up-to-date list of all plant assets, services, protocols and data communication paths.

Processes are then set up to monitor for anomalies such as new devices being plugged into the network, unauthorised programming, destructive malware and network scanning.

Secure platform management

TCP/IP and digitalisation have allowed existing IT cyber security issues to span into control systems, resulting in cross-sector issues that now affect all IACS environments.

Active/Passive infrastructure health check

Capula periodic scanning includes detecting and classifying system weaknesses in networks, communications equipment and computers. They also predict how effective countermeasures are in case of a threat or attack.

Secure architecture and design

Capula architecture and design services helps organisations to develop and implement a security program for the protection of their critical infrastructure that follows a defence-in-depth strategy. This defines the implementation of layered security controls to defend systems against different types of attacks.

Security Incident and Event Management (SIEM)

Capula SIEM security consulting services help organisations architect and implement a ‘single pane of glass’ administered, centralised logging and correlation solution. So defenders can find anomalous patterns of usage and qualify possible security and compliance threats.

Service recovery

Despite best efforts, it is highly likely there will be loss of a device or server containing critical data. Therefore, all system program parameters are set too secure values with secure settings and the system is fully tested and functional.