Establish world-class cyber risk management

Based on comprehensive and contemporary evidence

Every organisation is at a different stage in their Internet of Things (IoT) and Industrial Control System (ICS) cyber security maturity life-cyle. Just as adversaries are becoming increasingly sophisticated, organisation’s are also continually challenged to up their defensive game.

Faced with evolving threats and escalating risks, understanding and managing your organisation’s cyber defences has become essential to protecting your business.

Doing so with pace and agility is critical.

Board level responsibility

Ultimate responsibility for cyber security rests at the Board level. It is critical that businesses have a clear, objective picture of their potential vulnerabilities so that they can reinforce any weak points.

Armed with this knowledge it is possible to implement an evidence-based strategy that will mitigate risks to critical information assets and reduce the impact of security related events as they arise.

2019 saw a 2,000% increase in incidents targeting operational technology (OT)

Source, IBM security

ICS Cyber Security is for life not just a project

There is no such thing as a fully secure Industrial Control System (ICS). Hidden vulnerabilities are still possible, even after a clean bill of health from a cyber security assessment.

Cyber security should therefore be perceived as a process rather than a project.

A cyber security assessment of an ICS is viewed as a snapshot in time, however an ICS needs to be iteratively tested to take into consideration the impact of triggers such as changes to the system or an elapsed period of time.

One reason for repeated testing is that most ICS’s are built using commercial off-the-shelf hardware and software. New vulnerabilities are often discovered in the current operating systems and third-party software which make up today’s ICS’s.

It's all about cyber preparedness

Forward thinking businesses are looking to move from a passive to a more proactive strategy for ensuring they maintain cyber preparedness. Adopting a more intelligent and agile approach helps ensure that data is systematically collected; that this data then supports more effective evidence based investment decisions; and more importantly that these are prioritised at both pace and scale.

Passive

Compliance Driven

Reactive

Response & Recovery Driven

Proactive

Intelligence & Agility Driven

50%

Have experienced at least one attack against OT infrastructure that resulted in downtime in past 24 months

60%

Are worried about an attack against OT infrastructure that results in downtime to plant and/or operational equipment

90%

Of OT organisations  have experienced at least one damaging cyber-attack over the past two years*

*Source, Ponemon Institute, March 2019 – Cybersecurity in Operational Technology: 7 Insights You Need to Know

The CDCAT® tool

The Cyber Defence Capability Assessment Tool (CDCAT®)* provides a rapid yet comprehensive assessment of existing cyber defences to give users the ability to evaluate cyber security risks and to identify and prioritise risk treatment activities. Originally developed by the Ministry of Defence (MOD) Defence Science and Technology Laboratory (Dstl), CDCAT® delivers advances in cyber assessment by harnessing the strengths of multiple cyber security controls.

Inputs from commercial, military, and intelligence sources around the world including NATO, ISO 27000 together with leading independent bodies are included within CDCAT®. It combines these to generate a comprehensive set of standards which address multiple aspects of cyber risk management.

*CDCAT® is a registered trade mark of Dstl. All rights reserved.

CDCAT® benefits

Perform rapid assessments of your organisation’s systems and controls to take fast remedial action

Receive tailored advice on your organisation’s defences and cyber security spending

Develop an assured strategy regardless of your organisation’s size, systems or market

Cyber threats are continuously evolving – CDCAT®’s mitigations are continuously updated to evolve with the current threat

Ensure your cyber security spend is based on real and comprehensive evidence

Monitor the progress of your cyber defences and make repeated assessments to ensure optimal transformation of your organisation’s cyber security

Supports compliance programmes and generates evidence to support the General Data Protection Regulation (GDPR) due diligence

How does the CDCAT® solution work?

Assessments can cover a single system or an enterprise, making this a flexible toolset that achieves targeted and focused improvements based on evidence.

Why Capula?

Delivering an independent view

As an approved Cyber Defence Capability Assessment Tool (CDCAT®) assessor, we can provide an independent viewpoint that draws on over 50 years of experience working in, and delivering solutions to industrial environments. We can ensure greater uptime, efficiency and availability of your OT environments – mitigating risk, reducing the impact of vulnerabilities and establishing a framework for continual operational improvements.

Expert Consultancy drawing on 50 years experience working with OT environments including SCADA systems, PLCs, DCS, IED.

Enhanced situational awareness for your OT environment.​

Supporting businesses in achieving greater resilience and transforming for growth.

Our Verticals

As threats targeting critical infrastructure increase, choosing the right advisor and technology partner to secure your systems has never been more important. Our comprehensive portfolio of services & solutions are delivered by OT and industrial security experts with a demonstrable track record and over five decades of experience in the development and support of Industrial Control Systems (ICS) for customers in security-critical sectors.

Oil & Gas

Nuclear

Process Industries

Water

Chemicals & Pharmaceuticals

Power Generation

Manufacturing

Transmission & Distribution

Get in touch with an expert

Our Partners