Explore

ICS/OT Security

ICS/OT security is a horizontal specialization across Black Cell solution areas: Fusion Center, Integration, Offensive Security and Compliance.

Data-driven IT/OT convergence accelerated by Industry 4.0 increases cybersecurity exposure of critical infrastructures, especially which are responsible for human lives. Accordingly Black Cell ICS/OT is facing these increasingly pressing challenges with the appropriate humility and sense of vocation.

Our ICS/OT security service portfolio has been built around four core pillars: assess, build, measure, and enhance.

Download our latest ICS Security Feed
Get Started

How do we start

01 Assess

To make informed decisions, we need an up-to-date view of the organization’s status, capabilities, exposure, policies, and processes. While the following services can be conducted separately, they provide a complete overview of your maturity when used together.

Vulnerability assessment

For organizations that have not yet had a vulnerability assessment, we highly recommend performing one immediately. The goal is to reduce your exposure to opportunistic attacks while also receiving a comprehensive report on the security state of your infrastructure. We approach your systems using the same methods an attacker would, identifying the exact intrusion paths and steps they might take.

NIST 800-82 assessment

This type of assessment is based on best practice guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLCs), while addressing their unique performance, reliability, and safety requirements. The service provides recommended security countermeasures to mitigate the associated risks.

MITRE ATT&CK-based assessment

The analysis is based on the merged version of MITRE ATT&CK for ICS and Enterprise frameworks describing the attack techniques, tactics and procedures of industrial control units. The assessment uses a passive methodology; therefore, it does not affect ICS/OT devices. The outcome is a detection gap analysis that we compare with a sector-specific heatmap. The heatmap covers the most used attack techniques and procedures providing a prioritized risk management plan.

Submit inquiry

Explore

Next step

02 Build

Building cybersecurity resilience is a continuous effort comprising many activities. Based on the results of the assessment phase, our engineers not only recommend products and services, but create intelligent cybersecurity ecosystems for securing critical infrastructures. The sub-pillars below cover a wide range of solutions, subject to individual consultation.

Visibility

When building cyber defenses for ICS/OT environments, one of the first steps is to ensure visibility without disruption. Primarily, we secure OT environments through passive network monitoring, analyzing mirrored traffic to prevent potential disruptions. The option of active response is also available, if desired. To achieve comprehensive network visibility, we offer multiple solutions, tailored to your specific needs and environmental characteristics.

Our signature Network Security Monitoring (NSM) product offers comprehensive network traffic analysis, transforming raw network traffic into structured, easily analyzable data. Protocol analysis, metadata extraction, anomaly detection, and file extraction provide deep visibility into your network traffic.

Detection

The development of the detection pillar is a continuous effort. Black Cell’s team develops a prioritized action plan based on the MITRE ATT&CK framework, considering the most common attack techniques and procedures in our customers’ sector. Leveraging our proven and up-to-date detection rule stack, expanded with additional tailored detections, enables security alerting and anomaly detection, which is further enhanced by machine learning when integrated with our ESM product.

Alternatively, we provide Nozomi Networks solutions, renowned for their robust OT network monitoring and anomaly detection capabilities. Both options provide security that grows with you, customized to your current and future needs.

         

Hardware-Based Security Solutions

In environments where security demands are exceptionally stringent, we deploy Waterfall Security’s Unidirectional Gateways (UGW). This hardware-based solution enforces secure, one-way information flow, preventing any possibility of remote intrusion or data manipulation from external networks.

For secure remote access, a common challenge in OT environments, we implement Waterfall Security’s Hardware-Enforced Secure Remote Access (HERA) solution. Traditional remote access methods, often relying on VPNs and software-based security, introduce significant vulnerabilities. HERA provides a robust, hardware-based alternative that physically isolates the OT network from external connections. It allows authorized personnel to access necessary data and systems without exposing the core operational network to cyber threats.

Response
Black Cell’s team offers flexible support across various security domains, including fully managed services, system integration, process design, automation, and the creation of tailored security procedures and playbooks. Specifically for incident response, we provide assistance at any phase and ensure seamless integration of these procedures into your Incident Response Plan (IRP).
    Submit inquiry

    What’s next

    03 Measure

    The goal of this phase is to have a measurement that can be used to validate both areas already marked as solved and underpin the upcoming improvements. Our compliance, offensive security and detection engineering teams can be of great help in areas requiring specific expertise such as Red Teaming, organizing a table-top exercise (TTX) that might be a practical review of the incident response plan (IRP) as well. At the same time, it could be a simple PCAP-based audit with targets for teamwork and processes.

    Submit inquiry

    Explore

    Last step

    04 Enhance

    Opportunities for improvement are continuous. Once the highest-priority tasks are addressed, such as implementing baseline use cases and playbooks and reducing the attack surface, organizations can turn their focus to enhancing the entire cybersecurity ecosystem.

    What are the key benefits?

    • Comprehensive Protection – Safeguard industrial control systems (ICS) and operational technology (OT) from cyber threats with tailored security solutions.
    • Proactive Threat Detection – Identify vulnerabilities and detect threats in real time with advanced monitoring and threat intelligence.
    • Compliance & Risk Management – Ensure alignment with industry regulations like NIS 2, IEC 62443, and more, reducing compliance risks.
    • Minimized Downtime – Protect critical infrastructure with rapid incident response and robust resilience strategies to maintain operational continuity.
    Submit inquiry

    Deception

    We offer a sophisticated OT deception portfolio with a wide range of solutions. These include DNS honeypots and high-interactivity OT honeynets, which function as an early warning system to detect an attacker’s intent and motivation. Our deception-based detection is a pragmatic and efficient way to build granular detection capabilities for OT environments.

    Information security training modules

    Honing knowledge is essential. Our tailor-made information security training modules include:

    • OSINT
    • Red/Blue teaming exercises
    • OT cyber ranges
    • OT incident response
    • Forensics
    • Post incident remediation
    • Detection capabilities

    Threat hunting

    Black Cell’s OT threat hunting is an advanced service designed to uncover threats that may be lurking in your network. We use a structured approach, applying strict use cases such as retrospective analysis and detecting protocol mismatches to find threats that other security measures might miss.