OVERVIEW
You know that feeling when some new IT guy rocks up on site and tells you to enable automatic software updates on your industrial control system? Yeah, so do we. That’s why we’ve invested heavily in our OT security capability, to make sure neither of us ever have to deal with that again.
OT & IoT Security Services
Risk Assessment
It is impossible to ensure the effective ongoing operation of your critical systems without an understanding of your specific risks. Our expertise helps you to go beyond generic/boiler plate approaches, which may ‘tick the box’ but not address the underlying and specific risks to your operational context.
Security Health Check
With cyber-physical systems being among the most commonly targeted, it is vital to get a clear picture of your system’s health. We have extensive experience in delivering availability-focused security assurance services to clients operating sensitive and highly-targeted OT and IoT systems. We have expertise in various technologies, including SCADA, ICS, IIoT, and smart systems/devices.
SOCI Compliance
The recent changes to Australia’s Security of Critical Infrastructure Act (SOCI) have broadened the definition of Critical Infrastructure to include a much larger number of sectors and enforce stricter security standards. We can assess your SOCI applicability and help you implement a strategy to maintain compliance, including cybersecurity roadmaps, asset identification, and critical infrastructure risk management.
Threat Modelling
Threat modelling is an important input into understanding your operational context and developing ‘fit for purpose’ threat mitigation measures. We have expert practitioners in this domain with in-depth threat assessment experience across a wide portfolio of operational technologies.
Resilience Assessment
Resilience is a vital component of your protection strategy. It provides for an organisation’s capacity to anticipate, withstand, and recover from an extreme cyber event. Anchoram have developed a proprietary methodology on resilience assessment, based on published academic papers written by our own associates.
How cool is that?
Regulatory Audits
It is crucial to audit your security controls in order to ensure they are effective; especially for systems that bear catastrophic health, safety, security, or environmental risks. We are qualified and experienced in all aspects of critical infrastructure compliance, including those related to SOCI, TSS, FATA, and FIRB (including audits of OT assets).
Why Anchoram?
Anchoram have capability in strategic planning and advisory services that cover the end to end project lifecycle. Our associates are appropriately qualified with senior practitioners who can help public and private sector organisations with all aspects of protective security. This extends from development of policy and guidance to detailed implementation, frameworks, and processes.
Integrated Security Services
The importance of staying one step ahead of developments in cyber is paramount for security today. Transformative technologies demand constant vigilance to achieve the confidence and resilience necessary for progress.
Penetration testing provides assurance that systems and their respective security controls are working as intended, and are not susceptible to exploitation.
Attack simulations are designed to test the strength of your security mechanisms by simulating an attack on your infrastructure.
Security reviews identify existing vulnerabilities and provide insight into how they may have manifested, as well as determining strategies and techniques to avoid future vulnerabilities.
Operational Technologies like ICS and IoT are both highly specialised and highly targeted, so managing the threats to these systems is essential.
A clear and robust protective security strategy avoids reactive and expensive decisions. Securing your reputation is a key to ensuring both operational and financial prowess.
The security of transport systems is an important part of keeping passengers, operators, and expensive cargo safe from malicious threats. Know your risks.
The Australian Signals Directorate (ASD) administer the Information Security Registered Assessors Program (IRAP) to ensure that entities can access high-quality ICT assessment services. We are experienced and trusted IRAP assessors, fully endorsed under the recently renovated scheme.
Practice Lead
Dr Jordan Plotnek
Integrated Security
Integrated Security
Jordan is sought after for giving mission-focused advice on the cyber risk and resilience of critical and classified systems.
Jordan is Anchoram’s Lead Partner for Critical Infrastructure. They are a qualified engineer, hold a PhD in space systems resilience, and regularly publish papers on critical infrastructure protection.
Over the past decade, Jordan has served in senior cyber security positions on projects worth up to $4B for aerospace, defence, utilities, transportation, and mining organisations in Australasia, Canada, and the Middle East.