Cyber Security OT IT Interfaces Report

Conduct site survey and conduct a Cyber Security Assessment of the Operational Technologies (OT) and Information Technologies (IT) Interfaces including risks, proposed technical solutions and recommendations.

Project Details

  • Contract No. C232
  • Primary Service Consultancy, Detailed Design & Engineering
  • Industry Water Treatment
  • Secondary Service Cyber Security, Technical Document Authoring
  • Client DIAM
  • Start Date Mar 2017
  • Consultant or EPC Public Authority for Water DIAM
  • Contract Value ($) 16900
  • Project Location M54M+Q7M, Seeb, Oman
  • Person Hours 220
  • Execution Office Birmingham, United Kingdom
  • Status Completed

Scope of work

    Assessment of OT IT Interfaces including Risks and Technical Mitigations.

Activities

    Site Security Health Check included the following Tasks:
  • Security Gap Analysis - Targeted
  • Architectural Review - Scaled
  • Findings Report - Scaled
  • Information Gathering
  • Interviews & Onsite Inspection - Analyst 1 day at site
  • Risk Assessment - Scaled
  • Risk Mitigation Recommendations - High level general direction

Deliverables

    Actionable Cyber Security Report Including:
  • Executive summary
  • Assessment methodology overview
  • Risk criteria and threat model
  • Risk assessment
  • Prioritised recommendations and mitigations
  • Result Presentation Including:
  • Overview of the process and the results for management
  • High-level summary of the full report including identified weaknesses and recommended mitigations

Technical specifications

  • NIST.SP.800-82r2
  • CIP-002-3 Critical Cyber Asset Identification
  • CIP-003-3 Security Management Controls
  • CIP–007–3a Systems Security Management
  • CPNI - GPG - 00 Firewall Deployment for SCADA and Process Control Networks
  • CPNI - GPG - 00 Process Control and SCADA Security General Guidance
  • CPNI - GPG - 02 Implement Secure Architecture
  • CPNI - GPG - 05 Manage Third Party Risk