Our OT Security solution is designed to help organisations protect organisations from attacks against Operational Technology (OT) and Integrated Control Systems (ICS), and if they should occur how organisations can quickly control attacks and effectively return to full operations. We cover from assessment to remediation as well as skills development.
Operational Technology is critical because if hackers get into elements of your Integrated Control Systems such as Distributed Control Systems, PLCs and SCADA, they could cause an outage or security breach resulting in product recalls, diminish brand loyalty, regulatory fines and lost revenue.
- Removal of air gaps: previously air gapped ICS have become connected to the internet driven by desire to improve operational efficiency and enable remote working.
- Process digitalisation: To deliver greater operational efficiency, many companies are increasing the number of wired and wireless sensors and actuators which creates a greater attack surface.
- Legacy control technology: many organisations have older technology with obsolete security measures that are vulnerable to attack when air gaps are removed.
- Organised crime and criminal market places: the dark web has developed into a sophisticated criminal marketplace with hacking and ransomware kits available to buy as well as hacking as a service.
- Evolution of hacking techniques: just as cyber security techniques advance so do hackers which means what is secure today may be insecure in a short period of time.
- Geopolitical pressures: increases in geopolitical tensions mean that in many countries state sponsored cyber-attacks are becoming more common on critical national infrastructure targets
- Regulation: to face the emerging threats, many governments are introducing regulation for critical national infrastructure requiring more robust cybersecurity for their systems.
- Cybersecurity skills and knowledge: There is a general challenge to recruiting and retaining staff with the necessary cybersecurity skills.
Thales’ approach to addressing OT Cyber Security is a journey, where Thales aims to support our customers in incrementally improving their OT security posture via a range of different services.
This suite of services can be considered as modular, meaning Thales is able to provide support wherever you are in the journey, and in any combination that proves most practical for your unique landscape and objectives. Our support can range from fixed and discrete work packages, to embedding teams within organisations; providing complete flexibility to allow our clients to achieve their individual goals.
Cybels OT Security by Thales is a complete cyber security solution for all of your operational technology, consisting of four interlinked stages - Aware, Enact, Resilient, Vigilant. Of course, because your OT is unique we tailor everything to your specific requirements.
Thales is an OT security industry leader and as such has detailed knowledge of international standards and also their direction.
The Thales approach is not just an extension of IT security approaches. Thales has designed tailored OT Cyber Security service offerings specifically for OT security with implementation experience across multiple industries. Thales understands that every OT system is different and an open mind approach is employed to technologies within the OT environment and the teams and staff interacting with them.
Thales’ core expertise is manufacturing and system integration. Thales run and integrate OT systems across the globe as part of delivering safety and mission critical systems. Our key personnel are experienced engineering specialists with a background in OT control systems and Cyber Security.
With multiple units and control systems from several ICS (Industrial Control Systems) vendors likely to feature at each site, unbiased assessment and recommendations ensure the programme is focused on delivering client objectives.
Thales are vendor agnostic. There are no restrictions or bias towards particular ICS OEM’s, hardware or software vendors. Thales focusses uniquely on challenges to the OT sector, with no pressure to sell other Thales products and services into client IT or OT departments.
Thales’ only goal is to achieve the best possible coverage, quality and deliverables. Thales provides completely independent assurance without any motivation to either maintain or increase its position as an OT security vendor.
Thales is one of only six organisations who are accredited by the NCSC to provide Cyber Security Consultancy into the CNI sector. Thales also achieved national certification for Risk Assessment and Risk Management services. This means that our organisation, processes and consultants have been assessed and certified by the UK National Cyber Security Centre (UK Cyber Technical Authority) in providing expert, trusted, and independent guidance based on industry best practice. This serves to provide confidence that our services meet the highest industry standards.
Through our previous and on-going delivery of OT security projects for manufacturing and CNI organisations across the globe, Thales understands the complex challenges involved in increasing OT security and resilience. Thales has worked with multiple clients in the CNI, FMCG, Automotive, Transportation, Manufacturing, Utilities, Petrochemical, Pharmaceutical, and Defence supporting their journey to an appropriate level of Cyber Security. Examples of industries where client are actively engaged are below:
FMCG
Thales is supporting multiple global OT Security Programmes, providing OT technical understanding, high quality assessments and outputs driven by Thales’ partner based approach and impartial recommendations This includes the delivery of onsite ICS/OT system technical assessments, focused on technology, for whole infrastructure and/or selected ICS/OT systems installed in Operations plants around the world. Following our initial engagements Thales’ scope tends to increase for example to include: creation of security blueprints against key OT security controls, implementation of model plants and business case creation to support global programme strategy, SOC strategy advice and development work, OT training support, assurance activities, secure by design support, etc.
Nuclear Decommissioning and Reprocessing Facility
Thales supported a programme for the UKs largest Nuclear Decommissioning and Reprocessing facility to develop OT Protective Monitoring solutions for plants operating in highly safety critical environments.
Multinational Electric Utility Company
Typical of any large critical operational sites, these sites are made up of networked legacy systems, hardware, and processes. Thales was engaged to audit, understand and document the systems, and network architecture at each site to identify areas of risk, and empower the organisation to take steps to secure their operational environments.
Petro-chemical
With a large international estate and complex network of plants, this industrial leader has chosen Thales to build and run a dedicated converged IT/OT SOC, through Thales dedicated MSSP service.
Global Polymer Solutions
Thales is the global OT Security Program partner. Initially focusing on priority sites, our customer is looking to build capabilities (technology or process) for OT asset and infrastructure discovery in order to risk-prioritize, execute critical remediation initiatives, and design and implement a global programme to rapidly and practically secure operations.
Large Middle East Petrochemical company
One of the largest petrochemical companies in the Middle East, Thales was engaged to conduct a parallel assessment against NIST CSF, Forrester and National Government assessment frameworks. We developed an assessment methodology that combined the requirements of all of the frameworks, capable of capturing, assessing and reporting against all of the relevant standards
Health sector
A world leader in the field of in-vitro diagnostics, serving more than 160 countries, has selected Thales as its preferred partner for supporting a cutting-edge industrial transformation. As part of the scope of work delivered by Thales we will ensure the operations are cyber-resilient by performing integrated IT-OT continuous monitoring.
Large multinational, global market leader in the pharmaceutical industry
A comprehensive IT/OT Convergence and Monitoring project is being conducted across a sizeable proportion of their global site base. This deployment includes OT SOC integration, as well as governance and training activities for the customer's internal cyber, operational and senior management teams in order to raise the level of awareness concerning OT Cyber security threats.
Transportation sector
Our customer operates and maintains urban and interurban transport networks in 13 countries on 4 continents. For the Paris region, Thales is providing converged IT-OT continuous monitoring from our 24/7 SOC in France. Our teams are ensuring people’s safety at a time of increased pressure on the transportation sector to secure their systems against a targeted cyber-attack.