We are industrial cybersecurity experts who come from production and manufacturing.
Focus on your operations while we manage your OT cybersecurity for a fraction of the cost of implementing it yourself.
ICYMI: In 2020, more Operational Technology (OT) vulnerabilities and publicly disclosed vulnerabilities were reported than any prior year.
Whether the operational technology/industrial control systems (OT/ICS) environment is operational, or in the development stage, Red Trident provides practical, comprehensive, and manageable cybersecurity solutions that align with the your mission objectives and business processes.
Red Trident tailors a cybersecurity program and various solutions to secure your site-specific OT/ICS environments.
Integrating a cybersecurity program for the OT/ICS environment can be challenging for an organization that does not have in-house expertise. RTI specializes in cybersecurity program integration and guides the organization to adopting the appropriate cybersecurity frame for the environment. The cybersecurity program and framework provide a solid foundation to secure the organization’s assets. In return, the organization reduces risk of system penetration from outside attacks, man-in-the-middle attacks, insider threats, data (corruption, interruption, loss), unauthorized access, etcetera – resulting in compromised safety, production downtime, reduced product quality, and other negative side effects from poor cybersecurity program structure.
RTI supports the idea of security through compliance by laying solid foundation with a cybersecurity program, business mission requirements identification, and security control framework adoption.
Why Energy Industry Leaders Choose Red Trident for their Cybersecurity
RED TRIDENT CYBERSECURITY PROGRAMS. CLICK EACH TO LEARN MORE
First Steps to a Cybersecurity Program
Organizations often start a cybersecurity program by performing a cybersecurity risk assessment of the environment. Cybersecurity risk assessments do not bring a significant value to the organization when the organization has not fully implemented the components of a Cybersecurity Program. Basically, assessing an IT/OT/ICS system without cybersecurity program components in place is a waste of time and money. Organizations pay 5 to 6 figures for an assessment when a program does not exist or partially exists resulting in little or no benefit to the organization. The assessment results repeatedly end up “There is insufficient evidence to determine compliancy of the security control.” In other cases, the assessment appears complete, but the results and/or risk ratings from the assessment do not align with the organization’s enterprise risk framework and/or lines of business. Assessing an organization where the Cybersecurity Program does not map to a Business Impact Analysis (BIA) or does not have the required components for a Cybersecurity Program result in a strain on the organization’s valuable resources.
RTI approaches first steps of a cybersecurity program slightly different than other companies. RTI’s first steps to building a cybersecurity program begin with a Cybersecurity Program Readiness Review (CPRR) pre-assessment. RTI asks 4 questions in the pre-assessment stage:
Where is the organization is relation to a robust cybersecurity program?
What are the differences between the standard recommended components of a cybersecurity program and the organization’s program? Another works, what are the GAPs?
In what order and how to apply the results from the GAP analysis to benefit the organization?
How to implement and monitor the answers to previous questions that best supports the organization?
RTI’s method discovers where the organization’s cybersecurity program maturity level is currently, performs a gap analysis to determine what the differences are against recommended cybersecurity program components, prioritizes a list of actions on how to implement a program, and provides a cybersecurity program execution. The results of the CPRR guides the organization to focus available resources to develop a cybersecurity program to increase security of critical assets and mitigate cybersecurity risks. The report brings awareness to the organization’s executive management and provides a pathway and strategy to build a robust cybersecurity program.
Modular Approach | Roadmapped Milestones
Where does an organization start in a maze of options, issues, questions, and potential directions in building a cybersecurity program? These are the typical questions RTI finds when entering into an engagement with a client. RTI commonly encounters an adoption of technical solutions that are un-sustainable or there are no plans to maximizes the effectiveness and contribution to increase the return on investment (RoI).
As a company, RTI practices a “systems of systems engineering” philosophy. Meaning that one technical, administrative, or physical solution contributes to other present or future solutions. Strategic planning and implementation of a cybersecurity program assists security management personnel develop valuable metrics that benefit the organization’s mission goals and business objectives. A cybersecurity program provides the ability to focus on monitoring the security and compliance of a particular section of an organization, quickly return to service business-critical processes, and/or fail-over capabilities to prevent system downtime.
In response to the complexities of building an OT/ICS cybersecurity program, RTI developed a modular approach to assist organizations in converging the IT and OT/ICS environments. The process consists of 6 phases with each phase consisting of modules:
- Discovery: consists of tasks to determine the cybersecurity state of the environment.
- Cybersecurity Program: consists of tasks related to building a cybersecurity program (e.g. writing policies, safeguard selection, risk management framework selection).
- Network Design: consists of designing a network that integrates with the current network as much a possible or design a new network that provides layered security to protect the environment.
- Implementation and Cutover Plan: consists of items to get the system up and running (e.g. Bill of materials, pre-deployment tabletop exercises, and an implementation plan.
- Acceptance Testing: includes penetration testing and cybersecurity vulnerability testing.
- Continuous Improvement and Monitoring – includes incident response capabilities, penetration testing, and on-going support activities to sustain the production and security requirements of the environment.
RTI realizes that building a new architecture or integrating into an existing design is a costly investment that requires a substantial time commitment. That is the reason RTI developed the modular approach. Organizations can plan a solution that controls the costs and time to fit the specific need of the organization.
Bespoke Site-Specific Cybersecurity Programs
Often organizations think compliancy means security. However, that is far from the case. An organization may meet the compliancy requirements driven by government, regulatory, laws, standards, or internal policies, but still have weakness in their cybersecurity defenses. For example, an organization may have compliancy with undiscovered and/or unmitigated vulnerabilities leaving the organization with a false sense of security. In addition, some organizations relax in increasing information security assurance on critical assets because organizations focus on meeting compliance requirements, rather than adopting standards that align with the organization’s mission goals and business objectives.
The organization needs a cybersecurity risk strategy that includes a business impact analysis (BIA), a consideration of risk, and the selection of security safeguards. The BIA helps identify and prioritize the critical information, assets, and services. In addition, the BIA helps determine the risk appetite and return to service thresholds for the organization. The risk-based consideration to protect the confidentiality, integrity, availability (CIA) of the organization’s information help determine if the categorization of the information is critical, high, medium, or low. The risk-based CIA determination drives the appropriate selection of safeguards, and the tailoring of the security controls. The cybersecurity risk strategy is the first step to develop a bespoke cybersecurity program for the organization.
Whether the organization has cybersecurity compliance requirements driven by government, regulatory, laws, standards, and/or internal policies, RTI can assist the organization to meet compliancy requirements and secure the environment. It all starts with a cybersecurity strategy to build a solid cybersecurity program driven from the organization’s executive level. A good program focuses on risk and safeguards to maintain critical services instead of deploying unnecessary security controls for compliance. It is important the organization understands what they are trying to protect, and laser focus their resources to protect the critical mission and business processes.
RED TRIDENT CYBERSECURITY ASSESSMENT SERVICES. CLICK EACH TO LEARN MORE
ICS Vulnerability Assessments
Automated and manual assessment performed on-site or remotely (if possible) to identify vulnerabilities, misconfiguration, and gaps against OT security best practices. This process falls into the “Identify” phase of a cybersecurity program and highlights areas of mitigation, improvement, and risk reduction for an organization.
- Identifies vulnerabilities and misconfiguration of ICS hardware, software, and networks
- Provides a clear picture of connectivity and networked assets
- Identifies risks associated with existing processes, standards, and personnel
- Identifies current capabilities to protect, detect, respond, and recover from attacks, security anomalies, or incidents
Penetration Testing
Penetration testing can be scoped to mimic external attackers targeting OT environments from the Internet or from the corporate environment to identify pivot points into OT networks and systems. Red Trident adheres to strict rules of engagement and will not perform any testing that negatively impacts production operations.
- Identifies points of entry into ICS networks and systems
- Emulates real-world attack techniques
- Can be used to validate visibility of ICS environments
Application and Product Security Assessments
Red Trident’s application security assessments provide thorough testing integrated with existing development environments that can be leveraged to identify defects throughout the software development lifecycle. Our experience in testing and securing code for ICS software and firmware brings expertise that will drastically reduce risk in your software before it’s deployed to operations and safety-critical environments.
- Static Analysis
- Dynamic Analysis
- Penetration Testing and Exploitation
- Assessments of ICS software, firmware, and hardware product development
- Secure Software Development Lifecycle Assessments
Red Team Exercises
Physical and logical attack campaigns that simulate real-world tactics, techniques, and procedures to break into an organization’s infrastructure and move throughout the environment. This testing challenges and evaluates existing physical and logical security measures and technologies in place and helps the organization understand how they people, processes, and technology will stand against attacks of various scales.
- Social Engineering
- Physical Red Team Exercises
- Real-world attack simulation to identify detection and response capabilities
Incident Response Capability Assessment
A key component of any OT cybersecurity program is incident response. If you have an incident response team, plan, or playbook in place but don’t know how your organization would respond to a severe incident, Red Trident can help. If you haven’t yet documented or built an incident response capability, we can help there as well.
- Tabletop exercises to evaluate and document gaps in response capabilities, tools, and processes
- Identify response effectiveness against real-world attack scenarios
- Identify risks in communication, planning, and logistics during an incident
- Alignment of Business Continuity Plans to respond effectively to cyber events
- Scenarios targeted to your organization based upon threat intelligence and your critical risks and concerns
Operational Continuity and Recovery Assessments
Ensuring an organization has the ability to continue operations or recover is critical to limiting the impact of an incident in ICS environments. The baseline of ‘what is in place’, should be fully understood and all of the components of operational continuity and recovery should be evaluated. This includes the plans, personnel, procedures, backups, spares, and redundancy. The following are areas of focus when evaluating documentation and the environment to which it applies:
- Personnel
- Communications
- Technology Issues
- Facilities
- Manual Operations
- Redundancy of Control, Operation, and Supervision
- Critical Spares
- Software Version Control
- Data Recovery
- Backup and Recovery
- Procedures
- Backups and business tolerance for each of these areas
Asset Discovery and Inventory Services
In order to implement a security program around production OT environments, you must understand what you have. This includes systems, software, policies, processes, and personnel. Red Trident can assist you in taking the first step by identifying, documenting, and building a repeatable process towards asset discovery and inventory.
Security Architecture Reviews
Whether you have brown field OT environments or are moving to green field, it is critical to understand security risks in architecture and network design and how to mitigate those risks. At Red Trident, our expertise in network architecture design can identify shortcomings in existing OT network architecture or even provide input from the start of the design process for a new OT environment.
- Brownfield Architecture Review
- Early Design phase engagement
- Security Acceptance Testing and Design Reviews
- Support for remote access and digital initiatives
ICS Compliance Assessments
Red Trident’s cybersecurity team has extensive experience in many OT environments including wastewater, power and utility, oil and gas, maritime, and manufacturing. Because of this, we can support cybersecurity assessments focused on regulatory, standards-based, or contractual requirements.
- Frameworks and Standards
- Regulatory compliance requirements
- Contractual compliance requirements