OT Security Management

We support you with the implementation of security processes to protect your operations

Holistic OT Security Management with Limes Security

OT systems are increasingly being targeted by cyber criminals. Industrial plants, supply chains and networked systems are increasingly becoming targets for attackers. At the same time, regulations such as the NIS Directive, IEC 62443 or ISO 27001 are increasing the requirements, which is why companies today need clear OT security strategies and well thought-out security concepts.

Limes Security supports you at every step of your Cyber Security Roadmap, including the definition of security processes, policies and requirements, security awareness, gap assessments, maturity assessments and security testing.

Practical Experience

We work with companies from the oil and gas industry, the electricity industry, the water and wastewater industry, the automotive industry and many other sectors. In order to offer you the best possible support, we take a practical and solution-oriented approach to safety projects.

Customized Solutions

Industrial systems are as diverse as the areas of application for which they were developed. We offer you tailor-made solutions for your requirements – from individual integration projects to the development of comprehensive security architectures.

Knowledge Transfer

Our aim is not only to solve our customers’ current problems, but also to share our knowledge with them and equip them for future challenges – as an integral part of consulting projects or through targeted professional training based on our tried and tested training courses.

Asset Inventory

A list of the systems in operation with their most important properties provides a clear overview. Thanks to (partially) automated updates, this overview is always kept up to date.

Supply Chain Management

Suppliers know the security requirements and support their implementation. In the event of uncertainties or particular risks, additional mitigation measures are jointly defined.

Risk Management

Risk management must be coordinated between the industrial and corporate divisions. Risk treatment and prioritization must be ensured in view of the criticality of assets.

Patch Management

Systems are updated in organized maintenance cycles as soon as patches are available. Where timely or complete patching is not possible, compensatory countermeasures are used.

Logging/Monitoring

Security-relevant events in OT systems are logged and collected centrally. It is clearly defined which events trigger alarms and how they are handled.

Remote Access

The use of remote access software is restricted to authorized solutions. Clear specifications for secure configuration and use must be defined for these.

Hardening

Device configurations are checked regularly using predefined, secure baseline configurations. If necessary, additional compensatory measures are implemented.

Backup and Recovery

A backup procedure is defined for all systems, which is checked regularly and takes all operationally relevant data into account. In addition, there is a recovery plan that takes all essential resources into account.

Step by Step

What we recommend for your security journey

Before we implement concrete steps, we work with you to create the foundation for this: we clarify roles and responsibilities, help in securing management support and budget and gain an overview of the status quo through an initial assessment. On this base, we develop a project plan with clear priorities and measurable goals.

Initial Assessment

Identify OT boundaries & interfaces
Assess & assign critical assets
Establish a secure IT/OT perimeter with a firewall

Segmentation & DMZ

Set up IT/OT-DMZ as a buffer zone
Segment critical assets
Jump Hosts for secure access

Backup & Recovery

Backup processes for critical assets
Make the entire stack recoverable
Test recovery regularly

Asset Security

Hardening & role-based access
Patch- & Vulnerability-Management

Cleanup

Secure decommissioning of legacy assets
Complete asset database
Basic protection also for non-critical assets

Reactive Security

Establish incident handling & BCM processes
Test & improve regularly
Ensure security in procurement

Walter Hölblinger, Rosenberger Hochfrequenztechnik über die erfolgreiche Zusammenarbeit mit Limes Security

”I value the collaboration with Limes Security because it takes place at eye level.
Efficient services, no "selling as many hours as possible", valuable output and consistently professional communication make them a valued partner.
Walter HölblingerVice President Global IT

How secure is your OT environment really?

Our OT Cyber Health Check provides a structured first assessment of your current security posture and highlights potential risks.

Start the OT Cyber Health Check

Limes Academy

OT Security Trainings

Show all

Select options This product has multiple variants. The options may be chosen on the product page Quick View

ICS.201 OT Security Fundamentals
€ 346,00
Select options This product has multiple variants. The options may be chosen on the product page Quick View

ICS.205 Certified OT Security Practitioner (COSP)
€ 3.070,00
Select options This product has multiple variants. The options may be chosen on the product page Quick View

ICS.211 Certified OT Security Technical Expert (COSTE)
€ 3.350,00
Select options This product has multiple variants. The options may be chosen on the product page Quick View

ICS.212 Certified OT Security Manager (COSM)
€ 3.350,00

Frequently asked questions

What options do I have to define the risk appetite of my organization?

Many information risks cannot be calculated or measured objectively and precisely. As a rule, we are dealing with incomplete knowledge and insufficiently analyzed data. They can still be assessed, but they depend crucially on how the risks are classified. They are also not additive or multiplicative, but can reinforce each other.

Remember that unknown risks linger in your infrastructure and are unpredictable, so incident handling skills are essential.

This is not to say that a risk assessment is unnecessary, but that the results should be treated with caution. Where you draw the line between major and minor risks depends on your own experience, but also on the position of the observer. A senior manager may be more critical of risks that directly affect him or her than others. Compliance with laws and regulations usually falls into this category.

Most targeted risk treatments reduce specific risks, and only a few, such as incident handling or an effective ISMS, reduce a variety of unspecified risks.

How can I minimize the risk in my supply chain?

It is of great importance that liability is regulated in appropriate contracts with all third parties, as cyber security must be taken into account from the outset of a supplier relationship. If this is not yet the case, existing contracts must be reviewed or changes planned for renewal.

Audits to ensure compliance with contractual obligations are of the utmost importance throughout the term of the contract. Don’t be fooled by certifications. Test the boundaries and processes yourself.

How great is the risk of data loss in the event of an incident at my company?

The protection of production systems is usually the concern of operational safety experts, alongside safety and environmental protection. The consequences of production downtime are often hugely costly, not only in terms of revenue, but also in terms of trust, media exposure and quota compliance. Therefore, the loss of OT data should never be ignored.

The most important types of data include

Process information,
Trade secrets and
Customer data

We can support you in building up security capacities for dealing with incidents.

Which cyber threats affect my company?

As technology advances, many companies are using modern information technologies to increase the productivity of their business. This increased productivity can increase the attack surface of production systems if poorly implemented. For some time now, we have seen an increasing trend of targeted attacks on OT systems, such as the Maersk ransomware attack or supply chain attacks, such as Solar Winds. These attacks can lead to significant financial damage, production delays, loss of business, loss of trust and even loss of life.

Modern security regulations such as IEC 62443, ISO 27001 or the NIS2 directive take cyber security threats into account in overarching OT security strategies. Limes Security can support you with integrated strategies, both on the technical and governance side of information security.

How expensive is cyber security?

Depending on your risk appetite, which is determined in assessments, your risk profile depends not only on your industry, but also on your established security culture. Limes Security uses objective frameworks to gain an overview of business risks and the resulting vulnerabilities. These are addressed and prioritized as your company gains increasing security maturity through a cybersecurity program.

Security programs can take years to implement, so it is necessary to conduct regular security and risk assessments to address ever-changing cybersecurity threats. However, the investment must be proportionate to the risk. Therefore, the maturity level of an organization’s cybersecurity profile is assessed and tracked until it is achieved.

When asked “How much does cybersecurity cost?”, we usually answer that this depends heavily on the client’s industry, the established security culture, the current gaps and the desired level of maturity.

What will be my biggest challenge in the field of industrial cyber security?

For many companies, the biggest challenge, which is often underestimated, is the fundamental cultural change that comes with integrated cyber security. The use of modern technologies alone can improve security efficiency, but this depends heavily on user acceptance.

The human factor is always the weakest link. A lack of support from management is also one of the main reasons why an effective level of cyber security maturity is not achieved.