OT security without the panic
OT cybersecurity has attracted a lot of attention in recent years - some of it warranted, some of it vendor-driven alarm. The realistic picture for most industrial sites in Central Queensland is not nation-state attackers targeting your sugar mill. It is inadequate remote access controls, unmanaged USB ports, flat networks with no segmentation, and vendor connections that nobody fully understands.
These are real risks with real consequences. Ransomware that enters through a corporate network and reaches an OT network because there’s no effective segmentation has stopped production at industrial facilities in Australia. Engineering workstations infected through an unscreened USB stick have corrupted PLC programs. Remote access accounts with broad permissions and no monitoring have been used in ways they shouldn’t have been.
The good news is that the practical controls for these risks are well understood and implementable without disrupting operations.
What we do
OT security assessments - structured review of your OT environment covering network architecture, remote access, device inventory, patch status, user access, and security monitoring. Conducted with your operations and engineering teams, not as an external audit that produces a report nobody acts on. Output is a prioritised list of findings with recommended actions, effort estimates, and a realistic improvement roadmap.
Network segmentation - designing and implementing the separation between OT and IT networks that is the single most effective security control for most industrial sites. Firewall configuration, VLAN design, DMZ architecture for controlled data sharing, and documentation of approved traffic flows. We implement segmentation in stages to avoid disrupting operations.
Remote access hardening - reviewing and redesigning remote access to OT systems. Multi-factor authentication, VPN configuration, jump server design, vendor access controls, session monitoring and logging. Remote access is the most common entry point for OT incidents and is frequently implemented without adequate controls.
Secure USB and portable media controls - practical controls for the engineering workflows that require removable media. Malware screening stations, policy for approved media, and alternatives to USB for common engineering tasks like firmware updates and configuration backups.
Patch management - developing a practical patch management approach for OT systems that accounts for vendor validation requirements, maintenance windows, and legacy systems that cannot be patched. Not all systems can be kept current - the process is about managing the risk of those that can’t.
Security monitoring - basic OT network monitoring for anomalous traffic and unauthorised connections. Passive monitoring that does not affect control system operation, with alerting configured for your environment and staff.
Vendor and contractor access controls - reviewing and tightening the access that external vendors and contractors have to your OT systems. Defining what access they need, when they have it, and how it is monitored and terminated.
Our approach
We approach OT security as engineers, not as pure security consultants. Controls need to work within the operational reality of an industrial facility - maintenance windows, production pressures, legacy systems, and engineering workflows that have evolved over years.
Recommendations are practical and prioritised by actual risk reduction, not theoretical worst-case scenarios. We implement what we recommend and work with your team to make sure controls are understood and maintainable after we leave.
Standards and frameworks
We reference ISA/IEC 62443 as the primary standard for industrial cybersecurity, and the NIST Cybersecurity Framework where required by your compliance obligations. For sites with specific principal contractor or insurer security requirements, we assess against those requirements directly.