Operational technology (OT) security services

Helping you protect OT and industrial control systems from security risks

Adversarial attacks are increasingly targeting the operational technology (OT) that underpins critical infrastructure operations. Preventing these attacks from affecting the safety, reliability and resilience of your operations requires carefully integrated security measures. 

But securing these often mission-critical systems can be challenging for organizations with insufficient visibility into OT-specific security risks and regulatory requirements.

Our teams of engineers, security specialists and former operators help you gain a panoramic view of your OT security risks. This lets you identify new threats faster and prepare, respond and emerge more confident from OT security incidents.

Our approach

Our services are about more than checking boxes. We focus on initiatives and managed services that measurably improve your security posture.

We’ll help you transform how you defend your operations with a suite of customizable services tailored to your unique business needs across risk, resilience, recovery and reputation management. Our holistic approach combines the power of your existing security controls and enhanced technology with our deep human expertise. This helps you secure your OT, IoT and critical infrastructure assets by:

  • Developing a broad security architecture, from cloud to control room, that limits gaps for adversaries;

  • Providing guidance on security leading practices and benchmarking your organization against industry peers;

  • Defining and prioritizing security initiatives in line with your risk appetite and budget;

  • Securing your networks, improving user access controls and hardening connected devices to help protect against cyber threats;

  • Enhancing your ability to protect, detect and respond to attacks with 24/7 PowerSOC monitoring and custom incident response playbooks.

 

How we can help

OT cyber managed services

Implementing the right solutions is key to defending any environment from attacks. Our advanced cyber capabilities and OT cyber managed services help you protect, detect and respond to incidents with:

  • managed intelligence-driven threat detection and response
  • network security managed services

  • OT passive monitoring and asset detection
  • vulnerability reporting and prioritization
  • Identity Operations as a Service

  • incident response, forensics and analysis

  • Training and Awareness as a Service

Cyber due diligence (CDD)

Integrating cybersecurity into your broader due diligence efforts can give you deeper insights into your operational resilience. We’ll help you understand the quality of your assets and whether they’re at risk. Our CDD services include:

  • identifying key risks using a red-flags approach

  • sharing insights into cyber risk and potential impacts

  • helping you make informed investment decisions to improve resilience

OT cyber assessments

Assessing your existing processes against proven frameworks and standards helps establish a baseline view of your assets, cyber maturity and gaps—and create a roadmap for the future. Our OT cyber assessment services include:

  • a rapid, light-touch NIST 2.0 Cyber Maturity assessment

  • an in-depth, full NIST 2.0 Cyber Maturity assessment

  • cyber assessment frameworks and standards including NIST SP800-82, NERC CIP, IEC-62443 and other applicable regulations

OT technical application reviews

Testing security mechanisms and controls lets you uncover and fix gaps that leave your systems vulnerable. Our OT technical application review services include:

  • technical application security review

  • application architecture review

  • vulnerability detection

  • penetration testing

  • overall OT security architecture review

Other OT-specific services

Understanding OT-specific cyber risks may require a deeper examination of your environment and additional remediation. Other OT-specific services we offer include:

  • onsite OT assessments

  • OT architecture and design

  • OT cyber systems integration

  • OT cyber remediation

  • passive monitoring

  • OT secure remote access

  • target operating model and roadmap

OT ad-hoc deep dives

Pinpointing and preventing OT security risks means covering all your bases—from third parties to internal vulnerabilities. Our OT ad-hoc deep dive services include:

  • third-party risk management
  • privileged access management

  • intrusion detection, threat hunting and continuous monitoring
  • cyber insurance compliance
  • end-user and executive cyber training check

PwC Canada's OT Security Lab

At PwC Canada, we don’t just help you identify and monitor your operating assets—we also help you test them in a secure sandbox environment to see how they stack up against the latest threats. Located adjacent to PwC’s Digital Resilience Center (DRC), our OT Security Lab can demonstrate:

  • Asset discovery and visibility: Try out OT monitoring tools with proof-of-concept testing, product comparisons and integrations with asset tracking products. 

  • Detection and response: Test the integration of firewalls, intrusion detection and OT monitoring tools with SIEM software and SOC procedures. 

  • Product technical review and testing: Conduct zero operational impact product and site acceptance testing and safe destructive testing (including OT penetration testing) in a near-production training environment.

Our OT Security Lab includes pre-configured environments with:

  • OT security monitoring tools

  • vendor-supplied HMIs and workstations

  • vendor-supplied programmable logic controllers (PLCs)

  • network firewalls

  • Active Directory
  • Microsoft Sentinel
  • Claroty
  • Nozomi
  • Dragos
  • ServiceNow 

Take a virtual walkthrough of our Digital Resilience Centre, which features our OT Lab, to learn how we help unite your lines of defence against modern-day threats. 

Follow PwC Canada

Contact us

Eóin Cooke

Eóin Cooke

Partner, Cybersecurity and Operating Technology (OT) National Leader, PwC Canada

Tel: +1 403 620 1618

Richard Wilson

Richard Wilson

Partner, Cybersecurity & Privacy, PwC Canada

Tel: +1 416 941 8374

Naren Kalyanaraman

Naren Kalyanaraman

Partner, Cybersecurity, Privacy and Financial Crime National Leader, PwC Canada

Tel: +1 416 815 5306

Alvin Madar

Alvin Madar

Partner, Cybersecurity, Privacy and Financial Crime and National Cybersecurity Leader, PwC Canada

Tel: +1 604 806 7603

Hide