Method Functional Safety

What happens when you connect OT to IT Corporate Networks?

What happens when you connect OT to IT Corporate Networks?

Organisations are connecting Operational Technology (ICS / IACS / Scada, PLCs, DCS) to corporate networks for good business reasons but this can expose legacy technologies to malicious attack from the internet.

Regulators are now taking a close interest in how those risks are being managed.

Cyber security standards for IT are unsuitable for OT environments, for example having insufficient treatment of safety aspects. Standards for OT are emerging, such as the international IEC-62443 family and within the UK the HSE’s OG-86 guidance to its inspectors, which is based on the NCSC’s Cyber Assessment Framework. Also, regulatory requirements for providers of critical services came into force in 2018 with the NIS Directive.

Method Cyber Security has been working with its clients and with those developing standards in this quickly changing and maturing topic. =Method offers a range of tried and tested services that provide clients with sufficient knowledge and understanding to manage the cyber security of their OT systems, to meet regulatory and business needs.

Cyber Security Management Briefing

Cyber security of OT can appear daunting and confusing. Method Cyber Security can provide clients with focused, tailored and succinct senior-level workshop-based briefings to explore with busy senior executives the impact of cyber security threats and risks to their business. A key message from the emerging regulations and standards is that organisations are now expected to understand and manage the cyber security risks of their OT systems.

Cyber Security Audit

The Method Cyber Security Audit is an inspection of a client’s approach to IACS / OT security. Mainly based on the requirements of OG86, it simulates the kind of inspection that an HSE Specialist Inspector would carry out and highlights key areas for improvement. The focus and depth of the audit is tailored according to the maturity of the client’s cyber security management system.

Cyber Security Risk Assessment

The Method Cyber Security Assessment is in-depth assessment of the cyber security risks to a client’s OT. It supports the client in selecting the appropriate combination of technical and non-technical risk-reducing controls, for later implementation by the client within its cyber security management system.

Cyber Security Consultancy

Method Cyber Security Consultancy is always customised to the client’s needs. For example, some have asked for specific guidance and support to develop the cyber security policy documents that HSE will expect to see. Other clients have sought advice on producing a Simple Network Diagram that documents and explains their defensive architecture – another key artefact for an HSE inspection.

Cyber Security training

=Method also runs a Cyber Security Risk Management training course that align with the briefing, audit and assessment described above.


Title: What happens when you connect OT to IT Corporate Networks?
Date: 2019-02-08
Published by: Method Cyber Security

[More Cyber Security news]

IChemE approved OT Cyber Security training course

The =Method Cyber Security Risk Management training course is approved by the IChemE.


NEW Live Online Introduction to OT Cyber Security Training Course

​ =Method has introduced a new 1-day Introduction to OT Cyber Security Training course.


If a system isn’t Cybersecure, you can’t rely on it to be safe

Throughout the operational life of a process plant controls and safety systems are designed and implemented to perform reliably, consistently and predictably but if a system isn’t secure, you can’t rely on it to be safe.


NIST Cybersecurity Framework

​The National Institute of Standards and Technology is a US governmental institution (part of the US Department of Commerce). The NIST Cybersecurity Framework was initially published in 2014 (v1.0) and updated in 2018 (v1.1, current).


If it is not (cyber) secure, it is not safe - Mike StJohn-Green, CEng FIET, Technical Director, Method Cyber Security

The first reported cyber-attack on a Safety Integrated System demonstrates that systems important to safety need cyber security measures to avoid their safety arguments being invalidated. But there is a broader justification: cyber security risks arise as a direct result of the nature of networked digital technology, which renders existing safety analysis inadequate to mitigate those risks.


OT and IT Cyber Security combined training discount

Method is encouraging IT and OT Cyber Security teams to develop a common understanding of Cyber Security issues.


If It Is Not (Cyber) Secure, It Is Not Safe

Mike StJohn-Green and Dil Wetherill are presenting a paper on Cyber Security at Hazards 29.


What is the relationship between IT and OT Cyber Security?

The effective management of Cyber Security for Industrial Control systems requires cooperation between an organisations IT and OT functions.


E: T: 44 (0)1462 713313. W: