OT Cyber Security

Overview

As industrial systems become increasingly connected, the attack surface for operational technology (OT) environments continues to grow. Deftec provides comprehensive OT cybersecurity services designed specifically for the unique requirements of industrial control systems — from SCADA and protection relays through to energy management systems and field devices.

Our team delivers end-to-end cyber security design for critical infrastructure, including security architecture, risk assessment, technical specification, and the full assurance pathway through to handover. We work to IEC 62443 Security Level 3, AESCSF, and SOCI Act requirements.

What we deliver

Security architecture design

We design defence-in-depth OT network architectures based on IEC 62443 zones and conduits. This includes defining security zones with target security levels, specifying conduit controls between zones, and producing the architecture diagrams and data flow documentation needed for compliance and assurance.

Our designs address network segmentation via VLANs and ACLs, firewall rulesets with deny-all/allow-by-exception policies, data diodes and unidirectional gateways for critical external interfaces, DMZ architecture for safe IT/OT boundary management, and secure remote access paths with jump hosts, MFA, and session recording.

Risk assessment

We conduct structured cyber risk assessments aligned with IEC 62443-3-2, covering all security zones and conduits. Our assessments identify threats, vulnerabilities, and consequences specific to your OT environment, and map controls back to each risk — providing full traceability from threat through to mitigation.

Risk registers include zone-level and conduit-level analysis, consequence registers with standardised impact categories, and threat–vulnerability–control traceability matrices.

Technical specification

We produce detailed cyber security technical specifications that define mandatory controls for your project. These cover security architecture requirements, access control and identity management (AD, RBAC, MFA, PAM), system hardening and baseline configurations, secure communications and encryption, data protection and backup strategy, configuration and version control, monitoring and incident response, supply chain security and vendor obligations, physical security integration, business continuity and disaster recovery, and compliance and audit requirements.

Each control is traceable to its source risk and mapped to the applicable standard — IEC 62443, AESCSF, or SOCI Act.

Compliance and frameworks

We design to and demonstrate compliance against the frameworks that matter for Australian critical infrastructure:

• IEC 62443 — Zones, conduits, security levels (SL3 for OT), secure development lifecycle (4-1), and component conformance (4-2)
• AESCSF — Security Profile 1 baseline with maturity assessment across all domains
• SOCI Act — Risk management programs and incident reporting for critical infrastructure assets
• ACSC Essential Eight — Applied to enterprise-adjacent systems for uplift and consistency

Assurance and acceptance testing

We define and support the full assurance pathway — from factory acceptance testing (FAT) through site acceptance testing (SAT), penetration testing, and compliance validation. Our handover packages include test procedures, evidence checklists, secure configuration checklists, and compliance validation matrices.

Monitoring and incident response

We specify centralised logging and SIEM integration, intrusion detection systems, firewall deep packet inspection for SCADA protocols, and detection use cases tailored to OT environments. Incident response plans cover classification, escalation, regulatory reporting under the SOCI Act, and coordination with business continuity and disaster recovery.

Industries

• Power generation and energy storage
• Mining and mineral processing
• Water and wastewater utilities
• Heavy manufacturing and industrial processing