Security baked in, not bolted on

CGI embed principles of ISO27001 into every solution, project and partnership we undertake to ensure your security controls are world class and internationally recognised. 

Our team of cyber security experts specialise in Australian cyber security outcomes that protect your critical IT and OT network cyber security.

We help our customers protect Australia’s most valuable infrastructure assets by delivering always-on, high availability solutions that do not disrupt your mission critical services.

Through our expert talent, best practices and accelerator frameworks, we provide Risk Advisory Services, OT cyber security advice, Industrial Control Systems (ICS) and SCADA cyber security expertise and Managed Security Services. We work closely with you to ensure security controls are baked in, not bolted on.

ISO 27001

We comply with ISO 27001 in the provision of outsourcing, project and consultancy services including: development and delivery activities plus the management of people, technologies and physical security.

ISO 22301

We comply with ISO 22301 in the provision of business continuity planning and recovery management to corporate businesses, including the delivery of operational services and engagement management.

1,700+
Experienced and credentialed security specialists
combine their proficiency in best-of-breed tooling
and industry-recognised concepts
to deliver relevant advice to fit your unique needs
10+ million
Serving as an access control function for
10+ million Industrial IoT digital assets for an
industry-wide service

 

8
Security Operations Centers globally, including in Melbourne, delivering
around-the-clock cyber detection and
prevention services
 

Independently assessed as an ISG leader in cyber security

Named an Australian cyber security leader by ISG in strategic security services and managed security services, we are globally certified leaders in cyber security solutions that protect and secure mission critical infrastructure.

CGI’s cyber security services provide effective recommendations to mitigate risk and our cyber security Australian practitioners successfully deliver complex end-to-end IT and OT cyber security programs for our partners.

CGI Cyber Security Wheel. Assess the risk, Protect the business, Operate with confidence

Cyber security is part of everything we do

Although it may seem difficult to consider security while trying to innovate and extend your operations, we can help make this a reality. Our team specialise in ensuring your OT, ICS and SCADA cyber security requirements are also factored in. Our cyber security services operate in three integrated areas:

Assess the risk

We help you to assess and manage security vulnerabilities so you can be confident your organisation is secure, compliant and ready to grow.

  • Threat and Risk Management
  • Governance, Management and Compliance
  • Security Strategy Maturity and Awareness
Protect the business

We help you to build in security early, and test its ongoing effectiveness- securing the systems an organisation relies on to operate and grow.

  • Security Architecture and Engineering
  • Specialists in the challenges of OT cyber security
  • Testing and Assurance 
Operate with confidence

We help clients to monitor prevent and respond to security attacks in a reliable and cost-effective way.

Securing Australia’s critical infrastructure | OT cyber security 

Changing legislation, and a rise in cyber security attacks on critical infrastructure has better defined the obligations placed on Australian companies and citizens to strengthen our resilience against hazards and threats that impact our Australian way of life.

Australian Critical Infrastructure (CI) is all the ‘critical infrastructure assets’; the core services, businesses, organisations, institutions, and designated Systems of National Significance (SoNS), that the Commonwealth needs to ensure the ongoing operation of a modern economy and the services required to support its citizens.

We help protect your assets through a range of Australian critical infrastructure cyber security services including:

  • Security Advisory Services
  • Security Engineering Services
  • OT specialist Managed Security Services Provider (MSSP)  
  • Industrial Control Systems (ICS) cyber security services
  • SCADA cyber security services
  • Cyber security for Utilities | Cyber security for Manufacturing | Cyber security for Transportation 

Our Australian Operational Technology (OT) credentials

Operational Technology businesses have unique cyber security needs. At CGI in Australia, we have experience developed over 3 decades, partnering with OT clients. This expertise is broad and deep and includes:

  • The design, manufacture and support of our own OT technology: Remote Telemetry Units (RTU),
  • Working with many of Australia’s leading asset-intensive businesses to provide Supervisory Control and Data Acquisition (SCADA) solutions, including our own operational technology IP,
  • Enabling reliable Electricity and Gas supplies through some of Australia’s largest utility companies,
  • Monitoring water, wastewater and sewerage networks,
  • Substation automation using our Australian Developed RTU,
  • Facilitating millions of trips every year across our tram and train networks.

 

CGI in Australia - we understand OT 

Speak to a cyber security expert

Frequently asked OT cyber questions

What are the unique cyber security challenges of OT environments? 

Many OT and ICS environments rely on legacy systems which pre-date the integration of modern security protocols. Retrospective updates are sometimes ineffective, leaving, potentially business critical and national critical infrastructure systems vulnerable.

The explosion of the Internet of Things (IoT) has meant that industrial environments and equipment, once built to operate in isolated networks, are now connected to the internet, creating a range of unforeseen entry points for threat actors.

Companies with OT functions have often developed organisational structures where IT and OT operate separately, creating silos of accountability. This can lead to gaps in overall security.

What is the difference between IT and OT cyber security?

Traditionally the priorities of the two disciplines have varied. IT security professionals focus on Confidentiality, Integrity and then Availability compared to the OT security whose focus is on maintaining the Availability of the technology, Integrity and Confidentiality.

Although there are differences, there are also many similarities between OT and IT. The cyber security skills are the same – including the processes and policies for understanding the threats, performing threat hunting and responding to incidents. The surge in elements of the OT environment that now include a digital or IoT interface, and the interest the business has in the increasing amount of data generated, means that a successful approach must include the expertise of both disciplines.

What should you consider when combining IT and OT Security Operation Centres?

The IT/OT SOC presents unique challenges and rewards for security professionals. Here's a breakdown of some key learning we have gained from our client engagements:

Event Correlation:

  • SOCs receive a constant stream of IT and OT security events.
  • Understanding the combined picture is crucial.
  • For OT events, interpreting them requires domain expertise and context of the physical systems involved. This can be a steep learning curve for IT professionals new to OT security.

Collaboration is Key:

  • A strong partnership between IT and OT security teams is critical for effective incident response.
  • Without it, investigations and remediation can be slow and cumbersome.

The Right Tools Make a Difference:

  • The effectiveness of an SOC heavily relies on its security tools.
  • These tools need to be properly configured and optimized for both IT and OT environments.
  • Skilled personnel are essential to get the most out of them.

SIEM Consolidation: A Work in Progress:

  • There's ongoing debate about consolidating Security Information and Event Management (SIEM) systems for IT and OT.
  • Here's a breakdown of some common approaches:
    1. Phased Integration:

      • Many organizations monitor industrial control systems (ICS) first, establishing a baseline.
    2. Asset Discovery:
      • The next step often involves a detailed asset inventory, ensuring a complete picture of all devices on the network (both IT and OT).
    3. SIEM Consolidation Strategy:
      • The approach to consolidating SIEM systems can vary depending on organizational needs and resources. Some may choose to keep separate systems, while others may look to integrate them for a more unified view.

Overall, joining an IT/OT SOC offers a dynamic and challenging environment. It requires a blend of IT security expertise, OT domain knowledge, and a strong collaborative spirit. To discuss your organisation’s challenges with an OT cyber security specialist, contact us.

How do I develop an OT cyber security strategy?

We have developed a guide for developing a strategy for securing critical infrastructure. It is written in clear business terms, aimed at business-risk decision makers. Download the cyber security THINGUIDE to Securing Critical Information Australian Edition. If you would like a hardcopy, please send us an email.