Practice area

OT Security

OT Security
Specializes in delivering security solutions for all aspects of Operational Technology, including industrial control systems (ICS) and embedded devices

Cyber security for operational technologies

ICS and embedded devices are now core parts of critical operational infrastructure and key to emerging sectors such as smart buildings, automobiles and wearables. Commonly referred to as Operational Technology (OT), their unique constraints demand specific methodology and tools to ensure complete and effective security assessment and enhancement.

MWR InfoSecurity’s OT Security practice focuses on developing ICS hardware and vulnerability research abilities. We work with clients to help them understand the unique security risks involved and provide guidance on how they can be overcome. Our specialist knowledge also protects embedded devices and ICS against the latest physical and radio frequency (RF) attack vectors.

"From Industrial Control Systems to embedded systems in the home, OT Security helps clients make the most secure choices possible"

Rob Miller, Head of OT Security, MWR

Core Solutions

Established ICS Assessments

Analyses a deployed ICS environment to improve security by mapping current system state and external interfaces.

Through-life ICS Security

Guides the ICS development process to ensure through-life security of the environment is embedded in the design.

Black box Assessments

Third party security assessment of embedded devices. Our black box tests assess the levels of risk each product poses for an organization.

Solution Design Review

Works with developers to ensure their embedded device is designed to protect critical assets and eliminate security flaws that could mean redesign or recall.

Our thinking on OT Security


MWR to compete in Industrial Control System CTF


I predict a rIoT


SENAMI: A Hybrid Approach to Monitoring Critical Infrastructure


Making Life Difficult for Hardware Hackers


Building Automation Systems, the Forgotten Point of Access


Accreditations & Certificates

MWR is an accredited member of The Cyber Security Incident Response Scheme (CSIR) approved by CREST (Council of Registered Ethical Security Testers).
MWR is certified under the Cyber Incident Response (CIR) scheme to deal with sophisticated targeted attacks against networks of national significance.
We are certified to comply with ISO 9001 and 14001 in the UK, internationally accepted standards that outline how to put an effective quality and environmental management systems in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR is approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.
As members of CHECK we are measured against high standards set by NCSC for the services we provide to Her Majesty's Government.
MWR’s consultants hold Certified Simulated Attack Manager (CCSAM) and Certified Simulated Attack Specialist (CCSAS) qualifications and are authorized by CREST to perform STAR penetration testing services.