OT/ICS-targeted malware
Industroyer, TRITON and INDUSTROYER2-class capabilities demonstrated by state-aligned actors against adjacent geographies.
Operational industry
Critical Infrastructure
SOCI Act-aligned OT/ICS cybersecurity for energy, water, telecommunications, transport and data-storage operators.
IT-grade telemetry. OT-grade respect for uptime.
Under the SOCI Act, responsible entities for 11 critical-infrastructure sectors carry legislated cyber-security obligations - Risk Management Programs, enhanced reporting and, for Systems of National Significance, mandatory engagement with the ACSC. Vectra designs and operates cyber programs that bridge IT and OT without asking operations to change how plant works. Our OT monitoring is passive by default, our SOC is sovereign, and our methodology aligns to the CIRMP Rules, the NIST CSF and IEC 62443.
See the services we bring to the sectorResponsible entities supported
22+
CIRMP programs delivered
15
Passive OT monitoring
Zero-touch
Co-located with SOC
AUsovereign
Threat landscape
The threats targeting Australian critical infrastructure.
Drawn from Vectra Labs research, our SOC telemetry and sector-specific intelligence from the Ensign global SOC footprint. These are the vectors we tune detections and playbooks around.
IT-to-OT lateral movement
Ransomware pivoting from corporate AD into historian, engineering workstations and DMZ-exposed HMIs.
Supply chain and vendor remote access
OEM and integrator remote-support channels used as persistent backdoors into Purdue Level 2 and below.
Data exfiltration under SOCI
Targeted theft of operational data protected under the SOCI Act, including network diagrams and SCADA configs.
Compliance
SOCI and CIRMP frameworks we align to.
Every Vectra engagement produces evidence mapped to the frameworks that actually govern your sector - not a generic ISO crosswalk.
- 01 SOCI Act (Security of Critical Infrastructure Act 2018)
- 02 CIRMP Rules (Critical Infrastructure Risk Management Program)
- 03 Systems of National Significance (SoNS) obligations
- 04 NIST Cybersecurity Framework
- 05 IEC 62443 (Industrial automation and control systems security)
- 06 AEMO AESCSF (Australian Energy Sector Cyber Security Framework)
Services
How CI operators engage Vectra.
Most engagements start with one or two of these services, then grow into a full sector-specific program. A single accountable team stays with you throughout.
Managed XDR
OT-Aware Managed XDR
IT + OT telemetry correlated by analysts who understand Purdue models.
Advisory
OT Penetration Testing
Safe, passive-first testing of SCADA, HMI and historian layers.
Advisory
Essential 8 + IEC 62443
Dual-framework uplift that maps both IT and OT controls.
Managed XDR
Incident Response Retainer
SoNS-grade response with ACSC notification support.
Advisory
Virtual CISO
Fractional leadership that can speak to both engineering and executive.
Advisory
Red Team Operations
IT-to-OT traversal testing under strict safety boundaries.
Outcomes that stand up to the Cyber Security Centre.
Measurable, reportable, auditable - every outcome tracks to a control in your sector's framework.
-
CIRMP documentation and evidence ready for Home Affairs annual attestation
-
Continuous passive OT visibility without any change to control-network topology
-
Defined IT-to-OT segmentation validated against IEC 62443 zones and conduits
-
SoNS-aligned incident response pre-exercised with ACSC liaison channels established
-
Executive reporting framed around public-safety outcomes, not asset counts
Questions CI customers ask first.
Can't find the answer here? The sector lead responds to scoping queries within one business day - usually faster.
Ask the sector team directlyWill you actively probe our control network?
No. OT monitoring defaults to passive SPAN/TAP-based collection. Any active scanning requires written engineering approval, a tested maintenance window and a rollback plan.
Can you map controls across IT and OT at once?
Yes. Our assessment templates run Essential Eight and IEC 62443 in parallel so the IT and OT control uplift tracks on one plan, not two.
Do you support AEMO AESCSF self-assessment?
Yes. We run the AESCSF assessment and produce the MIL-level evidence pack that energy market participants submit annually to AEMO.
What if we're a SoNS?
We run the extended SoNS cyber-security obligations engagement - enhanced reporting, information-gathering directions and ACSC engagement - and we pre-populate templates for Home Affairs submissions.
Security, engineered around you.
Talk to an engineer - not a call centre. Most Vectra conversations start with a 30-minute technical briefing and end with a written plan.