Australian Critical Infrastructure · OT Security
Secure the plant.
Satisfy the regulator.
Evidence the board.
NIST 800-82 · AESCSF
CIRMP evidence packs
No vendor SPIFs.
Deployed across AU.
The recurring architectural patterns in mid-tier OT estates.
Parallel paths into OT. Only one is documented.
Complex industrial environments accumulate legacy access paths. Sanctioned remote access platforms operate alongside undocumented DCS vendor jump hosts or legacy integrators’ modems. Defense begins with engineering-led discovery to map and consolidate these pathways.
CIRMP derived from an IT-centric ISMS.
Treating OT risk as a simple extension of a corporate ISMS results in generic all-hazards frameworks lacking operational depth. We engineer compliance from the plant floor up, ensuring your CIRMP attestation withstands rigorous regulatory scrutiny.
Active scanning introduced by IT-led uplifts.
Applying traditional IT vulnerability scanning to continuous process environments carries inherent risks, inducing latency across comminution and flotation networks. We architect security programs that protect the estate without disrupting the control loop.
A SOC that lacks engineering context.
Standard IT alerting models struggle to interpret routine PLC logic updates, leading to alert fatigue. We implement protocol-aware visibility providing precise engineering context, ensuring your SOC triages genuine anomalies rather than operational noise.
Built for the SOCI Act.
Ready for your CIRMP.
If you are a Responsible Entity under the Security of Critical Infrastructure Act 2018, you carry personal and organisational obligations a generic cyber advisory cannot discharge.
Vyfority designs OT programs that produce the evidence your board needs to sign the annual CIRMP attestation — and that your auditors, and the CISC, will accept.
-
✓
S.30AH Compliance
All-hazards risk management programs spanning cyber, physical, personnel and supply chain — with OT weighted as a first-class domain. -
✓
S.30BC Incident Pathways
Material cyber incident response pathways, aligned to the 12-hour and 72-hour ASD reporting obligations. -
✓
Board Attestation
An attestation evidence pack — mapped to SLACIP Rules 2023 — designed for directors to sign with confidence. -
✓
AESCSF & 62443 Frames
Alignment for generation/grid. IEC 62443 zone and conduit models where the engineering detail matters.
Three pillars. Scoped tightly. Priced openly.
Every engagement begins with a scoping call with Dean, not a sales funnel. Indicative timeframes are published so you can run procurement without guesswork.
OT Security Assessment
Know exactly where you stand
Engineering-informed gap analysis across your OT estate. We walk your plants, map critical processes against IEC 62443 and CIRMP obligations, and deliver a board-ready risk narrative.
OT Re-Architecture
Defensible segmentation
Pragmatic network architectures designed around your plant. Secure vendor remote access, IIoT, historian replication and AHS integration — without breaking legacy protocols or the control loop.
Monitoring & SOC
Visibility engineers trust
Passive, protocol-aware monitoring (Modbus, DNP3, EtherNet/IP, Profinet, S7) deployed without disrupting control traffic. Bridging the trust gap between IT SOC and plant engineering.
We speak the language of your plant.
Mining OT is not generic ICS. You do not run “a control network” — you run a comminution circuit, a flotation plant, a TSF piezometer array, a hoist, a train load-out, a ROC link to the Pilbara.
Our consultants have walked the pits, commissioned the DCS, and signed off the shut. That is the baseline for every engagement.
- ✓ Comminution & SAG
- ✓ Flotation circuits
- ✓ TSF monitoring
- ✓ Hoist & winder
- ✓ Vent-on-demand
- ✓ Train load-out
- ✓ Dewatering
- ✓ Rockwell ControlLogix
- ✓ Siemens S7 / PCS 7
- ✓ ABB 800xA
- ✓ AVEVA / Wonderware
- ✓ Citect SCADA
- ✓ Cat MineStar
- ✓ Modular Mining
Dean Kastelic
Principal & Practice Lead · CISSP
Dean founded Vyfority to do OT security the way engineers actually want it done: scoped tightly, delivered personally, and grounded in what the plant floor will tolerate.
Every engagement is led by Dean directly. No graduate rotation. No subcontracted delivery. If Dean is on your scoping call, Dean is on your control room floor.
“We hold no reseller agreements. No vendor SPIFs. No alliances that bias our recommendations. When we suggest a platform, it is because it fits your estate — not our P&L.”
Frequently, and fairly, asked.
How disruptive is this to production?+
The default answer is: not at all. Assessment work is passive, protocol-aware, and planned around your production calendar. Active change work is scoped into planned shuts, never imposed on them. Every cutover has a documented rollback before it is executed. No change touches the control path without sign-off from your controls engineering lead.
Do you align to IEC 62443 SL-T targets or CIRMP controls?+
Both, deliberately. CIRMP sets the board-level obligation and the regulator’s lens. IEC 62443 gives the zone-and-conduit engineering detail required to actually meet it. We treat 62443 SL-T as the technical target and CIRMP / SLACIP Rules as the evidence frame. One set of work, two audiences.
Can you work during a major shutdown?+
Yes, and we prefer to. Major segmentation, cutover and architecture work is best delivered against a planned shut window. We scope against your shutdown schedule from the first conversation, including FIFO rotations where your site operates on them.
How do you handle vendor warranty constraints on PLCs and DCS?+
Warranty and support constraints are part of the initial site brief. We design around them — up to and including maintaining support letters from OEMs where required, and sequencing changes around vendor-supported service windows. We will never recommend an uplift that invalidates a control system warranty without an explicit, documented trade-off.
Are you independent of the OT platform vendors?+
Completely. We hold no reseller agreements, no referral fees, and no vendor SPIFs with Claroty, Dragos, Nozomi, Tenable OT, Armis or anyone else. When we recommend a platform, it is because it fits your estate — not our P&L. Happy to put that in writing on request.
What does a typical engagement look like, end-to-end?+
A 30-minute scoping call with Dean. A written scope document with fixed price and deliverables within five business days. Mobilisation within two to three weeks. Then on-site discovery, progressive reporting to your cyber lead, a closeout workshop with operations and the board-pack, and a documented handover. No phantom consulting hours, no sprawl.
Ready to build your defenses?
Bring your CIRMP position, your site count, and the one OT problem that is keeping you up at night.
Thirty minutes with Dean.
No sales slides.
A scoping conversation, not a pitch. Leave with a view on whether Vyfority is the right partner.
Use the form to request the Vendor Remote Access Audit Template.