Energy operators sit at the centre of NIS2 — every TSO, DSO, refinery, midstream operator and large generator is an essential entity. Add ANRE-imposed cybersecurity requirements, IEC 62443 expectations from auditors, and a threat landscape that includes state-aligned actors openly targeting EU grid infrastructure, and the security operating model has to be built for production reality, not for an annual checklist.
Sandline runs OT-aware programmes: vulnerability assessment against the Purdue model, segmentation tests across IT/OT boundaries, and tabletop exercises that include actual control-room operators rather than just a SOC manager. The evidence package satisfies NIS2 Article 21 and ANRE requirements simultaneously.
Typical engagements
- OT-aware vulnerability assessment across IT/OT/SCADA
- IT/OT segmentation pentest
- Red team with control-room objective scenarios
- IR retainer with ANRE-aligned reporting
- IEC 62443 gap analysis and remediation plan
Sector-specific threats
Sector-targeted state-aligned actors
Public attribution ties multiple Eastern-European grid intrusions to known groups. Our CTI engagement curates actor TTPs against your specific OT stack and pipes detection content into your SIEM.
Lateral movement IT → OT
The attack pattern auditors actually worry about. Our segmentation pentests are designed to show whether the historian, jump host, or vendor-RDP path can reach the engineering workstation.
Vendor-supplied insecure firmware
The IEC 62443-4-2 component requirements catch a lot of this. We test the firmware before you sign the framework agreement.