Global automation leader Emerson has announced a new strategic collaboration with industrial cybersecurity specialist Armexa. The partnership is designed to deliver an expanded suite of operational technology (OT) cybersecurity services specifically tailored for users of the Emerson DeltaV™ automation platform. By integrating the technical capabilities and domain expertise of both organizations, the initiative aims to simplify the complex landscape of industrial security governance and enhance resilience across critical infrastructure sectors.
Converging Automation and Cybersecurity
As industrial environments increasingly connect with wider networks, the separation between Information Technology (IT) and Operational Technology (OT) has blurred, exposing process manufacturers to new vectors of cyber risk. The collaboration between Emerson and Armexa addresses this challenge by providing DeltaV customers with a unified approach to security.
Traditionally, industrial operators have had to manage disparate vendors for automation hardware and cybersecurity services, often leading to fragmentation in policy enforcement and project delays. This new agreement allows Emerson customers to access a streamlined, authorized source for security services. The primary goal is to alleviate the vendor management burden while ensuring that security measures are not just compliant, but compatible with the specific constraints of the DeltaV distributed control system (DCS) and safety instrumented systems (SIS).
Alexandre Peixoto, Cybersecurity Business Director at Emerson, highlighted the logistical and operational advantages of this model. He noted that process manufacturers are currently facing immense pressure to maintain comprehensive security postures amidst a rapidly evolving threat landscape. Peixoto emphasized that the collaboration provides a “single-provider approach,” which is essential for streamlining procurement processes and ensuring the consistent application of security policies across critical OT infrastructure.
Leveraging Deep Industry Expertise
Armexa enters this partnership with a strong track record in securing complex industrial verticals, including energy, liquefied natural gas (LNG), chemicals, pharmaceuticals, and utilities. These industries operate under strict uptime requirements where standard IT security practices can sometimes disrupt production.
Jacob Marzloff, CEO of Armexa, described the partnership as a mechanism to offer a more cohesive experience for the plant floor. He stated that the collaboration allows the delivery of services that are “authorized, integrated, and designed for the realities of OT environments.” This distinction is vital; unlike corporate IT environments, OT environments require security protocols that prioritize physical safety and process availability above data confidentiality. By combining Emerson’s proprietary technologies with Armexa’s implementation methodologies, the partnership aims to deliver consistent security governance that spans entire facilities.
A Comprehensive Service Portfolio
As an authorized service provider under this agreement, Armexa is set to deploy a specific range of solutions designed to assess, mitigate, and monitor risks within the DeltaV ecosystem. The initial rollout includes four key service areas, each utilizing distinct methodologies to address different stages of the cybersecurity lifecycle.
Foundational Cybersecurity Assessments
The entry point for many organizations will be the Basic Cybersecurity Assessment. This service is structured as a low-friction, non-intrusive evaluation of existing OT systems. It covers the DeltaV DCS and SIS, providing operators with a cost-effective baseline of their current security posture without requiring significant downtime or resource allocation. This foundational step is critical for identifying glaring vulnerabilities before moving to more advanced remediation strategies.
Consequence-Based Risk Methodologies
To address more complex threat scenarios, the partnership utilizes risk assessment frameworks aligned with the ISA/IEC 62443-3-2 standard. This includes two primary methodologies:
- CyberHAZOP™: This is a safety-oriented systematic study. It adapts the traditional Hazard and Operability (HAZOP) study—a staple in chemical and process engineering—to the cyber domain, analyzing how digital threats can manifest as physical safety hazards.
- CyberBowtie™: Offering a visual alternative to the detailed HAZOP, this methodology helps stakeholders visualize the relationship between threats, preventive controls, consequences, and mitigative measures, facilitating better communication of risk to non-technical leadership.
Network Intrusion Detection Systems (NIDS)
Moving from assessment to active defense, the collaboration offers turnkey deployment for Network Intrusion Detection Systems (NIDS). This service encompasses the design, implementation, and ongoing maintenance of NIDS solutions. Crucially, this involves rapid rollout capabilities and precise tuning. In an OT environment, tuning is essential to distinguish between legitimate command traffic and actual malicious activity, thereby reducing false positives that can lead to alarm fatigue among operators.
Security Integration for Capital Projects
Recognizing that security is most effective when baked in from the start, the partnership also targets new facility construction and major upgrades. By unifying Emerson and Armexa’s capabilities, the companies provide OT security design and deployment services for capital projects. These services are aligned with ISA/IEC 62443-2-4, ensuring that new automation assets are secure by design before they ever enter the operational phase.
Enhancing Operational Resilience
The alliance comes at a critical time for the manufacturing and energy sectors. As regulatory bodies globally tighten requirements for critical infrastructure protection, the burden of compliance falls heavily on plant operators. The Emerson-Armexa collaboration attempts to relieve this pressure by offering a pre-validated pathway to compliance and security.
By integrating third-party expertise directly into the vendor ecosystem, Emerson is acknowledging that securing modern automation requires specialized skills that go beyond standard control engineering. For DeltaV customers, this collaboration promises to reduce the friction associated with securing legacy and modern plant assets, ultimately contributing to higher levels of operational resilience and safety across the industry.
About Armexa
Armexa is a team of operational technology (OT) and industrial cybersecurity experts dedicated to delivering practical, scalable solutions. Our group has decades of industrial cybersecurity experience, with expertise as both consultants and end users on projects world-wide. We offer full spectrum OT security services, from governance and program development to system design, implementation & ongoing support.
