What is an OT security assessment?

An OT (Operational Technology) security assessment evaluates the cybersecurity posture of industrial control systems including SCADA, PLC, DCS, and HMI environments against known threat actors and attack vectors.

What Iranian threat actors target GCC critical infrastructure?

Key Iranian-linked threat actors targeting GCC OT environments include APT34 (OilRig) targeting energy and government, MuddyWater targeting supply chains, Black Shadow targeting utilities with wipers, and Handala conducting hacktivist ransomware campaigns against GCC and Israeli-linked organisations.

How long does the MeruEPC OT assessment take?

The MeruEPC OT Security Assessment consists of 40 questions across 6 security pillars and takes approximately 15–20 minutes to complete. You receive an instant risk report upon completion.

Is the OT security assessment free?

Yes, the MeruEPC OT Security Assessment is completely free. Simply enter your email address and start the assessment. You will receive a personalised risk report at no cost.

60-Day Free Access — Normally a paid service. No paywalls. No strings attached. Open to all GCC organisations.

Days

Hrs

Min

GCC OT Threat Level: ELEVATED

هل تعرف ثغرات شبكتك الصناعية قبل أن يعرفها المهاجم؟

تحديد · حماية · كشف · استجابة · تعافٍ — ٤٠ سؤالاً خبيرياً

Know Your Gaps.Strengthen Your Defences.Before an Incident Does It for You.

Most OT breaches succeed because gaps were never measured. This expert-driven 40-question assessment maps your readiness across the full Identify → Protect → Detect → Respond → Recover lifecycle and quantifies your exposure to advanced threat actors targeting GCC industrial networks.

Free for 60 Days — Normally a Paid Service

We're opening our OT Security Assessment to all GCC organisations at no cost for 60 days. No paywalls. No strings attached. Just honest diagnostics.

25–30 minutes 40 expert questions Report emailed to you 6 security pillars

FREE

Start Your Free Assessment

Your personalised risk report will be emailed to you upon completion.

Your data is confidential. Report sent to your email and MeruEPC only.

No Cost for 60 Days

Normally a paid professional service — open to all GCC organisations free of charge during our launch period.

No Strings Attached

Just honest diagnostics. No sales pressure, no hidden fees. Share with your team and peers.

Available Until June 2025

After 60 days, the tool closes. Take the assessment now and understand where you actually stand.

جهات التهديد التي تستهدف شبكات OT في منطقة الخليج

4 Threat Actors Targeting GCC OT Networks

Nation-state actors and hacktivist groups are actively conducting reconnaissance and ransomware attacks against OT environments across the GCC and Middle East.

APT34 (OilRig)

Nation-State

GCC Energy & Critical Infrastructure

Advanced persistent threat group specialising in spear-phishing and credential harvesting against OT-adjacent IT systems in the energy sector.

MuddyWater

Nation-State

OT Supply Chain & Vendor Access

Threat group targeting managed service providers and supply chain vendors to pivot into OT networks across the Middle East.

Black Shadow

Destructive

Industrial & Utility Operators

Deploys destructive wiper malware against utility companies and industrial operators. Known for data exfiltration and public exposure campaigns.

Handala

Hacktivist

GCC OT/IT Organisations

Hacktivist group conducting ransomware and data exfiltration campaigns against organisations operating critical infrastructure in the GCC.

GCC Industrial Facilities

OT Security Operations

Critical Infrastructure Threats

٦ ركائز أمنية حيوية لأنظمة التحكم الصناعي

6 Critical OT Security Pillars

Each pillar is weighted by its contribution to your overall risk profile, based on real-world attack patterns from advanced threat actors targeting critical infrastructure.

Identity & Cloud Access

Weight: 25%

Network Segmentation

Weight: 20%

Asset Visibility

Weight: 15%

Supply Chain & Vendor Risk

Weight: 15%

Monitoring & Detection

Weight: 10%

Resilience & Recovery

Weight: 15%

كيف يعمل التقييم؟

How It Works

Enter Your Email

Provide your work email and facility details to personalise your assessment.

Answer 40 Questions

Each question includes real threat context, abuse rates, and best practice guidance.

Instant Scoring

Our engine calculates pillar scores, overall risk rating, and threat actor exposure across 4 active groups.

Receive Your Report

A detailed report is emailed to you and the MeruEPC team for expert follow-up.

What Your Report Includes

Normally a paid professional service — free for 60 days.

Overall risk rating: CRITICAL, HIGH, MODERATE, or LOW

Pillar-by-pillar score breakdown with weighted analysis

Threat actor likelihood mapping across 4 active groups targeting GCC OT networks

Top 3 priority fixes ranked by risk impact

Downloadable HTML report for your security team

Expert follow-up from MeruEPC's OT security team

Expert Questions

Threat Actors Mapped

Critical Controls

~25 min

Completion Time

Who Should Participate?

Whether you're in GCC or beyond, if you operate OT networks exposed to advanced cyber threats, this assessment gives you clarity on where you actually stand.

Energy & Utilities

Oil & gas operators, power generation, water treatment, and desalination facilities.

Critical Infrastructure

Ports, airports, telecoms, and government-operated industrial systems.

Industrial Facilities

Manufacturing, petrochemical, and process industries running SCADA or PLC systems.

Any OT Environment

Any organisation running OT networks with exposure to state-sponsored cyber threats.

ابدأ تقييمك المجاني الآن — متاح لفترة محدودة فقط

Identify Gaps. Prioritise Fixes. Build Resilience.

Complete the 40-question assessment in under 30 minutes. Receive a scored report across Identify, Protect, Detect, Respond, and Recover — with your top 3 priority actions.

Free for 60 days — share this with your team, peers, and anyone protecting critical infrastructure.

MeruEPC Services Portfolio

This Assessment Is Just the Beginning

Your risk score tells you where you stand. Our services tell you what to do about it. Whether you need a full consulting engagement, an AI governance framework, or continuous monitoring — MeruEPC has a solution sized for your organisation.

🎯

FLAGSHIP

OT Risk Assessment & Roadmap

Quantify. Prioritise. Transform.

A 4-phase consulting engagement that maps your OT environment against IEC 62443, NIST CSF, Purdue, ISO 27001, NERC-CIP, and UAE IA. We deliver a risk-quantified roadmap with phased remediation, SLAs, and KPIs — not a generic checklist.

✓8–12 week engagement
✓40–60% critical vulnerability reduction within 12 months
✓0% → 85%+ framework compliance in 6 months
✓Dwell time: 45 days → under 24 hours

🤖

AI GOVERNANCE

I-CAIRA Framework

The AI Governance Standard for Industrial OT

MeruEPC's pioneering Integrated Cyber-AI Risk Assessment framework — purpose-built for organisations deploying AI/ML in OT environments. Anchored to IEC 62443-3-2 and NIST CSF 2.0, it covers adversarial AI threats, MLOps security, and a 90-day implementation roadmap.

✓Covers AI/ML lifecycle risks in SCADA, DCS, PLC environments
✓Adversarial AI threat catalogue (model poisoning, evasion, inversion)
✓Maturity model L0–L4 with quantified risk scoring
✓Free community draft — join 500+ OT security professionals

Download Free Framework (PDF)

🛡️

AIR-GAPPED

CyberCommando

Offline OT Assessments for Disconnected Environments

Traditional security tools can't reach air-gapped OT systems. CyberCommando is a portable, offline assessment platform — technician-operated, evidence-based, and built for Oil & Gas, Maritime, Ports, and Utilities where network connectivity is restricted or prohibited.

✓No network connection required
✓CyberCollector (onsite) + CyberReporter (offline engine)
✓Evidence-based audit trail for compliance
✓Pay-per-report from $80/host — no subscription lock-in

Enquire About CyberCommando

📡

CONTINUOUS

Continuous OT Monitoring (SaaS)

Carob Prism — Powered by MeruEPC

Move beyond point-in-time assessments. The Carob Prism platform delivers continuous OT asset visibility, real-time threat detection, and automated compliance reporting — with MeruEPC managing the deployment, tuning, and escalation for your team.

✓Starter from $15K/yr · Enterprise from $250K/yr
✓85%+ Year 2 renewal rate
✓$200K–$500K prevented incident costs per year
✓Automated alerting and incident response playbooks

Book a Discovery Call

Not sure which service fits your situation?

Book a free 30-minute discovery call with the MeruEPC team. We'll review your assessment results together and recommend the right starting point — no sales pressure, just honest advice.

This tool is free and community-funded. If it helped you, — every contribution helps us keep it free and add new features.

MeruEPC Solutions

Interested in going deeper?

Download our frameworks and capability decks, or request a feature for this tool.

📄

I-CAIRA Framework

AI Governance for OT · PDF · Free

📊

OT Risk Platform

🛡️

CyberCommando