Selidrium Security ICS / OT
Industrial control system security — Phoenix, Arizona

Your plant runs on networks nobody is watching.

Selidrium delivers flat-fee OT security assessments for water districts, manufacturers, and municipal infrastructure — the facilities enterprise vendors price out at $50,000 and up. Passive methods only. Plain-English findings. A practitioner on site, not a PowerPoint.

Book a 20-minute call See packages & pricing

Serving Arizona & the Southwest · alan@selidrium.com

  passive tap — read only capture.pcap
$ tshark -i tap0 -Y "modbus || dnp3 || dns" listening — no packets transmitted to OT network 10:42:07 hmi-01 → plc-04 Modbus/TCP read holding registers 10:42:11 scada-srv → plc-07 DNP3 read class 0 data 10:42:19 scada-srv → 8.8.8.8 ICMP echo request ← OT host reaching internet 10:42:31 ec:e2:d9:··:··:·· ARP Sierra Wireless OUI ← cellular modem on control LAN 10:43:02 plc-04 → na.m2mop.net DNS beacon, every 60s FINDING  Control 2 — Defensible Architecture: ABSENT
Sixty minutes of listening finds what years of assuming missed.
Built for Water & wastewater Manufacturing Building automation Oil & gas midstream Agriculture & irrigation Municipal infrastructure
Threat landscape

The adversaries targeting small facilities aren't small.

State-backed operators from China, Iran, and Russia have spent the last several years demonstrating the same lesson: the soft target isn't the Fortune 500 plant with a security operations center — it's the water district, the packaging plant, and the pump station that assumed they were too small to matter. Every campaign below is documented in U.S. government advisories and industry reporting.

Volt Typhoon PRC · state-sponsored

Pre-positioning · U.S. critical infrastructure

CISA, NSA, and FBI reported Chinese state-sponsored operators quietly embedded in U.S. water, energy, and transportation networks — living off the land with legitimate tools to avoid detection, building access intended for future disruption rather than espionage.

Why it matters to youThey deliberately pick the under-defended edge of critical infrastructure. Small and municipal systems are the stated concern of the advisories.
CyberAv3ngers Iran · IRGC-affiliated

2023 · U.S. water utilities

IRGC-affiliated actors compromised internet-exposed PLCs at multiple American water utilities — including a small Pennsylvania municipal water authority — and defaced operator screens. The entry point: a default password on a controller facing the open internet.

Why it matters to youThis is precisely what a half-day Visibility assessment finds: your exposed devices, before someone in Tehran does.
Sandworm & aligned groups Russia · GRU / hacktivist

2015–2024 · grid, heating & water ops

From taking down portions of Ukraine's power grid to FrostyGoop — malware that speaks Modbus TCP natively — to Russia-aligned hacktivists manipulating HMIs at small Texas water utilities until a tank overflowed. Rural does not mean invisible.

Why it matters to youThe Texas victims were towns of a few thousand people. The attack path was remote access nobody had inventoried.

None of these campaigns needed a zero-day. Internet-exposed devices, default credentials, flat networks, forgotten remote access — the gaps a $1,500 half-day finds.

Sourced: CISA · FBI · NSA · industry reporting
The difference

Most OT assessments are done by IT consultants. This one isn't.

Practitioner, not touristHands on OT every working day

Selidrium's founder works in ICS/OT security at one of Arizona's largest public utilities — defending the same PLCs, HMIs, and SCADA systems your facility runs, every day. The assessment methodology comes from a control room, not a certification course.

Passive only — alwaysWe never scan your control network

Active scanning can crash a PLC mid-process. Selidrium's standing rule: no active scans on OT segments, ever. Findings come from passive network taps, physical walkthroughs, configuration review, and public-internet reconnaissance of your own footprint. Your process keeps running while we work.

Plain English deliverablesReports your board can actually read

Every finding lands as a clear sentence: what we saw, why it matters, what to do first. The executive summary is written for boards, councils, and EPA reviewers — no jargon, no fear-mongering, no 200-page PDF that nobody opens twice.

Priced for your facilityFlat fees, in writing, before we start

Enterprise OT vendors start around $50,000. The Big 4 bill by the hour and send associates. Selidrium publishes its prices — $1,500 to $5,000, flat — because a 12,000-person water district deserves the same visibility a Fortune 500 plant gets.

Method

Every assessment is scored against the SANS Five Critical Controls.

Controls scorecardsample scoring
C1ICS Incident Response PlanOT-specific, not the IT plan reusedAbsent
C2Defensible ArchitectureIT/OT segmentation, boundary confirmedPartial
C3Network Visibility & Monitoringcan you see your own traffic?Absent
C4Secure Remote Accessevery path inventoried — including vendorsPartial
C5Risk-Based Vulnerability Mgmtwhat to patch, what to shield, what to acceptMet

The Five Critical Controls are the industrial security baseline developed by the SANS Institute — the framework serious OT programs are built on. Selidrium scores each control Absent, Partial, or Met, with the evidence behind every score, so your remediation roadmap starts from facts rather than vendor fear.

Before arriving on site, we map your facility's public internet footprint the way an attacker would — exposed remote access, forgotten web interfaces, internet-reachable control devices. On site, we listen: a passive tap on your network for a minimum of sixty minutes, a physical walkthrough of every panel, and a handful of careful checks on operator workstations.

The most common critical finding? Cellular modems nobody remembers installing — always-on internet connections wired straight into the control network, bypassing every firewall the IT department ever bought.

Standing commitment

Aligned with NIST SP 800-82 and AWIA §2013 requirements for community water systems.

Packages & pricing

Three packages. Flat fees. The scope in writing before work begins.

2026 founding rates — honored through December 31, 2026
Package 01

Visibility

$1,500 flat50% deposit · balance on delivery

A half-day, top-level review for facilities that have never had OT security eyes on site. Honest scope: this is a first look, not a comprehensive audit.

  • Pre-visit reconnaissance of your public internet footprint
  • Physical walkthrough and device identification
  • Passive network capture — 60 minutes minimum
  • Cellular modem sweep of the control network
  • Credential & internet-exposure checks on HMI/SCADA workstations
  • Five Critical Controls quick-scorecard
  • One-page findings memo — your top 5 gaps in plain English
  • On-site verbal debrief + written follow-up within 48 hours

Full $1,500 credits toward a Full Assessment booked within 90 days.

Package 02

Full Assessment

$5,000 flat50% deposit · balance on report delivery · PO terms available for government clients

The complete picture: a full day on site, every device inventoried, every remote-access path traced, and a report your board and your regulator can both use.

  • Everything in Visibility, plus a full day on site
  • Complete asset inventory — every device, IP, and firmware version
  • IT/OT segmentation review with the boundary confirmed
  • Complete remote access audit — every path, including vendors
  • Firewall & router port-forwarding review
  • 10–15 page assessment report, delivered encrypted
  • Network topology diagram of your IT/OT environment
  • Prioritized remediation roadmap — immediate / short / long term
  • Executive summary written for boards and EPA reviewers
  • AWIA §2013 alignment documentation for water systems
  • 60-minute debrief call + 30-day follow-up + one revision round
Package 03

Advisory

$5,000 + $1,000/monthmonth-to-month · cancel with 30 days notice

A Full Assessment, then an OT security advisor on call — for facilities that need ongoing judgment, not a one-time report.

  • Full Assessment included as the engagement baseline
  • Monthly 30-minute check-in call
  • Email & phone advisory — response within 1 business day
  • CISA ICS-CERT advisories matched to your specific equipment
  • Guidance on remediation decisions as they arise
  • Quarterly progress review against your roadmap

Advisory relationship only — implementation and additional site visits scoped separately.

Add-ons, any package

OT Incident Response Plan (Control 1 document)$1,000
Vendor Remote Access Policy (Control 4 document)$500
Passive network monitor deployment$800
AWIA §2013 Risk Assessment documentation package$1,200
Second facility, same visit day$800
OT security awareness training (half day)$1,200
Controls maturity re-assessment (standalone)$1,500
Emergency remote advisory$250/hr
Honest scope

What we will never tell you.

Never promised

  • "You're secure now." An assessment reflects conditions on the day it's performed — anyone guaranteeing more is selling something.
  • "This certifies AWIA compliance." We produce alignment documentation; certification claims aren't ours to make.
  • "We found everything." No assessment finds every vulnerability. We find what passive methods reveal, and we say so.
  • "We'll fix it for you." Findings come with a roadmap. Implementation is your team's or your integrator's — and we'll advise either.

Deliberately out of scope

  • NERC CIP bulk electric system operators — different regulatory world, different specialists.
  • Nuclear facilities under NRC oversight.
  • Defense industrial base with CMMC requirements.
  • If your facility falls in these categories, we'll say so on the first call and point you toward the right firm.

A consultant who tells you what he won't do is telling you the truth about everything else.

About

Founded by a working OT security practitioner.

Selidrium Security was founded by Alan Garcia, an ICS/OT security professional at one of Arizona's largest public utilities, where he works daily with the industrial protocols, control systems, and threat landscape your facility lives in.

The firm exists because of a gap he watched widen for years: enterprise OT security vendors built excellent products priced for the Fortune 500, while the water district serving 12,000 people, the packaging plant with forty PLCs, and the irrigation district running pump stations across two counties were left with nothing between a $50,000 quote and hoping for the best.

Selidrium is the answer in between: practitioner-grade assessments, honestly scoped, at prices a small facility can put through a normal approval process.

  • ICS/OT security — major Arizona public utility
  • M.S. Software Engineering · B.S. Information Technology
  • GIAC GICSP candidate
  • SANS ICS515 — ICS visibility & threat detection
  • Modbus/TCP · DNP3 · EtherNet/IP protocol analysis
  • Insured — professional & general liability
  • Selidrium Security LLC · Arizona
Start here

The assessment starts with a 20-minute call. The call starts with an email.

Tell us what kind of facility you run and what's keeping you up at night — or just say "we've never looked." Either is a fine place to start. No pitch deck, no pressure, and if we're not the right fit, we'll tell you who is.

Email alan@selidrium.com Review packages first
Response time1 business day
Service areaArizona & the Southwest
Engagement termsWritten scope & authorization before any work