Webinar: Bridging IT–OT Gaps: OT-Led Data Transformation in Action

Register Now
Get In Touch
Get In Touch

Offshore SCADA Support Is Not Just a Resourcing Decision

Why pipeline operators should evaluate OT/SCADA outsourcing through the lens of risk, data sovereignty, regulatory readiness, and operational resilience

At the 2026 API Conference, during a session titled “Keeping Up with Cybersecurity Compliance: Where U.S. Cybersecurity Policy Is Going Next,” a SCADA Manager from a prominent U.S. pipeline operator raised a question that many critical infrastructure leaders may already be asking.

As more pipeline operators consider outsourcing IT, OT, and SCADA support to offshore managed service providers, could future regulations restrict or prohibit that model?

The panel included legal, law enforcement, and critical infrastructure resilience perspectives, with representatives from Bracewell, the FBI, and Berkshire Hathaway. That mix of expertise made the discussion especially relevant for pipeline leaders evaluating the operational and regulatory implications of offshore SCADA support.

The question matters because offshore support is often evaluated through a narrow operational lens. Does the provider have enough resources? Can they reduce cost? Can they support the platform? Can they respond quickly?

Those are valid questions. But for OT and SCADA environments, they are not enough.

Regulators, boards, auditors, and incident response teams may eventually evaluate the decision very differently. They may ask who had access, from where, under what controls, to what systems and data, and whether that access model was appropriate for critical infrastructure.

For pipeline operators, offshore SCADA support is not just a resourcing decision. It is a risky decision.

Panelists included Lauren Clegg, Counsel, Bracewell, LLP; Ash Thorne, Acting Assistant Special Agent in Charge, FBI; David Benton, Senior Advisor, Threat Informed Resilience, Berkshire Hathaway; and Alamdar Hamdani, former U.S. Attorney and Bracewell Partner. Hamdani was appointed by President Biden and unanimously confirmed by the Senate as the top federal law enforcement official in the Southern District of Texas.

The Capacity Problem Is Real

The pressure on SCADA and OT teams is significant.

Pipeline operators are managing complex environments with aging infrastructure, evolving compliance expectations, increasing Cyber Security threats, and a limited pool of specialized talent. Many teams are being asked to modernize, secure, support, and optimize their systems while still protecting uptime and operational continuity.

In that context, managed services can be attractive. External support can help fill resource gaps, provide specialized expertise, and reduce the burden on internal teams.

The issue is not whether pipeline operators should use external support. In many cases, they should.

The issue is whether the support model is appropriate for the sensitivity of the environment.

In OT/SCADA, Location and Access Change the Risk Model

In traditional IT outsourcing, the location of the support team may be treated as a cost or service delivery consideration. In OT and SCADA, location can become part of the risk profile.

A third-party provider supporting SCADA may have access to sensitive system information, operational data, IP addresses, network details, remote access pathways, applications, configurations, historian data, and infrastructure context. Even when access is limited, the provider may still gain visibility into how critical operations are structured and supported.

That changes the conversation.

The issue is not simply whether an offshore provider can complete a technical task. The issue is whether offshore access extends the trust boundary of a critical infrastructure environment in a way that introduces new operational, regulatory, Cyber Security, or reputational exposure.

A provider may be offshore only in a staffing sense. But from an OT risk perspective, the operator may be creating cross-border exposure to systems and data that carry far greater sensitivity than a typical business application.

Data Sovereignty and Export Control Cannot Be an Afterthought

One of the most important themes raised in the 2026 API Conference discussion was the potential for export control and data sovereignty concerns.

SCADA environments can contain information that is sensitive from an operational, Cyber Security, and infrastructure perspective. If offshore resources can access that information, directly or indirectly, the operator may need to understand whether the arrangement creates additional legal, regulatory, or compliance obligations.

This is not only about where the primary provider is located.

It is also about where the data can be accessed from, whether subcontractors are involved, what support pathways exist, and whether access could extend into jurisdictions that create added concern.

These are questions that should be evaluated before support begins, not after a regulator, auditor, board member, or incident response team asks for answers.

Operators should be asking:

  • What data can the provider access?
  • Can operational data cross borders, directly or indirectly?
  • Are export control implications understood?
  • Are offshore personnel accessing SCADA systems, applications, infrastructure, or documentation?
  • Are subcontractors involved?
  • Are access pathways logged, monitored, restricted, and revocable?
  • Has legal or compliance counsel reviewed the model?


No responsible operator wants to discover these issues during an incident.

Critical Infrastructure Support Requires a Higher Standard

There is a practical difference between supporting a business system and supporting the operational systems behind critical infrastructure.

SCADA environments help pipeline operators maintain visibility, support decisions, manage alarms, monitor assets, and protect reliable operations. Any support model that touches this environment should reflect the importance of the systems involved.

That does not mean every task requires on-site delivery. It does mean support should be designed around the realities of OT.

Those realities include uptime sensitivity, change control, remote access risk, segmentation, regulatory exposure, incident response, and the need for deep understanding of industrial operations.

A generic offshore IT model may not be enough.

Pipeline operators need partners who understand the difference between enterprise support and OT/SCADA support. They need resources who understand the consequences of downtime, the importance of operational context, and the discipline required when working near control environments.

Regulation May Be Behind, But Expectations Are Moving

The 2026 API Conference discussion also highlighted an uncomfortable reality. Regulation often moves more slowly than technology, outsourcing models, and emerging threats.

That does not mean operators should wait.

The strongest operators will move ahead of regulation by asking more rigorous questions now. Future scrutiny of offshore OT and SCADA support is plausible, especially as critical infrastructure becomes more connected and as governments pay closer attention to foreign involvement, Cyber Security exposure, and third-party access.

Even if no clear prohibition exists today, leadership should consider whether the current support model would be defensible tomorrow.

  • Would it stand up to an internal risk review?
  • Would it satisfy executive stakeholders?
  • Would it be explainable to regulators?
  • Would it be defensible after a Cyber Security incident?
  • Would it support public trust if the issue became visible?


Compliance is not the same as resilience. A support model can be technically permitted and still create avoidable risk.

The Better Distinction: Offshore vs. Local and Nearshore OT/SCADA Support

The conversation should not be framed as internal support versus external support. That misses the point.

The better distinction is between offshore support models that may introduce additional jurisdictional, access, and data exposure concerns, and local or nearshore OT/SCADA support models that are better aligned with North American operational and regulatory realities.

For critical infrastructure, local or nearshore support can provide a more defensible operating model, especially when paired with certified expertise, controlled access, strong governance, and OT-aware delivery practices.

This approach recognizes that SCADA support is not a commodity service. It is part of the operating model that protects reliability, resilience, and confidence.

The goal is not simply to find people who can support the technology. The goal is to build a support model that reduces uncertainty.

What Pipeline Operators Should Evaluate Before Outsourcing SCADA Support

Before outsourcing OT or SCADA-managed services, pipeline operators should evaluate the support model across several dimensions.

Access: What systems, data, credentials, applications, network details, and environments will the provider access?

Location: Where are support resources physically located?

Jurisdiction: What countries, legal environments, and subcontracting pathways may be involved?

Data handling: What operational data could cross borders, either directly or indirectly?

Remote access: How is access approved, monitored, logged, limited, and revoked?

Segmentation: Is provider access restricted to the minimum required scope?

Cyber Security controls: Are secure remote access, monitoring, identity management, and incident response processes in place?

Operational fit: Does the provider understand ICS and OT realities, or are they applying a generic IT support model?

Regulatory readiness: Could the model withstand future scrutiny from regulators, auditors, and executive stakeholders?

Incident accountability: If an incident occurs, can the organization clearly explain who had access, from where, under what controls, and why the model was considered appropriate?

These questions are not barriers to outsourcing. They are the foundation for responsible outsourcing.

Dexcent’s Position: Local and Nearshore by Design

Dexcent’s OT/SCADA strategy has been built around local and nearshore professional AVEVA-certified resources.

That decision is intentional.

For critical infrastructure operators, SCADA support should reduce operational uncertainty, not add new questions about access, jurisdiction, data exposure, and accountability.

SCADA and OT systems require more than technical availability. They require operational understanding, disciplined delivery, Cyber Security awareness, and an appreciation for the regulatory and reputational realities pipeline leaders face.

Dexcent’s approach is designed to help operators strengthen their SCADA and OT environments without introducing unnecessary complexity or avoidable risk.

We support pipeline operators with resources who understand the North American operating context, the importance of secure and reliable SCADA environments, and the need to align people, process, and technology around long-term resilience.

This is not only a delivery model. It is a risk management philosophy.

The Decision Leaders Should Be Making Now

Pipeline operators do not need to wait for new regulations to ask better questions about offshore SCADA support.

They can act now by reviewing where support is delivered, how access is managed, what data may be exposed, whether the operating model is defensible, and whether the provider understands the realities of OT and SCADA environments.

The future of SCADA support will not be judged only by cost, coverage, or resource availability.

It will be judged by whether the support model protects the systems, data, and operations that critical infrastructure depends on.

If you are evaluating offshore SCADA or OT managed services, Dexcent can help you assess the operational, Cyber Security, data sovereignty, and regulatory readiness risks before access is granted. 

Talk to Dexcent Today

Andrew Capper

Vice President of Industrial Digital Transformation

Linkedin Envelope
Read Bio

Andrew Capper is Vice President of Industrial Digital Transformation at Dexcent, helping industrial organizations improve data-driven decision-making by optimizing the data journey, reuniting siloed information, and delivering a trustworthy version of the truth.

With more than 25 years of experience, he is known as a results-driven leader who delivers on commitments and tackles complex information management challenges with a practical, human-centric approach. His work spans digital transformation strategy and roadmaps, governance, digital maturity assessments, and performance measurement through clear KPIs and metrics. Andrew is a NAIT graduate with training in Instrumentation Engineering Technology and Security Systems, and he brings a strong focus on safer, more effective operations from data producers through to data consumers

Nader Asgharinia

MP, P.Eng.

Vice President of Enterprise SCADA & Advanced Applications.

Linkedin Envelope
Read Bio

Nader Asgharinia, PMP, P.Eng., is Vice President of Enterprise SCADA & Advanced Applications at Dexcent, leading the delivery of complex, mission-critical solutions with a clear focus on client experience and operational excellence. With more than 30 years in business execution and over 25 years managing multi-million-dollar programs for mission-critical and SCADA systems, he brings a pragmatic, delivery-at-scale approach to every engagement. Nader is recognized for building high-performing teams, driving disciplined portfolio execution, and delivering measurable business outcomes, including significant growth in program portfolios and team capacity over time. He holds a B.Sc.(Hons.) in Electrical and Electronics Engineering from the University of Newcastle-Upon-Type in the UK, a B.Sc. in Computer Science from the University of Calgary, completed Georgetown University’s Director’s Program, is a Professional Engineer in Alberta, and a Project Management Professional.

Gerrit Nel

CISSP, CISM – Vice President of OT Infrastructure and Cyber Security Services

Linkedin Envelope
Read Bio

Tobias (Gerrit) Nel, CISSP, CISM, is Vice President of OT Infrastructure and Cyber Security Services at Dexcent, leading the development and delivery of practical services and solutions that integrate, complement, or replace OT infrastructure and protect OT assets from cyber threats. He is known for building resilient security frameworks, governance processes, and integrated solutions that reduce risk and support compliance across diverse industries. Gerrit has over 40 years of relevant IT/OT experience and has built and delivered highly skilled and high-performance delivery teams. His strengths include Cyber Security roadmaps, security architecture, incident response, and alignment to standards such as IEC 62443, NIST, and NERC CIP. Furthermore, he has deep foundational technical experience in Networking and OT infrastructure systems architectures that he leverages in building and leading successful delivery teams. Gerrit holds a B.Sc. in Computer Science from the University of Johannesburg and brings deep cross-sector experience supporting clients in oil and gas, mining, chemical, healthcare, financial, and government environments.

Jaydeep Deshpande

P.Eng. – President

Linkedin Envelope
Read Bio

Jaydeep Deshpande, P.Eng., is a seasoned and decisive executive with over 25 years of experience driving operational excellence, profitability, and market growth in national and multinational organizations. As President, he is recognized for his strategic leadership, disciplined execution, and ability to lead organizations through change. Jaydeep is passionate about developing people, building strong leadership teams, and fostering a positive, performance-driven culture. His expertise spans strategic planning, business diversification, financial management, and organizational transformation, with a consistent focus on delivering growth-oriented, profitable results. He holds a Bachelor of Chemical Engineering from the University of Alberta, is a Prosci Certified Change Practitioner and Project Management Professional (PMP), and has completed the CMA Accelerated Accounting Program, bringing deep financial and strategic insight to executive decision-making.

Karim Amarshi

Chairman of the Board

Linkedin Envelope
Read Bio

Karim Amarshi is Chair of Dexcent’s Board of Directors, providing governance leadership and strategic oversight to support the company’s long-term strategy and executive team. With nearly 40 years as an entrepreneur and owner-operator, he is recognized for building high-performance organizations and forging strategic alliances across Information Technology, government, health care, education, and energy. He is the former co-owner and Chief Executive Officer of one of Canada’s leading enterprise Information Technology solution providers, where he led the organization through three successful mergers and helped scale long-term client and vendor partnerships. Karim remains active across a diverse business portfolio, serving as a founding principal, officer, and advisor to organizations spanning Information Technology, hospitality, manufacturing, retail, and real estate in Canada and internationally.

Yasmin Jivraj

FCIPS, I.S.P. | Board Member

Linkedin Envelope
Read Bio

Yasmin Jivraj, FCIPS, I.S.P., is a Board Member at Dexcent, providing executive guidance and strategic oversight to support corporate management and long-term business direction. Over a 35-year career, she has held senior leadership roles across private, public, and non-profit organizations, with a track record of building operating foundations and driving profitable growth. Following a 15-year tenure as a co-owner and President of one of Canada’s leading strategic Information Technology solution providers, she expanded her governance leadership through active board service in post-secondary education and community-focused organizations. She is recognized for decisive, purpose-led leadership, clear communication, and deep expertise in technology, business models, and methodologies that help enterprise organizations advance digital transformation.

Nadir Jivraj

CEO, Board Member

Linkedin Envelope
Read Bio

As Chief Executive Officer, Nadir is accountable for providing overall leadership and Dexcent’s Industrial operational performance. Nadir has been involved as an executive sponsor with Oil & Gas and Mining companies for over 35 years, and through the years has developed a strong working relationship with the Executive leadership team of many Fortune 500 companies.

Nadir is known for recognizing value and superior investment opportunities in the technology services sector. His pursuit of highly prospective technology companies around the world has resulted in numerous company start-ups. Prior to starting Dexcent, Nadir had led companies through highly profitable business transactions, including the merger of Atlas Systems Group with CompCanada (later renamed Acrodex) in 2000 and later as Chairman of the Board of Axcend Pvt – an engineering solutions provider – based in Bangalore, India from 2004 – 2014. Acrodex and Axcend were sold in 2015