Digitization, reliance on third parties, and the rise of smart devices and grids make the energy and power industry vulnerable to cyber attacks. Automation of Industrial Control Systems (ICS) and Supervisory Control & Data Acquisition (SCADA) systems increase the threat landscape, and a cyber breach can come from inside or outside the organization.
The company wanted to understand the threats they faced, build a cyber security strategy to avoid regulatory exposure, and protect the company.
Working with the company’s chief information security officer, we evaluated their cyber security practices by interviewing staff from the C-suite down to employees in the field. This assessment highlighted critical assets and vulnerabilities, provided insight into the company’s behavior and needs related to their data use, and achieved consensus around their overall tolerance for risk.
We then performed structured testing. The network architecture, firewall configurations, log content and configuration, and SCADA network architecture were all assessed, validated and tested. We also conducted penetration tests and a simulated breach of the company’s SCADA network.
- Penetrated a SCADA system thought to be separate from the enterprise network, and delivered actionable steps to secure the system
- Identiﬁed critical assets and vulnerabilities, and delivered a cyber security program aligned to the company’s risk tolerance
- Overhauled cyber security governance based on company culture and behavior to mitigate future cyber risk
Looking to safeguard your organization? Learn how our cyber security solutions can help you.