Comprehensive Security Review for a US based Metropolitan Electrical Utility.
Date of Engagement:
A major US metropolitan electrical utility required a ‘360 degree’ security review that includes the following:
- Internal and external pen testing
- Internal web and mainframe application testing
- Remote access security assessment
- Physical security test
- Social engineering
- Identification and security review of wireless LANs
- SCADA network review and pen testing
- Telephone network security review
- Voice message security review
- Security documentation evaluation
N&ST Recommended Solution(s):
N&ST proposed a technical assessment along with an evaluation that compared the client’s cyber security to other utility companies’ business and SCADA environments. N&ST employed a logical approach to handling a multi-component engagement. The simplified and efficient methodology reduced the project’s operational impact on the client’s personnel resources. Streamlined, actionable reporting will enable staff and management to implement new security controls through clear, concise and relevant recommendations.
The client has initiated immediate changes based upon the findings to reducing overall risk.
Based on the risk analysis from N&ST, the client has prioritized future remediation efforts. Activities include near- and intermediate-term priorities.
Good risk assessment must include concise reporting. It should not embellish, but should enable immediate and rational reaction to security issues.
“N&ST’s consultants have allowed us to eliminate tough to identify vulnerabilities where other security firms could not.”