The services of Capula cyber security engineers were enlisted by the client, a major power provider that delivers power to millions of UK residents.
The client wanted to augment the existing robust cyber security programme relating to their network and they also needed to quickly establish whether they were doing all the can to protect the plant from cyber attacks in view of a recent change of their operating system interface.
The consequences of successful penetration to their ICS (industrial control system) could prove catastrophic to their business – disruption to the electrical supply, blackouts and reputational damage. It was essential that the plant remained fully operational while the security review took place to ensure the continued delivery of electricity to their customers.
How we helped
Capula engineers were deployed to the plant to provide clarity on the status of the plant’s defenses in three key areas; people, processes and technology. This is a non-invasive service that identifies strengths and weaknesses for defending against cyber attacks within a plant’s automation systems.
Engineers reviewed systems or ‘defensible units’ within the network against the current threat landscape, using an array of security assessment mechanisms, including scanning software and analysis tools.
All tools deployed were vetted by Capula engineers with extensive industry experience, and were validated for use in the operational technology (OT) environment. In this arena, it is critical that ICS continue to operate at optimal levels at all times so that normal operations are not impacted.
Engineers mapped out the network topology of the system from an ‘unauthorised‘ entity status to offer a fresh perspective on the maturity levels of the plant. The audit went beyond simply testing the client’s network and operating system; engineers were able to interrogate the plant systems including SCADA and PLC systems and ancillary equipment because of their deep domain knowledge.
As well as analysing the plant’s technologies, clarity was provided on business processes at the site, and the practices of their personnel. A full business impact assessment was generated based on a series of one-to-one constructive discussions with operators, contractors and other stakeholders.
The collection of the relevant data was conducted speedily, taking less than a week to implement and without requiring a system shutdown.
The output of the service was a high level action plan that identified the control system’s ability to defend against cyber-attack or security breach, summarising strengths as well as areas for further development against defined metrics. The plan recommended implementing a multi-layered security approach to deter threats and improve defences, to further supplement the client’s existing robust programme. Implementing these measures would enable the client to work towards the desired maturity control level and improve the security posture of the organisation.
The findings of the review were sufficiently detailed to allow both technical experts to assess risks and address potential issues, as well as senior managers, allowing them to present the key facts needed for decision making at Board level.
The review was designed to support and educate personnel about best practice to mitigate risk, helping them to proactively prevent security breaches. It provided the client with greater confidence in their ability to safeguard their essential operations.
- Full ICS systems interrogated whilst functioning
- Educated personnel to highest industry security standards
- Provided reassurance that risks identified
- Supplemented client’s existing measures with new areas for improvement