Capula was selected by a major power provider that delivers power to millions of UK residents.
The customer wanted to augment the existing robust cyber security programme relating to their network. They also needed to quickly establish whether they were doing all they can to protect the plant from cyber attacks, in view of a recent change of their operating system interface.
The consequences of successful penetration to their ICS (industrial control system) could prove catastrophic to their business – disruption to the electrical supply, blackouts and reputational damage. It was essential that the plant remained fully operational while the security review took place to ensure the continued delivery of electricity to their customers.
Capula provided a review of the status of the plant’s defences in three key areas; people, processes and technology, using a non-invasive service to identify strengths and weaknesses for defending against cyber attacks. It is critical that ICS continue to operate at optimal levels at all times so that normal operations are not impacted.
Using a range of security assessment tools Capula engineers reviewed systems or ‘defensible units’ within the network against the current threat landscape. All tools were validated for use in the operational technology (OT) environment.
Engineers mapped out the network topology of the system from an ‘unauthorised‘ entity status to offer a fresh perspective on the maturity levels of the plant. The audit went beyond simply testing the client’s network and operating system; engineers were able to interrogate the plant systems including SCADA and PLC systems and ancillary equipment because of their deep domain knowledge.
As well as analysing the plant’s technologies, a review of business processes and employee practices was also undertaken to deliver a full business impact assessment. This review was completed in an accelerated timescale and without the need for a system shutdown.
The output of the service was a high level action plan that identified the control system’s ability to defend against cyber-attack or security breach, summarising strengths as well as areas for further development against defined metrics. The plan recommended implementing a multi-layered security approach to deter threats and improve defences, to further supplement the client’s existing robust programme. Implementing these measures would enable the client to work towards the desired maturity control level and improve the security posture of the organisation.
The findings of the review were sufficiently detailed to allow both technical experts to assess risks and address potential issues, as well as senior managers, allowing them to present the key facts needed for decision making at Board level.
The review was designed to support and educate personnel about best practice to mitigate risk, helping them to proactively prevent security breaches. It provided the client with greater confidence in their ability to safeguard their essential operations.