We helped our client, which operates in the renewable energy production sector, to address the remedial actions identified by an internal audit.
Decisions and actions
We defined an "ICS Security Programme" to identify measures to improve the security level in the industrial environment, starting by analysing both organisational and technological components through site visits to wind and photovoltaic plants.
We needed to define security processes, policies and procedures specific to the industrial world, in order to ensure both the continuity of services provided and the sustainability of adopting a best-in-class security management model in line with sector standards.
The Programme included designing and implementing a complex centralised infrastructure to monitor and manage cyber security for the entire industrial area (from plant components distributed throughout the country to control and monitoring components in the Data Centre and Control Rooms).
We also planned a cyber risk training campaign, where basic cyber security doctrines and security policies were shared with all the organisation's personnel, to illustrate and share roles, responsibilities and management processes for IT incidents.
Finally, we conducted workshops and gaming activities with all of our client's personnel to raise awareness of threats and emerging vulnerabilities in the ICS context.