We launched a programme to evaluate the safety level of thermoelectric power plants and define interventions to achieve an adequate level of protection, to support our client's Cyber Security team in the field of electricity generation and distribution
The programme concerned around 80 thermoelectric power plants worldwide (over ten countries) with a time frame of 2 years.
The main phases of the initiative were:
the Technical Inventory, through site visits, to collect all information relevant to cyber security and related to industrial systems (grid diagrams, details on the configurations of process network systems, communication flows, etc.)
Cyber Risk Analysis, conducted through methodology developed ad hoc for the industrial context, interviews with stakeholders and site visits in order to verify the actual implementation of security controls onsite
the Cyber Security Roadmap which identified the appropriate remedial activities to achieve the established level of protection
Decisions and actions
We developed a tool to help collect and standardise the Technical Inventory information on plant components without compromising the operation of critical systems. We thus solved the activity's complexity due to the wide range of industrial components and the high number of systems and suppliers involved.
The Programme allowed the company to survey the entire industrial area, identify the most critical plants (by evaluating the impacts on business and the exposure level of the vulnerabilities detected) and define a prioritised Roadmap which, once implemented, helped lower the cyber risk level.