Case Studies

Working by priority to lower the level of cyber risk

Background

We launched a programme to evaluate the safety level of thermoelectric power plants and define interventions to achieve an adequate level of protection, to support our client's Cyber Security team in the field of electricity generation and distribution

The programme concerned around 80 thermoelectric power plants worldwide (over ten countries) with a time frame of 2 years.

The main phases of the initiative were:

  • the Technical Inventory, through site visits, to collect all information relevant to cyber security and related to industrial systems (grid diagrams, details on the configurations of process network systems, communication flows, etc.)

  • Cyber Risk Analysis, conducted through methodology developed ad hoc for the industrial context, interviews with stakeholders and site visits in order to verify the actual implementation of security controls onsite

  • the Cyber Security Roadmap which identified the appropriate remedial activities to achieve the established level of protection

Decisions and actions

We developed a tool to help collect and standardise the Technical Inventory information on plant components without compromising the operation of critical systems. We thus solved the activity's complexity due to the wide range of industrial components and the high number of systems and suppliers involved.

Results

The Programme allowed the company to survey the entire industrial area, identify the most critical plants (by evaluating the impacts on business and the exposure level of the vulnerabilities detected) and define a prioritised Roadmap which, once implemented, helped lower the cyber risk level.

Get in touch

Are you ready to make sense and make things?