Most energy organizations secure their crucial systems through a defense-in-depth strategy and place their SCADA networks behind the additional protections. These assets usually have their security tested on a regular basis at least once per year. This is excellent for ensuring a secure network, but there are more aspects to the company than just the production, transmission, and/or the distribution of electricity.
Each entity must be able to ensure the confidentiality, availability, and integrity of the business operations networks which can include the customer-facing websites, the HR and payroll systems, and even business facility access. In order for the organization to continue its successful operations, it must be assured that the corporate network servers are secure from unauthorized outside intrusions and malicious code. This requires an assessment of the corporate network from outside the corporate firewalls to see what is reasonably secured and what is likely to be a weak point in the secure environment.Read More
Organizations seek to get a clear understanding of the security of their corporate networks by utilizing penetration testing. However, it should only be completed by teams that are familiar with the intricacies of SCADA networks and with the specific dangers to the Bulk Electric System during an attempted intrusion.
CRSI’s teams have designed these penetration tests to be scalable to the needs of the client and are available in white-box, gray-box, and black-box approaches. These tests are always performed in a minimally invasive manner which prevents the impediment of the normal functions of systems being tested. CRSI also ensures that only the necessary methods are used to gain access without the delivery of payloads, which may impact the normal operations of systems. CRSI personnel provide a detailed report which highlights explanations of discovered weaknesses with captured screenshots, recommended remediation, and an action item list. CRSI provides this service to ensure a strong defense against remote attackers.
CRSI strategically partnered with more than 250 electric utilities in the last five (5) years for their NERC CIP Compliance Solutions. To find out more about how to create your Security Compliance Roadmap, call us today to schedule a free, no obligation consultation.