Preparing a National Power Distributer for a major cyber incident

The problem

A National Power Distributor was concerned about the threat of cyber security attacks, including ransomware and the loss of critical systems resulting in a power outage.  The responsibility for the operation of the critical systems laid with various service providers, each responsible for (i) the Supervisory Control and Data Acquisition (SCADA) supervisor systems (ii) the Operational Technology (OT) network (iii) the enterprise IT network.

Solution and Implementation

A comprehensive incident response scenario-based exercise was led by a member of the Energy Security Practice Team.  Due to the various service providers involved, separate scenario exercises were initially undertaken with each of the teams, followed by an organisation-wide exercise which incorporated all three components.

During the final scenario, the team revealed that all the previous scenarios were interconnected and were part of a larger targeted hacking campaign, mimicking the attacks we see across the energy sector on a regular basis.

Results

As a result of the successful and well-received exercises, several critical vulnerabilities were identified. Had these vulnerabilities not surfaced, real-world risks of physical penetration by threat actors would have remained unchallenged.

Furthermore, incident response and contingent plans were significantly improved, gaps in processes identified and remediated, and communication between the service providers strengthened.