The client hired the OEM vendors of their control systems to conduct a cybersecurity and vulnerability assessment of the vendor equipment on their plant locations. Not having the local in-house expertise to oversee and understand the technical aspects of the exercise they required an industry SME to provide the oversight and assurance that the vendors works, activities and reporting was firstly safe, fit for purpose and produced the right information.
Our Role
Work alongside the OEM vendors while on the plant locations to provide an independent view of the due diligence and risk identification processes performed by them. Ask the right questions to prompt the necessary level of investigation into the control systems posture. Ensure the security and vulnerability assessments generated the relevant information to diagnose the health and security gaps. Review the reports produced and comment on appropriateness and the degree of depth and breadth of gaps and recommendations provided.
Results
Identified worst credible scenario that would occur on each plant should there be a malware event and a ransomware event. Score carded the security postures of all facilities using foundational controls as per industry standards
Provided detailed recommendations to close gaps based on vulnerabilities discovered