case studies
Energy
HomeCase Studies → Understanding Only Comes When You See the Whole Picture

Understanding Only Comes When You See the Whole Picture

Threat Landscape

Digitization, reliance on third parties, and the rise of smart devices and grids make the energy and power industry vulnerable to cyber attacks. Automation of Industrial Control Systems (ICS) and Supervisory Control & Data Acquisition (SCADA) systems increase the threat landscape, and a cyber breach can come from inside or outside the organization.

Challenge

The company wanted to understand the threats they faced, build a cyber security strategy to avoid regulatory exposure, and protect the company.

Solution

Working with the company’s chief information security officer, we evaluated their cyber security practices by interviewing staff from the C-suite down to employees in the field. This assessment highlighted critical assets and vulnerabilities, provided insight into the company’s behavior and needs related to their data use, and achieved consensus around their overall tolerance for risk.

We then performed structured testing. The network architecture, firewall configurations, log content and configuration, and SCADA network architecture were all assessed, validated and tested. We also conducted penetration tests and a simulated breach of the company’s SCADA network.

Results
  • Penetrated a SCADA system thought to be separate from the enterprise network, and delivered actionable steps to secure the system
  • Identified critical assets and vulnerabilities, and delivered a cyber security program aligned to the company’s risk tolerance
  • Overhauled cyber security governance based on company culture and behavior to mitigate future cyber risk

Looking to safeguard your organization? Learn how our cyber security solutions can help you.



Cyber security services offered by Stroz Friedberg Inc. and its affiliates. Insurance products and services offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida and their licensed affiliates. Aon UK Limited is authorised and regulated by the Financial Conduct Authority in respect of insurance distribution services. FP.AGRC.238.JJ The following products or services are not regulated by the Financial Conduct Authority:
• Cyber risk services provided by Aon UK Limited and its affiliates
• Cyber security services provided by Stroz Friedberg Limited and its affiliates.


Copyright 2021 Aon plc. All Rights Reserved.


Copyright 2021 Aon plc. All Rights Reserved.
Cyber security services offered by Stroz Friedberg Inc. and its affiliates. Insurance products and services offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida and their licensed affiliates. Aon UK Limited is authorised and regulated by the Financial Conduct Authority in respect of insurance distribution services. FP.AGRC.238.JJ The following products or services are not regulated by the Financial Conduct Authority:
• Cyber risk services provided by Aon UK Limited and its affiliates
• Cyber security services provided by Stroz Friedberg Limited and its affiliates.