Cybersecurity Assessment for Water Utility

Project Description

A Water Utility needed a cybersecurity assessment for its District’s IT and SCADA environment. The SDI team was tasked with identifying common vulnerabilities and exposures (CVE) within the network that needed to be remediated to ensure a secure environment, including the SCADA environment. The SDI team conducted an overall best-practices review and provided recommendations and aided in creating an overarching SCADA security policy.

Client Objectives

The U.S. Department of Homeland Security (DHS) includes utilities as part of critical infrastructure protection (CIP).  The District leadership wanted an outside perspective to see if the District has properly secured the business.

Services Delivered

SDI services included the following:

• IT network vulnerability assessment and penetration testing
• SCADA vulnerability assessment and penetration testing
• IT network information security program (InfoSec) assessment
• SCADA information security program (InfoSec) assessment
• Findings and recommendations report

Our approach is based on guidelines from the Information Systems Audit and Control Association (ISACA), International Council of E-Commerce Consultants (EC Council), and NIST.

Project Results

The SDI team discovered several unknown issues on both the IT and SCADA networks.  These issues were documented in the report and discussed in the report briefing.