Energetyka
|CS.113
Comprehensive OT Technology Network Security Audit
Multi-phase TAN audit of an energy operator - from IT/OT segmentation testing to physical access attempts and retesting within 90 days.
Client
Critical energy infrastructure operator
Challenge
The Technology Network (TAN) of the energy operator was exposed to multiple attack vectors: unauthorized access from the IT network, VPN connection breaches, physical intrusion, and network segmentation gaps.
Approach
IT-to-TAN transition verification
Attack simulation from a compromised IT domain workstation - reconnaissance, scanning, Active Directory trust relationship testing.
Edge device audit
Examination of up to 5 devices at the IT/TAN boundary, including an in-depth penetration test of one of them.
VPN testing
External scanning of VPN infrastructure and simulation of credential compromise.
Physical access test
Plugging a device into a network port, network mapping, privilege escalation attempts, verification of 802.1X mechanisms and VLAN segmentation.
Reporting and retesting
Vulnerability classification per CVSS v3, prioritized remediation recommendations, and retesting within 90 days.
Results
Complete security map of the Technology Network (TAN)
Prioritized remediation recommendations with CVSS v3 classification
Retesting confirming the effectiveness of implemented fixes
Related case studies
CS.114
Physical Security Audit of a Transmission Operator's OT
Physical security assessment of transmission facilities in the context of hybrid threats - at the intersection of physical security and ICS/SCADA systems.
CS.117
OT Security of Renewable Energy Farms
OT security assessment of distributed wind and photovoltaic farm infrastructure.
CS.120
Polish AMI Device Security Standard and Certification
Development of the Polish AMI device security standard and preparation of manufacturer products for certification.
We'll discuss scope, methodology, and timeline.
Free consultation, no strings attached.