Assessment quickly identifies suspected IT security issues, prepares PUD to address vulnerabilities
Snapshot
With the increasing number of news stories about US utilities being hacked, the CTOs of these organizations are prioritizing the strength of their IT security posture in an effort to thwart a cyber-attack. It’s commonplace for incoming CTOs to commission an external agency to assess the security posture of the organization they inherit. This external perspective provides a baseline for the CTO to address security vulnerabilities and prioritize IT projects.
When a new CTO joined a rural utility in eastern Washington, one of the executive’s first priorities was to gain a realistic understanding of threats to the organization’s mission – to provide uninterrupted power and fiber connectivity to the county. Electricity and connectivity are essential for the daily existence of this community, making speed and accuracy of the assessment crucial. For a partner with the expertise to quickly deliver a comprehensive IT security assessment, the client chose Kalles Group.
Challenge
It was imperative that leadership immediately understand the status of the IT infrastructure. The new CTO needed an assessment of the state of the IT organization that clearly defined and communicated IT weaknesses and vulnerabilities so that remedies could be prioritized.
Kalles Group would employ investigation, technical expertise, and process discipline in order to navigate the organization. This would enable the team to get the in-depth, candid details essential to formulate a credible security risk assessment and a clear picture of the organization’s IT security posture.
Approach
Needing answers quickly, the CTO gave the Kalles Group team six weeks to perform the security risk assessment. This meant Kalles Group had to come up to speed quickly to understand the fundamentals of this electric utility, and gain a keen understanding of how the IT systems worked to support the organization’s mission. This challenge would require sophistication to ask the right questions in order to address the organization’s vulnerabilities within a compressed timeframe.
Results
The Kalles Group team dove deep to understand the IT systems, organizational dynamics, and cultural specifics. Our team spoke to dozens of employees and reviewed over 70 systems critical to the mission, from power generation and distribution to billing and metering. To encourage participation, our team demonstrated IT expertise, sensitivity to the organization’s culture, and adoption of the company’s vocabulary and metrics in order to align with current risk efforts, effectively communicate with employees during the interview phase, and clearly communicate the assessment results. Skillful questioning and demonstrated understanding of IT and telecommunications systems helped gain trust from the employees, winning their cooperation to expedite the assessment.