NERC/CIP Compliance Readiness Services

Energy Sector - Threat and Vulnerability Management

 

We understand that unlike "traditional IT" systems, OT systems like ICS/DCS/SCADA operate in environments where the compromise, loss, or degradation of these systems can have significant negative consequences to life, property, production, and public utilities.  Since this is the case, standard vulnerability scanning techniques may not be possible, or must be significantly customized to each individual organization.  In the cases where automated scanning is not at all possible, alternative methods of achieving the same goal can be used, as long as the vulnerability assessment meets the intent and spirit of the requirements.  We work with our clients to ensure that the methodologies for these vulnerability identification activities minimize the negative impacts to these sensitive systems, while still meeting the intent and spirit of compliance requirements.


We specialize in:

Vulnerability Assessments

  • Including Critical Cyber Assets, other protected cyber assets, and Electronic Access Points, consistent with NERC CIP-005 R4 and CIP-007 R8
  • Vulnerability Methodology customized through mutual agreement with our customers that includes, at a minimum, the following:
  • Review of Ports and Services for validation and verification of business or emergency necessity
  • Review of account and access controls for default accounts, passwords, SNMP community strings, other default settings that may have negative security impact
  • Discovery of all access points to the Electronic Security Perimeter(s)
  • Documented results of assessment to include remediation guidance, and any necessary compensating/mitigating control recommendations
  • Other requested vulnerability testing as mutually agreed upon with our customers

Advanced Penetration Testing

  • Including corporate interconnections, dial-up accessible and other remote administration access points, social engineering, etc.....
  • Advanced Persistent Threat simulations
  • Incident Response test exercises to demonstrate cyber security event and incident response

divider
Contact Us to get a quote today!

Most Recent Blog Posts

Sep
30

2011

Anatomy of a Spear Phishing Attack

by slivingston

Most large organizations employ an impressive technological arsenal of perimeter and inter...read more

Jun
02

2011

Google blames China for phishing attack. China Denies Allegations.

by mharrigan

War Games II. This time it's Matthew Broderick against a whole city full of trained Chines...read more

critical assets EVENTS
bullet
Matt Harrigan from Critical Assets and Rob Havelt from Trustwave to Speak at toorcon 2010 on

10-22-2010

bullet
Critical Assets to Present at California Bankers Association

06-16-2011

critical
News Updates
Dec 08, 2011

With Cyber Fast Track, Pentagon Funds Hacker Research

Dec 08, 2011

Critical Assets is Among First to Receive Funding for Security Projects Under DARPA's Cyber Fast Track Program