With the rise of automation in operations poses high-security risks to organizations in the water sector. A large number of cyber-attacks towards water sector companies involved both outsider and insider threats. Outsider threats are external attacks towards internal systems through misconfigurations, unauthorized access, and vulnerabilities on devices that are caused by unpatched, outdated or unsupported software, especially towards SCADA systems. While, insider threats happened frequently, not just through negligence such as accidental data breaches, but also ones with malicious intent.
INDUSTRY

Risks

  • Data key in manually in Excel
  • Data & info segregate in email
  • Management has difficulty to access progress
 

Our client who handles water treatment plant facilities in Malaysia and Singapore are aware of the increasing cyber security risks and decided to enlist the help of our industrial cyber security experts to assess their security posture. As the client are experts in the water sector, yet being new to industrial cybersecurity, our team is trusted to assist them in understanding and adhering to security standards, such as the ISO 27001 standard in Malaysia and the CSA Cyber Security Code of Practice (CCoP) in Singapore.

A comprehensive security assessment on the assets and systems are implement to ensure an appropriate, security-by-design management system with optimum maintenance and protection implemented as per ICS security standards to enhance current ICS protection.

The operational technology and processes are also assessed for OT security according to the latest standards, and improvements were suggested where needed.

Lastly, a customized security programme with approach and training were formed specifically for the client to ensure the correct approach for continuous protection, inclusive of prevention and mitigation from all possible incidents, and also ensuring the effectiveness of the cyber security controls that are put in place.

These result in the clients passing their security audits successfully, proving they are capable of adhering to the industrial security standards, making them more secure in return and ensuring their credibility to their consumers.

They were able to identify ICS security risks and vulnerable OT devices, remediate the situation at once and test the effectiveness of the security standards implementation. The security engineers were also trained and now are able to respond to ICS threats and incidents immediately. Their success in hardening their security posture proved both their awareness of the need for security in their operations.