The U.S. Department of Homeland Security (DHS) considers all utilities - from those serving millions of urban customers to small, rural utilities serving a few thousand or less - part of what it calls "critical infrastructure."
Putting a solid defense-in-depth cybersecurity model in place and then keeping it up to date can be quite a challenge. That's especially true for smaller utilities, which often have limited IT staffs whose members are typically IT generalists with security as just one of their varied duties. Such was the case of a small, rural utility, which provides its customers with both electricity and communications services, including internet, voice, television and home security.
To supplement the IT staff's limited cybersecurity expertise and gain an independent view of the situation, the chief technology officer of the utility had engaged a number of security consultants in recent years to assess the utility's security posture. Each reported that the utility's defenses were good and found no major flaws.
While most recipients would have peace of mind after such findings, the CTO was skeptical. Despite the successive all-clear reports from consultants, he suspected that their own expertise might be limited and that they had not gone deep enough to find hidden or low-level gaps in the company's defense layers.
Read the case study to learn more.