The Problem:
A North American utility provider engaged our team to help assess the security vulnerabilities and potential threats on a newly implemented Advanced Distribution Management System (ADMS).

Methodology:
Our team worked closely with the client to outline the project's scope, including identifying key goals and expected outcomes. Insane Cyber provided a recommended scope that met and exceeded the NERC CIP-010-5 vulnerability requirements that their program required. Our additional scope recommendation was to include adversary emulation to protect this critical system, and help the client prepare and protect their networks.

Once all parties agreed to this custom scope of work and rules of engagement, the project was started. To start, the Insane Cyber team reviewed the information provided about the ADMS systems to gain a base understanding of this deployment. The project team, customer Subject Matter Experts (SMEs), control engineers, operators, and leadership conducted a series of workshops to dive deep into the architecture and technical aspects of the ADMS solution. Additional working sessions were conducted with SMEs to collect technical information and confirm expected findings.

The project team provided a preliminary set of findings to the customer for review before the draft report. A finalized report included customer feedback and was provided with a detailed brief. Throughout our engagements, we work closely with the client to ensure that the project outcomes provide value to security, compliance, and operations.

Client Wins:
The first step of this Engagement was to identify the devices on both the ADMS and corporate networks. Once identified, Insane Cyber was able to analyze the data exchanged between networks, identifying how the systems and networks were communicating. By understanding the applications, their use cases, interactions, and criticality, our team was able to provide visibility into areas of their network that were previously unmapped.

We assessed the data using MITRE ATT&CK techniques, and found a variety of methods that could be used by an adversary and make the ADMS vulnerable to attack.

Based on the full scope, our team was able to outline key findings, and provide actionable steps for the client to protect the ADMS system.

The Insane Cyber difference:
Our team helped this client win by:

• Expanding the initial scope to incorporate adversary emulation.

• Focusing on the possible operational impact of vulnerabilities

• Leveraging our experience with ADMS environments to help the customer better understand the challenges inherent to their deployment.

• Working collaboratively with multiple teams, including compliance, security, infrastructure, operations, and engineering.

• Providing targeted, actionable recommendations for each finding