Learn how Industrial Defender used Automation Systems Manager to help an electrical distributed system operator meet the requirements of the CIS Controls and EU NIS Directive cybersecurity standards.
Customer Profile
An electrical grid system operator in the EU that supplies gas and electricity to millions of homes and businesses over thousands of square miles and tens of thousands of substations.
Goals & Challenges
As a vital portion of the client’s digitization roadmap, the client elected to adopt the CIS Critical Security Controls for their processes and policies and comply with the European Network and Information Security (NIS) Directive. Organizations often use multiple frameworks to guide their cybersecurity strategy and our customer needed a tool that could help manage multiple standards.
Results
- Provided training and documentation to the client, to specifically use Industrial Defender aligned to CIS CSC and the NIS Directive.
- Set-up tailored dashboards, reports and periodic report subscriptions that aligned to specific requirements such as unauthorized device connections, or added to the network, firewall rule changes that alter the visibility of servers protected by the firewall, and software inventory changes.
- Performed validation testing (with sign-off) for certification of evidence that Industrial Defender met their cyber security control requirements.
- Configured Industrial Defender to interface with the Company’s SIEM, to enable OT/IT integration.
- Worked side-by-side with the client’s cybersecurity analysts to providing hands-on teaching to find risks and vulnerabilities from the data collected and processed by Industrial Defender.