SCADA Vulnerability Assessment & Penetration Testing

Learn how Orro helped a local council identify several security risks via vulnerability assessment and penetration testing services to increase the organisation’s security maturity.

SCADA Cyber Security Assessment

Challenge

A QLD Regional Council had upgraded their telecommunications and corporate IT environment and was embarking on a number of Digitisation strategies under their Smart City agenda. It was realised that this would also impact their SCADA infrastructure, specifically water reticulation and treatment.

What was unknown within this environment was any Cyber security vulnerabilities and the risks posed by such security weaknesses if successfully exploited by persons with malicious intent.

Additionally, the Council was interested in carrying out a phishing campaign to identify user awareness and then trend increased awareness over a 12 month period.

Solution

Orro was engaged to perform a vulnerability assessment and penetration test against the nominated water reticulation and treatment infrastructure. Using our defined methodology for assessing Critical Infrastructure, we identified technical vulnerabilities within the SCADA environment and completed a penetration test from there, back into the Corporate network. Potential risks were confirmed and documented, showing sample attack and exploitation steps, along with a prioritised list of recommendations for risk mitigation.

The phishing campaign identified and confirmed the current awareness levels for phishing type attacks against Council staff and provided training material should a user be phished, in order to increase staff awareness around these attack methods.

Furthermore, a Orro Principal Consultant provided advisory services directly to the CIO post the engagement to assist with delivering key information to internal stakeholders and communicate with the Council’s service providers and partners.

Outcome

The vulnerability assessment and penetration testing identified a number of security risks which did not previously have the appropriate controls in place, and provided the Council with recommended steps to mitigate risks to the business. This information also assisted with identifying any effective security controls currently deployed to protect the SCADA infrastructure.

The phishing campaign helped Council staff to recognise potential phishing email attacks and in turn provide the knowledge necessary to protect Council infrastructure from well-orchestrated phishing campaigns.

Overall, it provided the Council with a level of comfort as to what steps needed to take place to increase the level of security maturity within their OT and IT environments to support future Digitisation projects.

Customer name has been withheld due to confidentiality. More information can be provided by contacting Orro directly.

Related Resources

A low angle view of skyscrapers against a cloudy sky.
23 February 2022
Our client is an award winning Australian Financial Services Client with an Australian and International presence with a focus on consumer lending and asset servicing. This client has offices in Australia, New Zealand, Asia and Europe.
A building bearing the logo of the University of the Sunshine Coast.
4 August 2022
The University of Sunshine Coast (UniSC) was experiencing a number of hardware and software issues and outages due to their aging data centre.
Auspost delivery driver on a motorbike.
2 June 2022
Australia Post is one of Australia’s most recognisable and trusted brands, supporting more than 12 million households  across Australia. In 2021, Australia Post completed a milestone network transformation project, which transitioned 4,000 Australia Post sites across the country to high-speed connections and intelligent network management services.