Below are some examples of engagements Secolve & the team has been involved in.
For a major energy transmission company, members of our team were engaged to perform a comprehensive security review with focus on their SCADA environment. Over several engagements they improved the security posture by identifying risks and vulnerabilities in the environment through a mix of offensive and defensive security assessments.
A Secolve team member led an OT asset discovery project for a global manufacturing firm across APAC. The project involved conducting physical and logical assessments across multiple sites and factories. Additionally, subject matter expertise was provided to analyse and provide recommendations for future remediation activities.
An energy distribution company contracted a team member to conduct a holistic assessment of their IT and OT security. The engagement comprised all network segments and locations, from corporate offices to substations. At the start of the engagement, we facilitated a project kick-off workshop. The workshop included stakeholders and relevant team members to finalise the scope, review documentation and align expectations.
Along with missing technical controls, major issues with Identity and Access Management for third-party suppliers and contractors were identified, compromising the SCADA network.
Oil and Gas
A multinational oil and gas company engaged a team member to test the resilience of their service stations to physical, social and cyber-attacks. A tailored approach to suit the criticality of the environment that simulated a real-world Advanced Persistent Threat (APT) actor was designed. The outcome of such an attack could lead into catastrophic financial and human life losses. A chain of risks and vulnerabilities was identified and exploited to compromise internal operational and payment networks, without detection.
Secolve was engaged to assess the security of an OT network of a major port. The first part of the project was to visit the site and perform a cyber risk assessment of the site as well as an asset discovery exercise, and the second part included visiting the client’s Head Office and performing an IT/OT segmentation testing to assess whether a user on the IT network can gain access to the OT network.
Shipping & Transportation
A fully automated shipping terminal employed a team member to assist with the wireless security and performance. Over the course of several years, we uplifted the overall security posture and resilience of the environment. Given the fully automated nature of the terminal, specific precautions had to be taken to ensure no disruption to normal day to day operation.
Food & Grocery
Secolve was hired to assess the overall security posture of one of Australia’s leading food manufacturing companies. The testing had two components – assessing the security of the internal corporate network and the segmentation between IT/OT and visiting a Green Field asset and performing a security review of the OT network controls. The project was a success as we assisted the client in identifying gaps in the new segmentation they have implemented between IT/OT and identifying misconfiguration issues with a recent network monitoring solution that has been implemented.
A mining company hired Secolve for our Security Awareness Training for OT engineers. This was delivered over two half days. These are interactive and useful sessions to engage the OT team on cyber security risks associated with OT environments.