Private Windfarm requires Cyber Security Due Diligence for Acquisition
Industry: Canadian Energy Sector
Location: Ontario, Canada
Size: 200 employees
Reason: Acquisition partner required a due diligence assessment
Effort: Full time for about 3 weeks, conducting Pen Test, Vulnerability, and PIA.
Ongoing 3 days (roughly 24 hours) / month
The Story:
This private windfarm was the target of a financial acquisition. The acquiring company had requested a full due diligence assessment be done, and we were asked to come in and provide a Cyber Security Assessment. We worked with the firm that managed the windfarm's Operational Technology to plan out the assessment. They assured us that there was no connectivity between the windfarm's corporate offices and the OT environment itself, that it was fully self contained within the physical infrastructures of the turbines. We set our scope, got sign off and began our assessment.
As is typical of most windfarms, this one occupied a fairly rural landscape with no buildings in proximity of any of the towers. The physical assessment of several towers showed us that there was no one monitoring the camera feeds
....
The First 30 days:
Apologies - This client has recinded permission to discuss this case study...
Previous Case Studies in this Series:
Case Study #1 - Cellular Communications Provider in Merger & Acquisition
Case Study #2 - Fintech Service Provider requires Interim CISO
Case Study #3 - Software Startup requires Governance on a Budget
Case Study #4 - Wealth Management Company with Poor MSSP Contract
Case Study #5 -Small Family Law Firm concerned about Privacy Breaches
Case Study #6 - Logistics - Transportation company denied Cyber Insurance