Consultative, Advisory, Investigative and Planning provided:
Expert testimony and advice | Compliance with regulatory requirements | Network analysis | Risk assessments | Risk management planning | Development of Concepts of Operation | Reporting and recommendations.
Context
An onsite accident resulting in injury and near death to a miner, led to Vernetzen being engaged to investigate the incident.
The case study in question involved a large mining operation using remote operation of onsite equipment. The incident occurred when a maintenance crew member was tasked with clearing a chute. A conveyor belt feeding rock to this chute was activated and the crew member, though severely injured, was pulled to safety by an alert colleague.
Scope
Vernetzen was engaged to analyse the incident from both operational and network standpoints, leveraging its unique OT networking, engineering and process control disciplines. The customer was keen to eliminate the possibility that the incident was caused by a malicious third-party gaining access to the organisation’s network attached equipment.
Outcomes
Vernetzen’s findings highlighted key areas which did not comply with NIST standards ultimately leading to a high-risk scenario.
Vernetzen was able to conclusively identify the sequence of events that led to the near-fatality and to confirm that the source was entirely from within the organisation.
Given Vernetzen’s multi-disciplinary approach, we were also able to make practical recommendations (based on NIST standards) to improve safety and minimise risk from remote access, be it from an external malicious source or an internal point of origin.
Conclusions
Traditional Cybersecurity assessments can identify vulnerabilities. Vernetzen’s unique multi-disciplined approach, means that our team members can make practical recommendations to identify vulnerabilities, but more importantly, to make recommendations on process and network design to ensure the safety of those involved and the continuous operation of the infrastructure.
The stakes in OT environments are much higher, as the risk of serious injury or death is present in industrial environments and as such industry standard frameworks such as NIST must be followed to prevent disaster.