CyberSecurity for critical infrastructures

A leading energy supply company commissioned us to carry out a security audit and harden its IoT-based infrastructure. In view of growing networking in the energy sector - for example through smart metering systems, remote maintenance access and automated network nodes - there was an increased risk of external attacks.

The project focused on separating sensitive operational technology (OT) from IT systems, analyzing potential vulnerabilities and introducing a risk-oriented security concept. Our measures were based on the requirements of the NIS2 directive and aimed to ensure end-to-end monitoring and defense against attacks on operational systems.

Core aspects of the project work:

• OT/IT risk assessment and segmentation strategy
• Penetration tests on networked IoT components
• Introduction of an OT security gateway
• Development of an incident response process for energy infrastructure