The Steadfast Group Services & Solutions Image of power tower
Link to Sitemap
Link to Home
Link to About Us
Services & Solutions
Link to Training
Link to Glossary/FAQs
Link to Contact Us

Types of Engagements

In the interest of client security and, as a condition of our Code of Ethics, The Steadfast Group will never divulge the names of our clients. In addition, we will not share specific natures of security vulnerabilities we identify to anyone outside the client's organization unless the client specifically authorizes us to do so. Such authorization must be in writing and signed by an officer of the client organization. In accordance with this policy, The Steadfast Group cannot provide a specific list of current or previous clients. We can, however, characterize the general nature of the work we accomplish, our clients and engagements:

A Mid-South municipal electric utility was concerned about its security vulnerabilities, particularly the protection of critical assets, the safety of its employees, and the community in general. They asked The Steadfast Group to conduct a security vulnerability assessment. We identified three areas that required immediate attention:

  • cybersecurity in their SCADA system
  • physical security in the utility's headquarters, control center, and largest substations
  • employees' attitudes about security

Working with utility executives, The Steadfast Group established and led an internal cross-functional team to address these issues. The Steadfast Group provided penetration testing for the SCADA communication system, identified intrusion targets, and worked with the utility's SCADA vendor to lock down the system. We guided the internal team in developing physical security procedures for the headquarters building and control center. We developed and conducted a Red Team exercise to identify specific substation vulnerabilities. We conducted four employee awareness training sessions, one each for executives, engineers, administrative staff, and technical staff, plus a team building exercise involving selected members of all four disciplines.

In the words of the utility's General Manager, "I really appreciate the work that The Steadfast Group did for us. This morning as I parked my car I noticed a utility security van patrolling the headquarters parking lot. I walked in the front door and was confronted with a video camera and a sign telling me I was being observed on video. I walked into the lobby and asked the receptionist to buzz open the door. She told me to swipe my ID card in order to gain access. I walked to the elevators and pushed the 'up' button. A sign lit up telling me to swipe my ID card to use the elevators." He had more to say after he visited the control center and one substation.

A Pacific Northwest Public Utility District had heard about computer network vulnerabilities and wanted to make sure their internal network was being protected, so they brought in The Steadfast Group.

A quick vulnerability assessment uncovered a number of issues. Although they had a firewall, multiple undetected intrusions had occurred. They had an obsolete password policy that wasn't being enforced. They updated their virus detection software once every two or three months.

After a brief study, The Steadfast Group recommended they switch to a managed network firewall service offering intrusion detection and one of the latest versions of intrusion prevention. We conducted employee security awareness seminars.

Consulting

Employee
Seminars

Compliance

Types of
Engagements

Home | About Us | Training | Glossary/FAQs | Contact Us

Copyright © 2002-2010 The Steadfast Group. All rights reserved.