To help ensure the accuracy of their BES Cyber Asset (BCA) inventory, our client performs a three-year asset inventory walkdown. These walkdowns, consisting of logical and physical verification of IT and OT cyber assets, were previously performed by internal resources as part of their other duties. They understand that you cannot protect what you do not know.
Their team developed a procedure to performing inventories in a standardized manner across all sites. They wanted an independent, OT experienced, and focused team to perform the walk downs using the procedure, provide recommendations on how to improve the process, and provide recommendations to reduce or eliminate causes of common issues.
This client selected ITEGRITI because of our reputation, domain level expertise, and value.
The ITEGRITI team completed general client safety and security training, and site-specific safety training plus morning safety, security, and progress briefings at each location. Guided by an escort and equipped with site cyber asset lists organized by physical area, they walked down the sites, completed the inventories, and documented variances. Findings were discussed with site leadership during each morning briefing and results were consolidated and reported off site to reduce burden on site personnel.
This is an active, multi-year project. ITEGRITI has completed logical and physical inventories of ~15,000 cyber assets. Through this effort, we identified over 2,000 new cyber assets and found attribute variances on over 70% of devices. This effort will result in improved maintenance and security of these Critical Infrastructure assets. The final three sites are scheduled, and the project report will include:
- Project results and metrics.
- Identification of common inventory deltas with recommendations to resolve root causes.
- Feedback on recommended process and procedure improvements to deliver consistent and quality results and identify ways to reduce per site and overall walk down costs.
Since 2008, The ITEGRITI team has assisted organizations with IT and OT cybersecurity and compliance projects throughout the United States & Canada supporting Critical Infrastructure across healthcare, oil & gas, and electric sectors, supporting utilities, transmission, municipalities, cooperatives, and generation representing coal, natural gas, and renewables – wind, solar, hydro, and geothermal.