Save LAN carried out a cybersecurity audit for Kokemäen Sähkö

The audit covered both the organisation's office network and the OT (Operational Technology) environment.

Kokemäen Sähkö is responsible for electricity distribution in its own area of operation and ensures that electricity flows reliably to households, companies and the central functions of society. The operating environment of electricity distribution companies has become increasingly digitalised, which emphasises the importance of cybersecurity as part of the reliable distribution of electricity.

The systems and networks operating in the background of electricity distribution consist of both an office network and an OT network related to production and automation systems. The secure and trouble-free operation of these environments are a key part of the reliable operation of an electricity network.

Challenges and objectives

The objective of the audit was to form a clear overall picture of the current state of Kokemäen Sähkö's information security and to identify key risks and development areas.

Particular attention was paid to how the office network and the OT network are separated from each other, and how their protection corresponds to the current threat landscape. At the same time, the objective was to ensure that the network architecture, access control, and security solutions support secure and uninterrupted operations.

In addition, the audit aimed to review the network and information security solutions implemented by external suppliers and ensure that their implementations comply with the organisation's security requirements.

Save LAN solution

Save LAN carried out a cybersecurity audit for Kokemäen Sähkö, which examined both the office network and the OT environment as a whole. The audit created a clear picture of the current state of the network security and identified the key risks and areas for development.

The audit included a review of the network architecture, access control, remote connections, endpoint protection, and monitoring. In addition, network and information security solutions implemented by external suppliers were assessed, as well as their compliance with the organisation's security requirements.

Based on the results, Kokemäen Sähkö received concrete recommendations for developing their information security and a clear view of how the security of IT and OT environments can be strengthened in a controlled and long-term manner.

Project implementation

The audit examined both the office network and the OT environment separately.

Regarding the office network, the following were assessed: network segmentation, firewall rules, endpoint protection, update and backup practices, and user management processes. The review also took into account the use of cloud services and the security of various terminal devices.

Regarding the OT environment, the audit focused particularly on the separation of IT and OT networks, remote connection management, device hardening, and access rights and monitoring. In OT environments, process continuity and operational reliability are key, which is why information security solutions must support the reliable operation of the systems.

As part of the audit, network and information security solutions implemented by external suppliers, as well as their documentation, were also assessed.

“The best thing about the report was its concreteness and the fact that firewall rules, which are often not examined in more detail, were reviewed. Save LAN also challenged our provider to critically examine the solutions, which was a very good thing in this project.”

EDWARD NIKKILÄ
System Manager

Project results

As a result of the audit, Kokemäen Sähkö received a clear overview of the current state of information security in its IT and OT environments, as well as recommendations for developing its information security.

The mapping helped to identify key risks and prioritise measures that can improve information security in a controlled and systematic manner.

The key benefits of the audit included, among others:

  • a clear picture of the current state of IT and OT network security
  • the identification of key risks and development targets
  • recommendations for network segmentation and access control
  • suggestions for improvements to the management and monitoring of remote connections
  • better visibility into security solutions implemented by external vendors

The results help the organisation to strengthen its network security, improve risk management, and ensure the secure and uninterrupted operation of its systems.

Give Us a Call ->
Lauri Jurvanen Production Network Consultant Save LAN