Public-utilities

Case Study: Cybersecurity Challenges in Midwest Public Utility

Background

A Midwest Public Utility (MPU) found itself at a critical juncture in its cybersecurity journey. As a public utility provider, MPU was responsible for safeguarding essential services and sensitive data. While their network was relatively clean, they faced significant challenges that required expert intervention.

The Challenge

MPU's primary cybersecurity vulnerability stemmed from an on-premises Exchange server. On-prem Exchange servers are extremely vulnerable due to their exposure to direct internet access and the challenge of maintaining up-to-date security patches. In contrast, cloud-based email solutions like Office 365 benefit from robust infrastructure security and continuous updates, significantly reducing the risk of unauthorized access to mail servers.

The severity of the situation became apparent during the 2019-2020 period when a major vulnerability was discovered, prompting unprecedented action from federal authorities.

The Unauthorized Access Incident

In a startling turn of events, external entities began remotely accessing and updating vulnerable Exchange servers without the explicit permission of organizations like MPU. A cybersecurity expert recounted, "We found unexpected activity from unknown IP addresses. We discovered them probing the Exchange Server and applying patches." This unauthorized access, while potentially intended to address critical vulnerabilities, raised serious concerns about privacy and security."

Our Approach

Recognizing the complexity of MPU's situation, our team developed a tailored solution that addressed both immediate threats and long-term security needs:

Enhanced Monitoring: The team implemented a robust monitoring system using an NXlog package. "We deployed an NXlog package that would specifically pick up the mail flat files on the Exchange Server, so the NXlog agent was able to see all the Windows activity from the application system and Windows Event Viewer logs, but also be able to pull all the activity and mail flow rules and everything like that directly from the Exchange Server."


On-Site Deployment: The team frequently visited MPU's facilities to deploy network monitors, ensuring a hands-on approach to security implementation. This included deploying additional monitors to different locations around the city, such as the public library.


Comprehensive Security Review: Beyond addressing the Exchange server vulnerability, the team conducted thorough assessments of MPU's overall security practices, including firewall policies and VLAN (Virtual Local Area Network) rules.


Continuous Improvement: The team established a system of regular check-ins and updates to ensure that security measures evolved with emerging threats.

Key Technologies and Methodologies

The solution leveraged several key technologies:

  • NXlog package for comprehensive server monitoring
  • Network monitors for extended visibility across multiple sites
  • Cylance endpoint protection platform for device security
  • Custom scripts for automated device status checks

Results and Impact

The impact of the cybersecurity overhaul was significant:

  • Improved Security Ratings: MPU's Cylance protection ratings, which initially stood at 'B', saw marked improvement. 
  • Enhanced Visibility: The utility gained unprecedented insight into its network activities across multiple sites, allowing for proactive threat mitigation.
  • Streamlined Processes: Regular check-ins and custom scripts enabled MPU to maintain a consistently high level of security.
  • Increased Confidence: MPU's team reported feeling more secure and better equipped to handle cybersecurity challenges.

Conclusion

This case study demonstrates the power of a tailored, collaborative approach to cybersecurity in the public utilities sector. By addressing immediate vulnerabilities while building a framework for long-term security, the team not only protected MPU from pressing threats but also empowered them to maintain a robust security posture in the face of evolving cyber risks.

This project underscores the importance of proactive cybersecurity measures for public utilities and showcases how the right partnership can transform an organization's security landscape, even in the face of unprecedented challenges like unauthorized federal interventions.

Jason Miller

Jason Miller, Founder and CEO of BitLyft Cybersecurity, has dedicated his 20-year IT career, including co-founding SaaS pioneer Reviora, to removing cybersecurity barriers for mid-sized enterprises. Establishing BitLyft in 2016, Jason set out to unburden security teams with innovative, approachable, and affordable solutions, a vision which has made BitLyft a respected managed detection and response provider. Outside his cybersecurity pursuits, Jason is an avid tree farmer and outdoor enthusiast, planting nearly 300 trees on his ten-acre plot and finding joy in hiking, and hunting. His diverse passions mirror the balanced blend of expertise, dedication, and joy he brings to BitLyft.

More Reading

SOAR Cybersecurity
SOAR Cybersecurity Approach for Higher Ed
Information security in a college or university presents multiple challenges. There is a large turnover in the user population every year. Students are highly mobile and do a lot of their work...
padlock with a circuit board
What is logging as a service
All IT and cybersecurity teams are going to be very familiar with logs, an essential yet cumbersome part of any troubleshooting and root cause analysis process that can be difficult to manage. From...
unlock padlock in code with words danger and attack
What is an Example of a Security Incident
SOC
We live in a digital world, and more and more aspects of our lives are becoming dependent on cyber technology. Shopping and commerce. Personal connection and correspondence. But as we place more and...