Client
True to the company motto "With us. Here we are at home, here we are there for the people", Stadtwerke Emden supplies around 51,000 people with electricity, natural gas, district heating, and water every day - and has been doing so since 1861. Today, the local basic utility is also involved in the city's public transport system, the baths, and the airport. Stadtwerke Emden is a traditional company that is actively shaping the future in its region: By 2030, the goal is to supply all private households exclusively with electricity from renewable energies.
Challenge
As a basic utility, Stadtwerke Emden belongs to the so-called critical infrastructure (CRITIS) and is therefore considered a particularly vulnerable target for cyber attacks. If criminals succeeded in compromising the IT systems of the energy supplier, in the worst-case scenario the vital supply of citizens would no longer be guaranteed. To avoid disruptions and outages, and also to meet the statutory security requirements for energy suppliers, Stadtwerke Emden decided to subject its IT infrastructure to a security check.
Solution
In a detailed security audit, Allgeier secion's IT security experts examined the entire IT infrastructure of the basic utility. They used the thinking and approaches of real cybercriminals to detect technical vulnerabilities in the network. As part of a combined black- and white-box audit, all services, and systems accessible via the Internet were examined. The focus was primarily on internal network and server systems, web applications, and communication procedures, as these are often the target of attackers. In addition, an automated port and vulnerability scan was performed to determine accessible services and applications, versions used, and their up-to-dateness, and to identify potential vulnerabilities in these areas as well.
Result
The comprehensive IT security audit by Allgeier secion provided the project managers at Stadtwerke Emden with a detailed expert analysis of their IT infrastructure and potential security risks. The findings of the audit and concrete recommendations for action derived from them were presented to the company after the project was completed and summarized in a detailed report. This enabled the management and IT managers to implement the optimizations quickly and efficiently. In order to sustainably stabilize the IT security level that has now been achieved, Stadtwerke Emden plans to conduct regular IT security audits with Allgeier secion's security experts in the future.
"We were involved in the processes throughout the project and were able to exchange information with Allgeier secion's IT security experts about the next steps and further focal points of the review. At the end of the 9-day security audit, we received a personal presentation of the results and detailed written reports with recommendations for action prioritized according to the urgency of the management and our IT administrators. This allowed us to implement the points discussed quickly and optimize our systems in terms of security sustainably. It is clear that we are continuously putting our systems to the test and will therefore certainly continue to rely on Allgeier secion's comprehensive expertise in the future."