Developing OT isolation procedures enables utility titan to respond 90% faster to cyberattacks

Our Impact 

A large national utility company that serves millions across the country is acutely aware of the cybersecurity risks facing its industry—particularly in an increasingly digital environment that requires connectivity between information technology (IT) and operational technology (OT) systems.

When the utility wanted to ensure its diverse businesses were prepared to isolate operational systems in the event of a breach or attack on its IT or external systems, it called was to West Monroe. We have performed more than 750 projects for the company over the last decade, touching many cross-functional areas of its organization. Our team brings unparalleled expertise in securing real-time energy networks—with a distinctive approach that addresses governance and decision-making as well as technology.

Together, we built rigorous isolation procedures, trained 300+ employees on the process, executed live isolation exercises, and defined isolation governance to empower its execution. The utility is now prepared to execute with confidence and speed in the event of a cyberattack.

The Full Story 

The Challenge 

Like most utilities, our client is accelerating its journey toward a digital operating model—and the many business, consumer, and societal advantages that it brings. Optimal digital operations depend on the interconnectivity of IT and OT. While optimizing digital operations, IT/OT interconnectivity also opens utilities to a wider threat landscape. Our client wanted to make sure it was well prepared by establishing isolated operational capabilities necessary to maintain critical operations (e.g., power availability) in the event of a cybersecurity breach. That’s where West Monroe came in.

An Undeniably Different Approach  

This type of challenge doesn’t just require cybersecurity expertise. It demands deep understanding of utility operations, including industry-specific architecture, systems, business process impacts, and organizational change management to sustain process changes of disconnecting systems. We have years of experience designing real-time infrastructure, building telecommunications networks, and developing high-profile security-related plans and procedures for our utility partners—so we were able to quickly field a team with the right experience for this request.

We first diagrammed network architecture and data flow to understand connections with real-time and enterprise networks. We then identified potential isolation points and assessed their impact.

But we didn’t stop at technology. We know that governance—including who makes the decision about how and when to isolate systems—is just as critical to minimizing business impact, so we deliberately engage IT and business utility personnel in both defining business impacts, developing isolation procedures, and then testing them. That’s what really differentiates our approach from others.

Our team worked with the client to develop the exact procedures for disconnecting and reconnecting systems in two specific scenarios: including physical disconnect through manual intervention, and virtual with push-button capability (for example, a manual scenario may involve pulling 18 different cables). In a push-button scenario, a control room operator would use an app to execute isolation—requiring specific checks and balances.

We reviewed all procedures with each operating team to make sure they understood and were comfortable with them. We then conducted walk-throughs before running live controlled exercises during off-hours, which isolated the IT and OT systems to test disconnecting and reconnecting, view the impacts, and train more than 200 employees for real-life scenarios.

Finally, we produced summaries to document all the live exercise metrics, the unexpected impacts, and any gaps in procedures.

Real Results 

Our client now has proper technical isolation capability and procedures, including push-button automation and well-defined governance and decision rights. Through planning and live exercises, we helped the utility improve its ability to isolate critical business operations from corporate network assets in a timely manner; our client can now respond 90% faster in a scenario requiring a push button response, for example.

Faster isolation means a cyberattack has less chance to infiltrate and negatively impact operational systems—and that reduces the potential for downtime and associated revenue loss. It also minimizes the potential costs of a breach, including both tangible costs related to corrupted hardware, software, and avoided regulatory fines and intangible costs such as reputation damage.