A Case Study of the Penetration Testing for National Grid
Headquartered in London, National Grid is an international energy delivery business with principal activities in the regulated electricity and natural gas industries. National Grid lies at the heart of a transforming energy system, spanning the UK and the US. They are one of the ten largest investor-owned utilities in the world. National Grid is responsible for the supply of gas and electricity, safely, reliably and efficiently to millions of customers and communities. They drive change through engineering innovation and by incubating new ideas with the power to revolutionise their industry.
How Our Development Service Helps
RSK Business Solutions built the Competency Manager for National Grid Property Holdings (NGPH). Competency Manager is a self-certification system which allows contractors’ and consultants’ employees to demonstrate their competence for their role they are undertaking on remediation sites (NGPH, NGG and/or NGET). In addition, it provides functionality for allowing periodic auditing (verification) of the declarations to ensure compliance.
OSSTMM, OWASP, Offensive Security, SANS. Web Inspect, Burp Suite, Immunity Debugger, Metasploit, Nmap, Nikto, OpenVAS, slowhttptest, sqlmap, XSpider, w3af, Wfuzz, ZAProxy and many more.
Aiming to enhance their cyber security services against cyber-attacks, National Grid needed to identify all security weaknesses of their utilised web applications and mitigate the risk of misusing the network services. National Grid required a penetration testing company.
As a security consultant, RSK Business Solutions provided the experience and resources for a cyber security solution to:
- Perform the evaluation of security risks for the business-critical web applications and network services.
- Provide detailed recommendations on the improvement of information systems’ security level.
The Pentest as a Service approach provided by RSK Business Solutions was based on the OWASP security testing guidelines.
RSK Business Solution provide penetration testing as a service & presented a holistic solution to National Grid which included:
- Analysis of the information from public resources
- Vulnerability Assessment: discovering all vulnerabilities in the target web and application servers with the use of known automated tools.
- Black Box and White Box penetration testing;
- Controlled hacking of the target systems by experts certified in information security, with the aim to confirm the identified vulnerabilities and discover the undetected ones.
- Secured an additional layer of security on Authentication mechanism using MFA.
Penetration testing services, test plans and approaches used;
- Black Box and White Box penetration testing reports.
- A detailed summary report outlining the list of vulnerabilities and configuration weaknesses, which could be exploited within available network access points.
- Recommendations on countermeasures
- Complete holistic risk assessments and an outline of potential future plans to integrate with emerging technologies.
DEG Signal have contracted RSK Business Solutions Ltd on many occasions in order to provide Operational Risk Assessments for our GRIP 3 and 4 signalling design projects. RSK Business Solutions risk team have proved to be experts in their field and make themselves available to give advice whenever it is requested of them. When working with RSK Business Solutions Ltd we can rest assured that the operational risk elements of our projects are covered so that we can concentrate on our core design and project management functions and deliver our projects to the satisfaction of our clients. We would look forward to continuing our collaboration with RSK Business Solutions Ltd on future projects.
Mott MacDonald has contracted RSK Business Solutions Ltd for over 10 years to support us with operational risk assessment on many of our signalling projects. Their team of risk assessors have proved to be competent, approachable and have always worked with us to achieve some challenging deadlines.
Babcock International (then First Engineering Ltd) first worked with RSK Business Solutions Ltd in 2004 on the West Coast Modernisation Project Line Speed Enhancements. Since then they have provided operational risk assessment support on many infrastructure and signalling projects of varying sizes. The RSK Business Solutions Ltd team have always been attentive to our requirements and professional in their manner. They continue to be flexible and committed to meet the deadlines of our projects and as the technical experts we know that RSK Business Solutions Ltd can be relied upon to provide the right advice at the right time. I look forward to working with the team on future projects.
The Sustainability and Environmental Risk Management System (SERMS) written by RSK Business Solutions Ltd was adopted and deployed by MACE and is now used on all UK construction projects. The system advises and guides our project managers through the complex legal compliance issues that come with large construction projects taken on by MACE. Recently, the system has been adapted for the global market and has been well received. RSK Business Solutions Ltd adopt a consultative approach which is backed by a fundamental understanding of construction and environmental domains which set them apart from other software suppliers