The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation. 


Is penetration testing the best way of monitoring and checking how safe and secure your system is?

Monicah Karanja's picture
Control Engineer Kenya Electricity Generating Company

I have over 13 years experience in operation and maintenance of power plants. I have been involved in various projects ranging from SCADA & DCS systems, installation and maintenance of power...

  • Member since 2013
  • 3 items added with 1,189 views
  • Aug 18, 2020

Producer's Note: This question was posed during the recent Energy Central PowerSession: 'Cybersecurity on the U.S. Power Grid: Software Supply Chain Risks and Mitigations for NERC CIP-010-3,' with keynote speaker Richard Brooks. The PowerSession was so lively and packed with great information that Richard was not able to address all questions live, so we thought we would bring the question to the community so he could answer in writing, as well as provide an opportunity for the community to keep the conversation going with followup questions, comments, and discussion by anyone who was or wasn't able to attend the PowerSession live. 

In case you missed the live event, a recording of the PowerSession can be accessed here.

More Q&A responses from Richard that came after the PowerSession ended can be found here

Richard will also be holding a live Q&A discussion on the topic on Thursday August 27 at 4 PM Eastern. This informal chat will let you share any other questions you may have or topics you want to discuss. Join at any point during the hour when you're free and hop off when you need. More information and calendar reminder sign-up can be found here. 

Your access to Member Features is limited.

​Penetration testing should be used just for testing and validation of the security system – but it is not a monitoring service and should not be performed continuously. Together with auditing, penetration testing can help validate that your systems work, but it doesn’t ensure continual security. You must monitor your security using intrusion prevention and detections systems, while also protecting resources using firewalls and encryption data in transit as well as in rest.
Enterprise security systems can include multiple products and vendors, which makes monitoring these systems challenging. At FuseForward we’ve combined the technology into one product, FuseSecure, that we operate and monitor for our customers.

Penetrations testing is indeed a useful tool to evaluate and monitor your ecosystem for potential vulnerabilities that could lead to incursions, if not patched.

Tap Into The Experience of the Network

One of the great things about our industry is our willingness to share knowledge and experience.

The Energy Central Q&A platform allows you to easily tap into the experience of thousands of your colleagues in utilities.

When you need advice, have a tough problem or just need other viewpoints, post a question. Your question will go out to our network of industry professionals and experts. If it is sensitive, you can post anonymously.