Just recently Producers/Correspondents, Paul Szoldra and Chris Snyder, from Business Insider were embedded with RedTeam Security as they conducted a red team engagement on a major power company. The power company was kind of enough to grant unprecedented permission to Business Insider to film RedTeam Security as they made their way through the red team engagement.
Business Insider is the largest business news site on the web and this video is a multi-part story they’re running on cyber security in Industrial Control Systems and Critical Infrastructure (power generation) in the U.S.
Red teaming is a multi-blended, adversarial based attack simulating attacks against people (social engineering), software (pen testing), hardware (pen testing) and physical security controls within facilities/buildings (physical intrusion testing).
Red teaming involves several facets of social engineering (email phishing/spear phishing, physical/onsite, telephone/SMS, fax), physical penetration testing, application penetration testing and network penetration testing, simultaneously. It’s aimed at revealing real-world opportunities for malicious insiders or bad actors to be able to compromise all aspects of an organization in such a way that allows for unauthorized virtual and/or physical access to sensitive information leading up to data breaches and full system/network compromise.
Over a four-day period, RedTeam Security carried out a number of attack simulations against the target organization’s people, network infrastructure, and physical locations. The target’s facilities included power generation substations, supplier outposts, dispatch stations, and offices throughout about a 100-mile radius. RedTeam Security attack methods included various facets of social engineering, physical penetration testing, application penetration testing, and network penetration testing.
We are happy to report that not all of our tactics were successful. Our target’s defenses were stronger in areas that we did not anticipate and they should be commended for that. We also want to commend their willingness to open their doors to the world in an effort to promote security awareness throughout their industry and others. We are even happier to report since the taping of this production, they’ve made great strides in the improvement of their security posture. A most sincere thanks goes to them for being so dedicated toward security awareness. Thank you.
Business Insider is a fast-growing business site with deep financial, media, tech, and other industry verticals. Launched in 2007 by former top-ranked Wall Street analyst Henry Blodget and DoubleClick executives Dwight Merriman and Kevin Ryan, the site is now the largest business news site on the web.