At RedTeam, we strive to help clients maintain compliance within their respective industries to better manage risks and achieve security resilience. Yet it’s also of utmost importance that our own team members are certified and up-to-date on best practices to help secure client systems.

Please join us in congratulating RedTeam Lead Security Consultant Kurt Muhl, who recently became a Certified SCADA Security Architect (CSSA).

This certification helps industry professionals understand the types of systems that control everything from power grids to water treatment facilities, which is more timely than ever in light of recent cryptojacking and malware attacks on these organizations. Muhl’s training forced him to look at the attacker’s perspective of these systems as well as learn what can be done if the systems are compromised.

(For an example of how that happens, check out the Houston Chronicle’s account of how RedTeam infiltrated an energy company network!)

Over an intensive training course with instructor-led lab exercises, Muhl also gained experience architecting a network to protect these systems and detecting potential threats before a compromise occurs. Having passed the certification exam, he says he now feels empowered to better test SCADA systems for vulnerabilities and to employ industry best practices to detect, protect, secure, and remediate.

“Kurt’s certified expertise in the SCADA environment brings even greater depth to RedTeam’s understanding of testing methodologies across industries,” said company president and founder Jeremiah Talamantes. “We’re proud of our ability to deliver effective strategic solutions within any business landscape, and this helps us support that promise.”

SCADA Challenges

Muhl, who has worked with Red Team Security for several years, identified two challenges he learned about that are specific to the SCADA environment. The first, he said, was “understanding all of the different components for a SCADA environment, which are much different from other networks: programmable logic controllers (PLC), human machine interfaces (HMI), distributed computer systems (DCS).”

Secondly, learning the protocols involved with communicating with these systems and being able to effectively interact with each system type without impacting the availability of services was also daunting.

“The main concern is that SCADA systems have a lifespan up to 30 years, and so they can be fragile and easy to accidentally take offline,” he said.

Yet, perhaps the biggest surprise was that otherwise the testing methodologies were very similar to what he already does.

He said, “much of the material covered concepts that I work with every day, such as: defense in depth, confidentiality, integrity of data, availability of systems, and proper network segmentation.”

Learn more about RedTeam’s certifications here, or request a customized security proposal from us now!