Client Background
UkrTransGaz provides operation of Ukrainian UGS facilities as well as upgrading and constructing gas pipelines and its objects. And managed the Ukrainian gas transmission network until 2020.
The company owns 12 underground storages, located all over Ukraine. Its active volume is 31 bcm that is proportionate to UGS facilities of Italy, France, Hungary and Austria put together.
Project trigger
UkrTransGaz recognized the paramount importance of securing its core SAP ERP system and associated IT assets. This mission-critical infrastructure underpins the company’s gas storage and transportation operations, necessitating a proactive assessment of its cybersecurity resilience.
Solution
A targeted pentesting initiative was undertaken, zeroing in on the SAP ERP environment and its supporting IT infrastructure. The evaluation spanned network and application layers, scrutinizing organizational security aspects like processes and controls.
Testing encompassed scenarios involving external and internal network attack vectors, simulating both remote attackers and insider threats.
The BlackBox assessment was selected: with limited information, mimicking real-world attack scenarios without prior system knowledge.
Results
This rigorous assessment unveiled potential vulnerabilities and exploitation paths that could jeopardize the confidentiality, integrity, and availability of Ukrtransgaz’s critical SAP ERP system and IT backbone.
Comprehensive remediation guidance empowered the client to prioritize and implement robust security enhancements.
By diligently addressing the findings, UkrTransGaz fortified defenses against cyber threats, safeguarding business continuity and the reliability of gas storage and transit operations at national level.
Moreover, the assessment highlighted opportunities to bolster security processes, policies, and the overall cybersecurity posture, fostering an environment of continuous improvement and resilience against evolving threats.
