UNLOCKED

UK-based West Burton Energy reduces threatdetection alerts by 98 % and improves efficiency by 87 % using Tenable OT Security .

As an important part of the UK ’ s critical infrastructure , West Burton Energy takes a proactive approach to secure its OT network and assets . The InfoSec team uses Tenable OT Security for in-depth asset visibility , asset inventory and OT vulnerability management to ensure the safety of its employees , while guaranteeing reliable energy generation and delivery to its customers . we have to minimise risk and harden our cyberresilience ,” said Tom Keyworth , C & I Engineer . “ Tenable OT Security gives us comprehensive visibility without burdening us with labourintensive workloads .”

Error-prone processes had InfoSec team looking for a better way

Keeping the lights on in the UK , West Burton Energy is an advanced and efficient Combined Cycle Gas Turbine ( CCGT ) plant and 49 MW battery energy storage facility that delivers 1,333 MW of power to the National Grid ; enough electricity to power 1.5 million homes and businesses .

West Burton has reduced the time and resources needed to manually manage their asset inventory , saving more than 200 hours per year . Additionally , they were able to create efficiencies in identifying , mitigating and remediating OT vulnerabilities .

Proper OT security requires a proactive approach to asset and network safety in order to stop cyberattacks before they start . West Burton chose Tenable OT Security for OT asset visibility , OT vulnerability management and threat detection – a set of use cases that have proven challenging for so many companies in the power industry .

West Burton has reduced the number of threat detection alerts by more than 98 % compared to their previous solution – a time savings of more than 87 %. Rather than chasing false positives , the team can focus on remediating the security alerts that put operations at the greatest risk .

In 2021 , West Burton spun off from EDF Energy resulting in a three-member security team responsible for securing their entire OT environment with a product alerting on far too many false positive threat notifications . They had to handle engineering changes in the OT environment , new projects and the decommissioning of older systems , leaving the team with a significant workload .

Dealing with original equipment manufacturers ( OEMs ) was especially painful . The InfoSec team relied on the knowledge of the plant engineers and various OEMs to keep track of assets , which involved a laborious , error-prone and spreadsheetdriven process .

“ Between waiting on OEMs to perform preventative maintenance and patches , and with status reports lagging by days or even weeks , we spent several hours per week just managing asset lists ,” notes Keyworth .

“ We are a critical infrastructure organisation , so although our InfoSec team is relatively small ,

“ We relied on the OEM issuing technical advice letters and alerts to make us aware of CVEs that

52 WWW . INTELLIGENTCISO . COM