powerlines with a city in the background

Case Study: Test and assess cyber security of water and wastewater treatment plant

Case Study: Test and assess cyber security of water and wastewater treatment plant

2 Minute Read

Find out how one municipality worked with MNP to bolster cyber security around its water and wastewater treatment plant.

Goal: Reduce environment risk if a cyber incident happens

Industry sector: Energy and utilities, municipalities

maze icon Challenge

This large critical infrastructure organization was looking at determining the security posture of water and wastewater treatment plants and improving their defense and response processes around cyber incidents by testing its technology, people, and processes to determine their capabilities.

light bulb icon Solution

MNP worked with the organization to create a testing plan tailored to the environments ensuring technologies (IT / OT), plant physical security, people and processes were thoroughly assessed. MNP performed a Red Team exercise (a simulated attack) on the water and wastewater treatment plant environment to gain physical access and test the environments. MNP also performed penetration testing of the environments to identify gaps with network segmentation of IT and OT, vulnerability and patching, and build / hardening.

checkmark icon Results

MNP identified gaps in the environments including physical and application / network layers and developed a targeted remediation plan to reduce the risk and bolster security posture.

Services provided

Red teaming • Network and application layer penetration testing


  • Agility

    September 23, 2021

    Key considerations for maintaining culture as you create your return-to-office plans

    Developing and implementing a successful return-to-office strategy is one of the biggest challenges leaders will face. With the right approach, you can strengthen culture and create value.

  • Confidence

    September 21, 2021

    Payment service providers and AML compliance in Canada

    Payment service providers face regulatory risk if they don’t have an anti-money laundering program in place – find out why and how to follow best practices.

  • Agility

    September 16, 2021

    Risk trends in 2022 and beyond – What Internal Audit must assess

    What lies ahead for 2022? Change, innovation, and uncertainty. Internal Audit can play a key role in helping their organizations manage the risks ahead and uncover opportunity.