May 25th, 2017
For those responsible for the security of critical infrastructure, the months following 9/11 were dominated by concerns over imminent penetration of, and damage to, critical infrastructure such as water treatment, electrical power generation, hydroelectric dams, transportation and airports.
In the months and years that followed, virtually all large water and wastewater utilities hired security experts to test their defenses – both physical and cyber in nature – in response to EPA and DHS mandates to conduct vulnerability assessments. The expectation was that hackers were actively targeting public utilities as a means of damaging critical infrastructure and the American way of life.
In a small office in Rancho Cordova, CA, one expert was hired to thoroughly check IT defenses by attempting to hack into “secure” networks and the information and control systems that managed treatment processes and facilities. This “penetration” test would be a mere formality; a confirmation that the IT system was secure. Or so many utility IT staff members thought.
During one such project, this Certified Information System Security Professional (CISSP) successfully accessed control screens used to operate a major water treatment plant in the Pacific Northwest. As part of that contract, he also helped remediate vulnerabilities by properly configuring IT infrastructure and installing systems to detect, delay and respond to hackers and other IT threats. During more than 30 vulnerability assessments and penetration tests, he successfully penetrated IT defenses dozens of times.
That expert, Mr. Glenn Wolf, CISSP, has joined Trimark’s team as an IT security expert. At Trimark, he will apply his extensive experience to help electric power resources meet NERC-CIP standards, audit IT-related security practices, and address constantly evolving threats to critical IT and control systems.
“Trimark is extremely pleased to add Glenn Wolf to our team,” said Dean Schoeder, Trimark’s Chief Marketing Officer. “Glenn’s experience in cyber security positions Trimark to deliver ongoing services to support IT security programs – a critical component of the electric power sector.”
“Securing critical infrastructure isn’t a project that can be checked off and forgotten,” said Schoeder, who also holds a RAM-W credential for assessing and mitigating security vulnerabilities in the water sector. “With the ongoing threat of computer viruses, denial of service attacks, ransomware and hackers seeking to damage the electric grid, Trimark is committed to helping our customers maintain vigilance and harden their IT security. At the same time, we recognize the practical business and operational requirements necessary to manage today’s electric power generation resources.”
Mr. Wolf brings more than 20 years of experience in Information Technology. While his experience spans systems integration, planning and database administration, he has concentrated on network security throughout his career. Mr. Wolf holds a degree in Computer Science from the U.S. Air Force Academy and was responsible for maintaining theater-wide computer and network communications at Headquarters, US European Command in Stuttgart, Germany. Following his military service, Wolf joined the private sector where he became a Certified Information Systems Security Professional (CISSP). He applied that knowledge to perform EPA-mandated vulnerability assessments and penetration testing for water utilities nationwide and in Canada in a comprehensive effort to improve the safety and security of utility SCADA systems. He has direct experience in implementation and integration of systems providing operational control (SCADA), Data Warehousing, Maintenance Management (CMMS), Customer Information (CIS), Geospatial Information (GIS), intrusion detection and other network infrastructure.
Trimark Associates, Inc. (Trimark) is a leading provider of measurement, SCADA, monitoring and communications solutions for critical infrastructure. Trimark develops reliable, affordable revenue-grade metering, monitoring, reporting, and control solutions required for ISO compliance, accurate billing and settlements, and operational optimization. To learn more about Trimark, visit www.TrimarkAssoc.com or call (916) 357-5970.