This case involves a data security breach at an electric grid in Arkansas, which was eventually traced to an aspiring hacker who undermined the grid system’s encrypted firewall protections and was able to access a restricted control level of the grid, exploiting a weakness was originally believed to have originated in the grid’s software. The representative of the grid urgently needed an expert in the software program to comment on practices of documentation related to the functionality and user permissions of the system, as well as comment on any potential exploitable points in the software.
Question(s) For Expert Witness
- 1. Please describe your experience with the software system used here, and if you are aware of any protections it uses to protect client data?
Expert Witness Response E-131999
I have been active with this software system since 1999. I am certified in this platform and have set up individuals and security platforms on this software. How we set up log in profiles depends on the environment and what you are synchronizing the platform with. Most major clients with significant security concerns use network authentication and integrate with active directory. I have worked on all releases of this software since Version 3. Version 7.0.1 is legacy and the last time I used it was in 2007. I am able to review documentation related to the functionality and user permissions of the system an provide an opinion on the case.
Expert Witness Response E-131973
I currently serve as the East Coast Operations Technical Lead for an engineering and construction services firm. At this firm, I co-founded the strategic technical team for standardization of the suite across projects. I have been actively using the technology discussed here for the last couple of years. As a part of my current role I set up individuals and security platforms on this platform. I also do logging and set up logging. When working with multiple users in a large account, it is key that you appropriately control all of the information that the users are accessing. This is done by properly setting up multiple user permissions to protect the client’s data. I previously worked as a System Engineer, where I worked on earlier versions of the platform including from 2005 and onward. I am well qualified to review documentation related to the functionality and user permissions of the system in question.