With estimated cybercrime costs reaching $10.5 trillion between 2020 and 2025, the energy sector has become a primary target internationally. Recorded attacks in recent years have left 600 apartment buildings without heat for two days and idled a power plant for three weeks. Genesis Energy, New Zealand’s largest electricity and natural gas retailer and a 51% government-owned entity, decided to get ahead of these threats across its own critical infrastructure.
The company generates over 7,000 GWh annually, powering roughly 650,000 connection points from industries, businesses, and communities across New Zealand. Its generation portfolio spans thermal, hydro, wind, solar, and battery storage, with the Tokaanu Power Station (240 MW via four 60 MW turbines, commissioned in 1973) serving as the control hub for the Tongariro hydroelectric scheme.
The Challenge
Removable media and transient devices are a routine part of power plant operations. Firmware updates arrive on USB sticks. Third-party vendors deliver pre-configured servers and workstations. Technicians connect internet-enabled laptops for diagnostics. Each interaction is operationally necessary, but each one also creates a physical entry point that sits outside the reach of firewalls and network-level security.
Adam Whitmore, Engineering Manager for Systems Infrastructure, explained that the complexity of modern OT systems led the team to realize the urgent need for visibility into what was entering their environments. They sought effective malware prevention as part of a wider initiative to maintain availability and support electricity generation for their 2,000+ employees and the communities they serve.
During the evaluation phase, OPSWAT stood out through its proven track record and testimonials from other critical energy and utility providers globally. Whitmore noted: “After considering testimonials from their customers nationally within other industries and internationally within the utility sector, we could see their product had a proven track record for what we needed it to do.”
The Approach
Genesis Energy deployed two complementary OPSWAT solutions across its power stations, targeting the two main attack vectors for critical infrastructure: data transfers via removable media and access by internet-connected devices to air-gapped OT environments.
Kiosk-based media scanning sits between the IT and OT areas. Every USB drive and external storage device passes through a checkpoint where files are deconstructed, cleaned, and rebuilt using Deep CDR (Content Disarm and Reconstruction). Because this process reconstructs files from scratch rather than relying on known threat signatures, it handles zero-day risks that traditional antivirus misses.
“Deep CDR is a fast way to deconstruct and reconstruct files, with the reconstruction keeping their integration. It can deal with zero-day threats without the need for signatures and heuristics,” said Geoff Bard, Network and Infrastructure Admin at Genesis Energy.
Portable bare-metal scanning checks vendor laptops, servers, and workstations before they connect to the operational network. The system runs 30+ anti-malware engines simultaneously (99%+ detection rates) paired with heuristics and machine learning, and assesses vulnerabilities across 20,000+ software applications against 3 million+ data points and 30,000 known CVEs. Bard highlighted a practical use case: the portable scanner also serves remote locations where cybersecurity infrastructure is out of reach, and helps overcome server limitations at distributed sites.
“What we can do now is scan anything physical that comes into our environment. We might get pre-configured servers or workstations from third-party vendors, and we scan them to check they are clean,” Bard added.
The Results
The deployment transformed removable media and transient devices from security gaps into managed, secure pathways. Rather than restricting how staff and vendors work, it made those workflows safer.
Staff engagement was a key outcome. Jane Bydder, General Manager of Engineering Projects, noted: “People are way more confident about bringing files into their systems and being assured that they will be safe.”
The capabilities also extended beyond the original OT scope. Whitmore pointed out that what OPSWAT “brought to our sites has extended beyond our OT environments,” delivering value across the broader organization.
For the full deployment details, technology breakdown, and additional insights from the Genesis Energy engineering team, read the complete case study on OPSWAT.com.
Sponsored by OPSWAT.
Frequently Asked Questions
1. How did Genesis Energy secure removable media in its OT networks?
The utility deployed kiosk-based scanning checkpoints between IT and OT areas. Every USB drive and external storage device is scanned and reconstructed using Deep CDR technology before files can enter the operational network.
2. What is Deep CDR and why does it matter for energy OT?
Deep CDR (Content Disarm and Reconstruction) deconstructs files, removes potentially harmful elements, and rebuilds clean, functional versions. It neutralizes zero-day threats without depending on known signatures, which is particularly relevant in OT environments running legacy systems.
3. How can energy operators address supply-chain device risks?
Portable bare-metal scanners check vendor laptops, pre-configured servers, and workstations before they connect to OT networks. Combined with vulnerability assessment covering 20,000+ applications and 30,000+ CVEs, this catches risks embedded in third-party hardware before deployment.
