Case Study: City of Raleigh improves OT security visibility and resilience with NCC Group

Public Utilities Department seeks insight into their security risks and measures

The City of Raleigh Public Utilities Department engaged NCC Group to assess the risk maturity of their OT/SCADA environment through a Cyber Security Review (CSR), later identifying Managed Detection and Response (MDR) and Security Improvement and Remediation (SIR) as ongoing needs. The team faced limited visibility into OT/IT interactions, a requirement to remain fully operational during the engagement, rising regulatory pressure, coordination with third-party vendors, and a specific concern about a critical RF-based system.

NCC Group coordinated with the client and third-party vendors, analyzed 23 technical documents, ran passive PCAP-enabled vulnerability assessments to avoid service interruptions, and held workshops to identify threat actors and improve processes. As a result, NCC Group enabled analysis of OT devices without outages, helped prioritize remediation and budget for the next fiscal year, counseled on mitigating controls for unsupported software, and improved documentation and operational readiness—leaving the City of Raleigh better protected and more equipped to safeguard the community.

City of Raleigh