This case involves a data security breach at an electric grid in Arkansas, which was eventually traced to an aspiring hacker who undermined the grid system’s encrypted firewall protections and was able to access a restricted control level of the grid, exploiting a weakness was originally believed to have originated in the grid’s software. The representative of the grid urgently needed an expert in the software program to comment on practices of documentation related to the functionality and user permissions of the system, as well as comment on any potential exploitable points in the software.
Question(s) For Expert Witness
1. Please describe your experience with the software system used here, and if you are aware of any protections it uses to protect client data?
Expert Witness Response E-131999
I have been active with this software system since 1999. I am certified in this platform and have set up individuals and security platforms on this software. How we set up log in profiles depends on the environment and what you are synchronizing the platform with. Most major clients with significant security concerns use network authentication and integrate with active directory. I have worked on all releases of this software since Version 3. Version 7.0.1 is legacy and the last time I used it was in 2007. I am able to review documentation related to the functionality and user permissions of the system an provide an opinion on the case.
