Piscium
Energy & Utilities← All Case Studies

National Energy Grid Operator Cuts Mean-Time-to-Remediate by 68%

A national energy grid operator managing 12,000+ OT assets across 48 substations relied on annual penetration tests and quarterly vulnerability scans. Between assessments, new threat vectors emerged undetected — and manual remediation workflows averaged 45 days from discovery to fix.

-68%

Mean-Time-to-Remediate

Reduced from 45 days to 14 days average

340+

Attack Paths Discovered

Previously unknown IT→OT lateral movement paths

24/7

Continuous Coverage

Replaced quarterly snapshots with real-time validation

The Challenge

A national energy grid operator managing 12,000+ OT assets across 48 substations relied on annual penetration tests and quarterly vulnerability scans. Between assessments, new threat vectors emerged undetected — and manual remediation workflows averaged 45 days from discovery to fix.

The Solution

Piscium's autonomous CTEM platform was deployed across all 48 substations, continuously discovering attack paths through OT/IT convergence points. Offensive AI agents validated exploitability without disrupting operations, while the remediation orchestrator automatically generated and dispatched playbooks to ServiceNow and Palo Alto XSOAR.

We went from hoping our quarterly scans caught everything to knowing — in real time — exactly where our exposure is and having automated playbooks ready to close the gaps.

CISO
## Background The operator manages critical electricity distribution infrastructure serving over 4 million customers. Their OT environment includes a mix of legacy SCADA systems, modern IEDs, and RTUs connected through a complex IT/OT convergence architecture. ## Implementation Piscium was deployed in three phases: 1. **Discovery Phase (Week 1-2):** Passive asset discovery across all network segments identified 12,847 OT assets, including 340+ previously unknown IT→OT lateral movement paths. 2. **Validation Phase (Week 3-4):** Offensive AI agents conducted safe, non-disruptive attack simulations against discovered paths, confirming 89% exploitability rate on critical paths. 3. **Remediation Phase (Ongoing):** The remediation orchestrator now continuously generates prioritized playbooks, dispatching them to ServiceNow for tracking and XSOAR for automated response.

Related Resources

blog

What Is Continuous Threat Exposure Management (CTEM)?

A practical introduction to CTEM — Gartner's framework for continuously validating and reducing cyber risk, and how it applies to critical infrastructure.

whitepaper

OT/ICS Security in 2026: Trends and Challenges

An overview of the key trends shaping operational technology cybersecurity — from regulatory pressure to AI-driven threats and the convergence of IT and OT networks.

See Similar Results for Your Organization

Learn how Piscium can validate and reduce cyber risk in your environment.

Request a DemoMore Case Studies