Cyber Power Systems strengthens the cybersecurity confidence of its PowerPanel Cloud Service through CREST penetration test

2021 / 07 / 29

With the advent of the digital economy, Product-as-a-Service has become a key way for manufacturers to innovate and transform. To meet this trend, Cyber Power Systems, Inc. which has designed, produced and sold power protection products under the brand CyberPower for many years, launched the PowerPanel Cloud solution in June 2020. The new solution enables users to monitor and manage their own CyberPower Uninterruptible Power System (UPS) anytime, anywhere. Lin Yongxiang, senior manager of the software department of Cyber Power Systems, summarized several advantages of PowerPanel Cloud, including: support for 24-hour global use, real-time alarms, user-friendly interface, etc. In addition, it is suitable for all high, middle and low grade CyberPower UPS and has high security. In order to prove that it has reached a certain level of cybersecurity, Cyber Power Systems has set high-standard testing requirements. Referring to the list of qualified vendors for penetration testing announced by the world-renowned CREST organization, the company entrusted Onward Security, the only recognized company in Taiwan, to conduct a complete inspection of PowerPanel Cloud in accordance with international standards.


Industry-standard and enterprise-trusted penetration testing

Lin Yongxiang said that UPS as a backup power infrastructure is mostly used to protect important devices such as network equipments and database hosts to ensure that key services are not interrupted. Obviously, its importance cannot be overemphasized. Therefore, the PowerPanel Cloud service for remote monitoring and management of UPS must have the highest level of security in order to effectively avoid hacker intrusion and prevent the power structure of the user from being improperly controlled or damaged.

"Cyber Power Systems has always attached great importance to cybersecurity, and we require ourselves to test PowerPanel Cloud with the highest standards," said Lin Yongxiang. The company previously conducted penetration tests on PowerPanel Cloud with the assistance of an external consulting company. However, the consulting company conducted testing according to its own specifications and experience rather than any industry standard. After the test, Cyber Power Systems strengthened the security design according to the modification suggestion, but it is unable to confirm whether the product reached a trusted security level, and there is no objective third-party certification.

As a result, Cyber Power Systems continued to explore some penetration testing standards that are widely used in the world. The company learned about the CREST organization through the professional cybersecurity company - Onward Security. CREST is a non-profit international cybersecurity certification organization with 266 certified companies all over the world. And it is deeply trusted by the financial and high-tech industries. After several evaluations, Cyber Power Systems believed that passing the CREST test would improve the security and reliability of PowerPanel Cloud, so it entrusted Onward Security to perform the test. The company also expected the completion and achievement of the CREST test to increase user confidence in PowerPanel Cloud.


Onward Security is a CREST authorized laboratory

Professional consultant support assists in formulating the best correction plan

When Cyber Power Systems sought external assistance, it contacted a number of professional cybersecurity companies. In the end, it decided to cooperate with Onward Security, mainly based on the following reasons. First of all, Cyber Power Systems believes that its strengths are not in the field of cybersecurity, and there are many trivial matters and unconverged problems that need to be clarified. The team at Onward Security can help guide Cyber Power Systems to understand these issues through its expertise and standard procedures. Secondly, Cyber Power Systems is eager to seek international cybersecurity standard certification, but most companies fail to give specific proposals for this. Onward Security is the only company that provides a lot of valuable information, such as item-by-item briefings on the international standards available today, and detailed technical communication with Cyber Power Systems, so as to help Cyber Power Systems sort out the most suitable certification options step by step.

Furthermore, Lin Yongxiang said that after the penetration test, the Cyber Power Systems development team may need to perform correction work, and many questions may inevitably arise during the process. For such a hard task, Onward Security promised to provide professional support and help Cyber Power Systems to find the best correction way by means of consulting services. Based on these reasons, Cyber Power Systems chose to establish a cooperative relationship with Onward Security.

When Cyber Power Systems selected the CREST solution, Onward Security immediately carried out a detailed demand interview, and responded quickly and accurately to any questions raised by Cyber Power Systems, helping them to speed up the formulation of the most suitable test way. Due to the heavy task of the Cyber Power Systems development team - the work of product development needs to be performed simultaneously during the period, the test schedule has been adjusted many times, but Onward Security fully cooperates. It makes Lin Yongxiang deeply applaud the professional strength and service of Onward Security.

After the preliminary test was completed in February this year, Onward Security submitted a complete report, and listed security enhancement suggestions at different levels (high, medium and low) according to the urgency of the problem. Next, Cyber Power Systems held an internal discussion to discuss various challenges that may be encountered during the revision process, and repeatedly consulted with Onward Security about whether there is a less time-consuming and resource-saving approach that can still achieve the same cybersecurity enhancement effect. The final revision was determined after back-and-forth discussions. After completing the correction, Cyber Power Systems obtained a penetration test report with the CREST mark, which also means that PowerPanel Cloud products have international-class cybersecurity quality.

Cyber Power Systems has sales offices in Europe, America, Asia, Australia and other places, and has also achieved good sales results in North America, France, Germany, Russia and other markets. Since the customer base is scattered in various places, it is not appropriate to evaluate the cybersecurity protection of PowerPanel Cloud only based on the local experience of individual consulting company. Cyber Power Systems therefore sought high-standard international-level CREST penetration testing, and entrusted Onward Security to perform rigorous cybersecurity testing. It looks forward to obtaining the most complete certification to confirm that its products are secure and reliable, so that customers can use PowerPanel Cloud service with confidence.

In The News