Holistic IT security audit of a power plant including active and passive analysis of the critical infrastructure, penetration test against the building control system, review of potential risks through external attackers, on-site inspection of field stations, review of physical access protection as well as conceptual analysis of the security zones and the separation of operational technology networks