A major North American electric utility holding company needed assistance with cybersecurity, regulatory compliance and risk management for its critical assets, including wind, solar and all other generation assets.
A program is in place that will support the company in achieving its cybersecurity goals and also maintain compliance with the North American Electric Reliability Corp. (NERC) standards for Critical Infrastructure Protection (CIP).
For the past decade, we have partnered with the client to deliver a wide range of cybersecurity, regulatory compliance and risk management activities, all completed on time and within budget. This scope has included asset inventory services, which validated or identified all in-scope assets at more than 150 power generation facilities; and cyber vulnerability assessments to verify all security controls, identify asset vulnerabilities, and provide observations and mitigation recommendations.
We also have provided asset hardening; CIP‑010-R1 testing and validation services; medium-term staff augmentation; router replacement services; OPC server installation, configuration and integration; and other services at numerous generation facilities ranging from high to low impact.