Burns & McDonnell has provided security assessments for Florida Power and Light (FPL), evaluating sites that have been considered critical assets under North American Electrical Reliability Corp. (NERC) standards for Critical Infrastructure Protection (CIP). Burns & McDonnell has made recommendations to ensure FPL is prepared to meet or exceed the NERC CIP guidelines in both physical and cybersecurity. These audits have included site visits and capturing system configurations to determine the current state of the security protections in place.
NERC CIP consulting
Control system security
Starting from the identification of critical assets, Burns & McDonnell determined the computer equipment necessary for safe and reliable operation of the sites in order to form a list of cyber critical assets. From this information, Burns & McDonnell proposed electronic and physical security perimeters, including proposing access controls and other methods to help keep these perimeters safe from intruders under NERC CIP standards — both online and at the site.
The existing configurations were analyzed to determine what security methods are in place and how these might be leveraged to ensure compliance with NERC CIP standards and industry best practices. In addition, areas of noncompliance were outlined, with possible solutions to these issues. When compliance is technically infeasible, recommendations for mitigating controls to minimize the damage from an intrusion were made.