Prepare for threats against digital and physical assets, mitigate risks and meet NERC CIP standards
Prepare your real-time operations to detect, respond, and recover from evolving cyber and physical threats to both mitigate security risks and efficiently comply with applicable standards.
Utilities in the US are now the focus of specifically designed malware to attack critical infrastructures and operations with industrial control systems. From the board-room to the water coolers, no one wants their mistake to be the one that adds their utility to the list of worldwide ICS incidents.
Cyber Incidents Growing in Complexity and Severity
However, the problem is only getting more complex:
- Growing protection needs for new applications and technologies that support Grid Modernization, including DER
- Increasing reliance on cloud solutions for data hosting and operations
- Evolving FERC and NERC CIP regulations
- Advancing weaponization of malware such as Industroyer/CrashOverride
BRIDGE’s deep IT/OT expertise, coupled with state-of-the-art security and compliance practice knowledge enables our expert practitioners to provide a unique perspective from the inside-out (Operations to Enterprise) or outside-in (Enterprise to Operations), identifying and implementing effective solutions tailored to your utility organization’s specific needs.
DER initiatives with endpoint technologies and transmission-like functionality now extend through distribution to the grid edge, adding complexity and cost to today’s security challenges. Without substantial changes in approach, compliance costs will continue to grow. Read more.
Security and Risk Management
The ecosystem of operational networks, processes, technologies and people, is growing in complexity and dispersion. Utility organizations must reduce the inherent risks through proper governance on critical systems and networks and effective deployment of analytics to provide early detection of potential operational and security issues. Read more.
There is no finish line in the race for security. Following the recent NERC announcement, it is likely that there will be increased focus and prescription on monitoring requirements under the CIP regulations. Staying compliant while evolving processes to efficiently address potential new regulatory frameworks for risk mitigation is essential. Read more.
Faced with multithreaded CIP subject matter expert accountability assignments, aging control center and substation ecosystems, varying compliance requirements between T&D operations, and the need to effectively protect assets and operations, utility organizations are struggling to meet and sustain a state of operational excellence. An objective, holistic view of their security and compliance program is needed to drive effective and efficient response, reduce risk, and improve required capabilities. Read More.