Crtical IT/IS Security Considerations:

NERC CIP Compliance Reviews & Gap Analysis

Network and security architectural assessments

Designing to secure power control centers and SCADA systems

Security assessments against:

Power control centers

Power generation sites

Transmission sites (substations and interconnects)

Distribution substations

Design secure access to and from general IT to the required data within Control Networks (HMI systems, etc.)

Physically review networks, including large dams and devices to ensure correct drawings and clear identification of devices and data paths

 Identify critical cyber assets/cyber assets within electronic and physical perimeters

Recommending actions based on intent of regulations versus specific wordings

Experience working with Regional Control entities (WECC) to ensure correct CIP interpretation of regs and how they apply to specific issues within utilities (dark fiber, security perimeters, private WAN, etc.)

Expertise Available to Assist in IT/IS Security Review:

Extensive experience assisting utilities with NERC CIP compliance, including identification of Critical Cyber Assets, Electronic Security Perimeter, vulnerability and penetration assessments, etc.

 Knowledgeable on NIST documentation and SmartGrid security recommendations

CISSP

CISA

Member of WECC to keep current on CIP compliance (Version 4 – CIP 010 and 011 requirements)

17 years working with utility industry

(Additional information and details available upon request)