UtiliSec offers a unique combination of cyber security services specifically tailored for electric utilities, with industry-leading expertise for all aspects of electric utility operations from the NERC CIP Standards to policy and architecture, smart grid security, low-level analysis, and penetration testing.
Summary of Services
Critical Functionality in Industry Collaborations: UtiliSec personnel serve key leadership roles in numerous industry standards bodies and collaborative efforts. These positions allow UtiliSec personnel to provide uniquely advanced insights and perspectives to clientele, while also providing clients with the ability to shape critical issues and substantially mitigate technology risks.
Training: UtiliSec personnel have years of experience building curriculum and providing targeted technical training to clientele on a range of topics, including:
- Regulatory Issues: how to decipher the meanings behind the words on paper; how regulation is being interpreted; and the direction of changes underfoot.
- Cyber Security Policy: how to create and implement a sensible, practical, and unified policy that meets the needs of the organization, satisfies auditors, and guides future development
- System Architecture Security: how to design and build an effective cyber security architecture that works with organizational structure, empowers business, and allows for changes in future direction.
- Technical Security Implementation: how to efficiently and effectively evaluate technology candidates, select optimal paths forward, appropriately manage deployment, and assess deployed technologies.
- Security Testing and Assessments: formal methodologies for assessing the security of deployed systems and devices.
Architectural Guidance: UtiliSec personnel have demonstrated repeated industry leadership in abstracting and decomposing architectural components for analysis, mapping architectural components to real-world systems, and realizing system architecture through implementation. Deliverable formats can include such items as:
- Designs: drawings, templates, specifications, and configuration settings.
- Recommendations: documentation of guidance on strategic choices and tactical considerations.
- Evaluations: detailed analysis of existing systems or systems under consideration.
Policy Composition: UtiliSec personnel have substantial experience writing cyber security policies for utilities, have seen what works and what doesn’t, and understand the importance of building policies specifically for the target organization.
Security Architecture Review: UtiliSec personnel are uniquely suited to work with client technical staff to rapidly gain a detailed understanding of system architecture, identify security weaknesses, and provide mitigation strategies.
Penetration Testing: UtiliSec personnel have a world renowned reputation for their experience in penetration testing and are frequently invited to international conferences to share their knowledge. We practice agile testing methodologies that effectively discover vulnerabilities in systems and network, which in turn decreases test initiation, duration, overhead, and cost.