Encari was engaged by a large electric utility in the US Southwest to accomplish two critical tasks for CIP compliance: 1) identification of critical cyber assets (CCAs) in substations and generation plants that had been determined to be critical assets under CIP-002, and 2) identification of electronic security perimeters (ESPs) to include those CCAs.  Encari first developed and documented a methodology for identifying critical cyber assets; this allowed objective, consistent decisions to be made in all cases (and provided a template for future CCA identification).  Encari’s team then visited all of the critical assets in question to apply the methodology – which required tracing cables, interviewing operators, etc.   

When all of the critical cyber assets were identified, Encari identified electronic security perimeters to enclose them.  Because all cyber assets (critical or not) within an ESP are subject to the CIP requirements, an important goal of this task was to limit the ESPs so that they only included the cyber assets that were definitely required.  Encari made recommendations for switch reconfigurations and other steps that allowed the customer to achieve this goal, while still addressing the ESP requirements in CIP-005. 

Encari’s final step in the project was to document the methodology used and the results, both visually with flow charts and network diagrams, and in Word documents.  This documentation will allow the customer to repeat or extend the work when required, along with providing them the information on which they can base their CIP compliance effort.  The customer was impressed both with Encari’s technical expertise displayed in this project and with our skills at documentation and verbal explanation.