Success Stories Municipal Utility

Municipal Utility

Encari was engaged by a Midwestern municipal electric utility that was facing CIP deadlines in June, 2009.  They needed to be auditably compliant for the “first thirteen” CIP requirements and compliant for the remaining 28 requirements.  

They requested that Encari undertake three tasks in this project:

  • Review the risk-based assessment methodology (RBAM) the utility had used to identify critical assets and re-assess their identification of critical cyber assets.
  • Assess the compliance documentation for the first thirteen requirements to determine whether any insufficiencies existed.
  • Conduct a gap assessment of the utility’s NERC CIP compliance posture with respect to the 28 requirements for which compliance was coming due in order to identify any areas of remediation that were required.

Encari successfully concluded this project on schedule and within the prescribed budget.  Several questions regarding the RBAM used to identify critical assets were raised, which focused on whether the RBAM had been properly conducted and whether the utility might in fact have unintentionally overstated the number of critical assets for which it was responsible.  The utility is currently reviewing both its critical asset identification and its NERC registrations with its Regional Entity.

 

Copyright 2008-2010 Encari, LLC.