Large Western Utility

A large electric utility in the Western US requested that Encari assist its staff in performing all activities required to achieve compliance with all requirements prescribed in NERC CIP Reliability Standards CIP-002-1 thru CIP-009-1.  Encari's efforts included:

• Developing cyber security policies and aligning them, as appropriate, with the utility's corporate information technology (IT) security policies.
• Developing required processes, procedures and programs, including:
  • Information protection program.
  • Change control and congfiguration management program.
  • Cyber security awareness and training programs.
  • Several physical security plans.
  • Technical architecture for sustainable compliance and ease of administration.
  • Unified situational awareness capability combining physical, cyber, and human aspects of security.
  • Malicious software prevention program.
  • Technical feasibility exception management program.
  • Incident response plan.

This entity’s goal was not only to have NERC CIP compliant cyber security policies, processes, procedures and programs, but also to ensure all established NERC CIP compliant mechanisms were sustainable; that is, cyber security policies, processes and procedures and programs that could realistically be maintained on an ongoing basis without requiring additional head count, unmanageable workload imposed on existing staff, or dependency upon external consulting firms.

Encari worked closely with utility staff members throughout this five-month engagement.  The result of Encari's collaborative effort with the utility were sustainable and compliant cyber security policies, processes, procedures and programs that addressed all applicable functions within the utility, as well as all applicable cyber assets.