Energy Information Security

The American Recovery and Reinvestment Act (ARRA) has brought billions of dollars in funding to the energy market to form a “smart grid” capable of reducing the frequency, duration and scope of power outages, reducing the price of electricity through the interaction of consumers and suppliers, increasing operational efficiency, and supporting and leveraging evolving technologies including electric vehicles and solar/wind generation. With the dollars and the potential benefits comes a steep responsibility — securing the once isolated networks that will be connected into a (hopefully) secure grid.

Challenges
Solutions
Why PPS
Clients

Energy Industry Challenges

Rapidly deploying evolving technology in accordance with even more rapidly evolving, overlapping, and ambiguous standards (e.g NIST, AMI-SEC, NERC, ISO 27002 Guidance).
Managing risk associated with the need to leverage third-party services to achieve business goals within current time and resource constraints.
Ensuring that once isolated elements of a utilities infrastructure (e.g, SCADA / DNP3, DMS,) and the devices it supports are secured in a manner consistent with their vital importance.
Supporting key deployed technologies with the policies, standards, procedures and technologies necessary to manage and monitor them.

Energy Industry Solutions

Aligning key initiatives with security best practices is critical to ensuring the integrity of the smart grid.

Compliance Simplified
Typical engagements include:
- Design Gap Assessment – Is the design of our environment consistent with relevant NIST, AMI-SEC, NERC, ISO 27002 Guidance?
- Security Certification & Accreditation – Validating the design and implementation to ensure that it reduces key risks (e.g., DNP3, customer data) to an acceptable level.
- Vulnerability Assessments and Penetration Tests at the application, network, device, database and physical levels to ensure net security objectives are being achieved.
Third Party Risk Simplified
Our Vendor Risk Management practice ensures:
- Third party security risks and compliance requirements are identified and communicated.
- Agreements evolve as business, technologies, and threats do.
- Monitoring mechanisms ensure third parties achieve your security objectives.
- Appropriate attestation is acquired either by assessing key risks directly (e.g., design reviews, penetration testing) or via receipt of attestation from an appropriately qualified and independent entity.
- Security Incidents are identified, responded to, and learned from.
Security Simplified
Protecting the integrity of the grid is exceptionally challenging in that it requires a holistic approach to ensuring the security of the processes that act on the information and the assets (servers, networks, applications, personnel, facilities) that support these processes.
- Secure Data Flow Diagrams (SDFD) – Identify critical risks and the required security controls at each point where information (e.g., connect disconnect orders, customer data, SCADA data) is acted on in your environment.
- Risk Assessment – The SDFD can easily be extended into a formal Risk Assessment to comply with relevant NERC, NIST, and ISO 27002 requirements.
- SDFD Dependent – Use the SDFD to determine optimal assurance activities required to achieve smart grid security objectives (e.g., Policy Development, Web Application Security Assessment, Network Architecture Assessments, DMS Security Review, Incident Response Plan, Physical Security Assessments, Social Engineering, Security Event Monitoring, etc.).

Why Pivot Point Security?

Continually evolving technology, business requirements, regulations, and threats make “being secure” and “proving you’re compliant” increasingly complex for the energy industry. The only logical response: Simplify. We make it easier to prove that you are secure and compliant by:

Focusing on the core group of security assessment services you need.
Taking the time to understand your business and then optimizing our approach for your unique situation.
Delivering reports and guidance that are easily understood and acted on by both management and technical personnel.
Basing your assessment and recommendations on trusted, “open” (non-proprietary, non-vendor specific) guidance to simplify the process of operating and maintaining your Information Security Management System.

Representative Energy Clients

View more representative Energy Industry clients of Pivot Point Security

Pivot Point Security Can Help You

More Thoughts on Energy Information Security

ISO 27001 Roadmap

ISO 27001 is manageable and not out of reach for anyone! It’s a process made up of things you already know – and things you may already be doing.

Database Security Roadmap

Database Security is one step in a comprehensive approach to building a robust Information Security Management System.

Penetration Testing

Penetration Tests are often used in a manner that is inconsistent with achieving the assurance that the organization seeks.

SIEM Whitepaper

Best Practices for SIEM learned from working closely with numerous vendors and customers on a wide variety of SIEM projects.

RSS

Twitter

Facebook

YouTube

LinkedIn

Google +

top

© 2013 Pivot Point Security | 888-PIVOT-POINT | Hamilton, NJ