Energy Information Security
The American Recovery and Reinvestment Act (ARRA) has brought billions of dollars in funding to the energy market to form a “smart grid” capable of reducing the frequency, duration and scope of power outages, reducing the price of electricity through the interaction of consumers and suppliers, increasing operational efficiency, and supporting and leveraging evolving technologies including electric vehicles and solar/wind generation. With the dollars and the potential benefits comes a steep responsibility — securing the once isolated networks that will be connected into a (hopefully) secure grid.
Energy Industry Challenges
- Rapidly deploying evolving technology in accordance with even more rapidly evolving, overlapping, and ambiguous standards (e.g NIST, AMI-SEC, NERC, ISO 27002 Guidance).
- Managing risk associated with the need to leverage third-party services to achieve business goals within current time and resource constraints.
- Ensuring that once isolated elements of a utilities infrastructure (e.g,SCADA / DNP3, DMS,) and the devices it supports are secured in a manner consistent with their vital importance.
- Supporting key deployed technologies with the policies, standards, procedures and technologies necessary to manage and monitor them.
Energy Industry Solutions
Hackers are shifting their focus from individual corporations to data consolidation points like large law firms because breaching a single network may allow them to obtain information about hundreds or thousands of companies by breaching a single network.
In response to this greater risk law firms are increasingly moving to more comprehensive Information Security Programs (e.g. Security Awareness Training, Vendor Risk Management, Vulnerability/Configuration Management, Incident Response Programs, and Information Technology/Business Continuity). Market leading legal firms are leveraging ISO 27001 to manage risk holistically and provide attestation (proof) of their Information Security Program.
Typical engagements include:
- Design Gap Assessment – Is the design of our environment consistent with relevant NIST, AMI-SEC, NERC, ISO 27002 Guidance?
- Vulnerability Assessments and Penetration Tests at the application, network, device, database and physical levels to ensure net security objectives are being achieved.
Your company can use Penetration Testing to:
Confirm that your environment is as secure as you believe
Prove to a third party that you are a secure and trustworthy partner
Quickly assess the security of a less mature control environment (in a sense, a technical risk assessment)
After a major change (e.g., the installation of a high risk system/application) to ensure that the security controls are operating as intended
Why Pivot Point Security?
Continually evolving technology, business requirements, regulations, and threats make “being secure” and “proving you’re compliant” increasingly complex for the energy industry. The only logical response: Simplify. We make it easier to prove that you are secure and compliant by:
- Focusing on the core group of security assessment services you need.
- Taking the time to understand your business and then optimizing our approach for your unique situation.
- Delivering reports and guidance that are easily understood and acted on by both management and technical personnel.
- Basing your assessment and recommendations on trusted, “open” (non-proprietary, non-vendor specific) guidance to simplify the process of operating and maintaining your Information Security Management System.