how a major utility company achieved zero compliance violations
Converging IT, OT and Physical Security For Continuous NERC-CIP Compliance and Enterprise Security.
More than a decade ago, the North American Electric Reliability Corporation (NERC) approved Critical Infrastructure Protection (CIP) standards CIP-001 through CIP-009, designed to provide new and improved regulatory accountability. NERC-CIP basically carries two primary purposes. The first is to provide a cyber-security framework to identify critical cyber assets and the second is to protect those assets. Critical assets, as defined by the standards, are those systems, equipment or facilities that if affected by destruction or otherwise would be detrimental to the reliability or operability of the Bulk Electric System (BES). For companies in the public utility, gas, water and other critical sectors, staying current with regulations and recordkeeping for safety, security and access has been an insurmountable challenge to overcome. Since the mandate hit the books, companies have struggled with compliance—many failing to resolve how to effectively comply with the three most critical areas of the NERC-CIP standards: CIP-001 (Sabotage Reporting), CIP-002 (Critical Cyber Asset Identification) and CIP-004 (Insider Threat).
AlertEnterprise Inc. has successfully worked with companies across the utility and critical infrastructure spectrum to address and resolve all areas of NERC-CIP compliance. The following is a current, real-world example of how technology helped one of our high-profile customers achieve the ultimate goal: continuous compliance and zero violations.
The Utility Customer Profile
With thousands of natural gas and electric customers spread across almost one third-of the state, the Utility understood the risk of data theft and NERC-imposed fines. Their goal was to unify its enterprise Identity and Access Management (IAM) to meet NERC-CIP requirements, with an integrated access and reporting mechanism across
IT, Physical Access and Control Systems/SCADA). The Utility approached the potential pain points of NERC-CIP head on—access to physical and logical systems; controls; documentation; onboarding, off-boarding, terminations; and more—using AlertEnterprise technology to automate compliance and bridge the gap between physical and logical systems.
Since working with AlertEnterprise, the Utility company has obtained continuous compliance and zero violations—an attainable and sustainable goal—all with a unified enterprise IAM software platform.
Challenges of the Utility Customer
Technology from AlertEnterprise Automates Compliance
How AlertEnterprise Leverages Technology So Utilities Can Maintain Continuous Compliance
What Utilities Need to Know
The key mandates of NERC-CIP require a deep understanding of risk to critical assets, in addition
to effective and continual monitoring of access. A simple mistake in understanding monitoring of access has resulted in millions of dollars in theft, in addition to NERC and FERC imposed fines. If you require any information on this topic, contact AlertEnterprise today at 510.440.0840 or firstname.lastname@example.org.