Black & Veatch has added a new cyber security service designed to help electric utilities and independent power producers address the recently mandated North American Electric Reliability Corporation (NERC) Cyber Security Standards.
The service is designed to assess, remediate and maintain vigilance against electronic forms of intrusion and disruption of power service. The new service addresses the nine critical infrastructure protection (CIP) standards that cover cyber and physical security, training, reporting, annual maintenance and auditing.
“Addressing the challenge of securing the nation’s electric system is a complex and multi-disciplinary task,” said Marty Travers, president of Black & Veatch’s Telecommunications Division. “Black & Veatch is capable of bringing all of the skills and competencies needed to succeed in determining compliance.”
The new practice builds on Black & Veatch’s core competencies in the electricity industry and leverages its security and management expertise in the areas of controls and communications for generating plants, as well as transmission and distribution, networks and the overall maintenance of grid integrity.
“The NERC Cyber Security Standards create a framework for crystallizing the issues, responding on an industry-wide basis, and establishing the metrics that an organization can use to determine how it measures up to these requirements on an annual basis,” said Stephen A. Stolze, managing director and leader of the Cyber Security practice. “The Black & Veatch approach to Cyber Security is rooted in implementing accepted industry best practices to achieve compliance with applicable standards, and to satisfy regulatory demands.”
The new Cyber Security service includes:
- Using subject matter experts to identify critical assets and to understand the parameters used to classify assets.
- Performs a vulnerability assessment on existing assets.
- Provides specific feedback and mitigation recommendations on all deficiencies and helps develop and deploy a policy to meet or exceed NERC CIP guidelines.
- Offers insight on how to maintain a holistic view of protection for all of the enterprise’s critical cyber assets.
- Creates a roadmap for establishing and maintaining a robust security initiative and an ongoing readiness culture throughout the organization.
- Addresses the cyber, physical and human resource aspects of compliance along with documentation, incident reporting and ongoing maintenance.