From the 2021 ARC Industry Forum: A leading power producer talks about how they were able to achieve more efficient and effective OT cybersecurity compliance with NERC CIP, as well as increased reliability in operations. This presentation provides a great overview of the challenges faced by power producers in complying with NERC CIP cybersecurity regulations and provides insight into the business objectives and supplier selection process for OT cybersecurity. This presentation discusses the implementation of solutions from Verve Industrial to provide a centralized, vendor-agnostic environment and an integrated security platform that encompasses anomaly and breach detection, SIEM, endpoint management, device inventory, and other functions.
Meeting NERC CIP Regulations
Power producers face continually increasing NERC CIP security requirements, including reporting and proof of compliance, patch management, configuration management, whitelisting, backup and restore, supply chain security documentation, and more. As a critical infrastructure sector, power generation is also under increasing threat from Advanced Persistent Threat (APT) groups, which are typically funded by nation-states. Power producers also typically have multiple control system suppliers.
Most power producers must keep a close eye on their own cybersecurity resources. Multiple sites must be covered and cybersecurity knowledge at the plant level can be limited. Power producers want cybersecurity, but they also want increased reliability, and this customer viewed cybersecurity as part of a path to operational excellence. they also wanted to centralize their data and reporting related to cybersecurity across all sites to reduce labor requirements and costs.
This particular customer selected Verve because they offered a vendor-agnostic solution. Verve’s agentless solution worked across the various OEMs and control system suppliers. Verve also provided a central data repository and an integrated platform so their workers could have a single console to bring data together from asset discovery, patch, vulnerability, AV, backups, and more into one database rather than 6 different, white-labeled tools -- one for each requirement. You can read more about the Verve Industrial Solution here.
The company successfully centralized its ability to manage OT Security and compliance across dozens of sites. The company also lowered its labor costs associated with cybersecurity by adopting a single solution that is vendor agnostic. The new approach also makes it easier to provide rapid responses to senior management questions ranging from asset inventory to vulnerabilities. In many cases, the central cybersecurity team will often know before the plant whether a device is offline and can confirm backups are available in case of emergency.