Midwestern Investor-Owned Utility

Encari’s consultants have worked for over four years with one large Midwestern investor-owned utility, helping them to secure their control systems and comply with NERC CIP requirements.  Encari began its engagement by assisting this utility in compliying with the NERC Urgent Action 1200 standard in 2005.  When the NERC Standards Drafting Team started working on the NERC CIP Reliability Standards, Encari’s consultants partnered with the utility’s staff members to provide extensive input into that process; some of the resulting questions were addressed by FERC in Order 706, which established the NERC CIP Reliability Standards.  Encari has continued working with the utility to comply and maintain compliance with CIP versions 1 and 2.

Some of the areas in which Encari consultants have assisted this utility include:

• Developing a technical architecture for sustainable NERC CIP compliance and ease of administration.
• Developing workflows for compliance with several NERC CIP Reliability Standards and requirements.
  • These workflows were developed separately for generation facilities, substations, and control centers.
• Defining job tasks with appropriate separation of duties.
• Developing a unified situational awareness capability combining physical, cyber, and human aspects of security.
• Providing training to staff members on incident handling and hacker techniques for CIP-008 compliance.
• Implementing a change management system and procedures.
• Developing cyber security training modules for CIP-004 compliance.
• Designing and implementing procedures and technologies for user authentication, patch management, malicious software prevention, and other requirements of CIP-005 and CIP-007.

Lastly, Encari is currently assisting this utility in developing requests and mitigation plans for technical feasibility exceptions.