IT Security Services for Energy and Utilities

Utilities, energy providers and manufacturers make enormous capital investments in plant equipment, supervisory control and data acquisition (SCADA) systems, process control systems (PCS) and infrastructure to deliver critical products and services. Outages can have cascading, disastrous effects with enormous direct and indirect costs. These organizations must be protected from cyberattacks from malicious attackers, state-sponsored hackers, hacktivists and others who wish to disrupt or damage national critical infrastructure.

Protecting National Critical Infrastructure

Industrial control systems including PCS, industrial automation, distributed control systems (DCS) and SCADA systems are used extensively throughout national critical infrastructure. Many of these control systems were originally built without adequate focus on the IT security aspects of the systems. Recognizing this weakness, in 2013 President Obama signed Executive Order 13636, Improving Critical Infrastructure Cybersecurity, requiring creation of a “Cybersecurity Framework… including information security measures and controls, to help owners and operators of critical infrastructure identify, assess, and manage cyber risk.”

New smart grid generation and distribution systems hold the promise of cost savings as well as more insight and control over critical infrastructure operations, but rely on common Internet and computer networking technologies to deliver this functionality. These new technologies need to be integrated with the proper IT security configuration, safeguards, and monitoring to protect them from attacks.

Legacy industrial control systems must also be protected and their vulnerabilities mitigated, despite the constraints of proprietary technologies, limited processing power, and fragile interfaces.

NERC CIP Compliance

The North American Electric Reliability Corporation (NERC) maintains cyber security standards for Critical Infrastructure Protection (CIP). NERC Standards CIP-002-3 through CIP-009-3 provide a cyber security framework to identify and protect Critical Cyber Assets of the bulk electric system.

NTT Security Services to Protect Infrastructure and Achieve Compliance

NTT Security services can assist energy and utility organizations cost-effectively protect critical cyber assets and comply with NERC CIP.

NTT Security IT security services provide:

Up-Time Assurance: The ActiveGuard® Security and Compliance Platform was designed from the ground up to detect configuration failures and anomalous network traffic. Cyberattacks can not always be predicted or prevented, but NTT Security Managed Security Services deliver the necessary tools to detect and respond to an attack as quickly as possible, reducing risk and limiting damage to critical infrastructure. In addition, health monitoring of network and security devices provides critical information that can warn of a failing or saturated device before it causes an outage.

Operating Data Protection: ActiveGuard is able to monitor databases, mainframes and endpoints where critical information resides.

Broad Support: ActiveGuard is able to accurately collect, analyze and correlate vast amounts of data from virtually any application or device capable of producing a log file, including security appliances, network devices, mainframes and endpoints.

NTT Security has:

  • Long-term experience providing security and compliance services for utility companies of all sizes
  • Knowledge and experience supporting a comprehensive security program that delivers detection and protection
  • The ability to support security and compliance services globally
  • Experience and solutions in a broad base of security relevant frameworks (NERC CIP, ISO, SOX, COBIT) and standards (NIST, FFIEC, FDIC, and others)
  • Reporting to meet management and regulatory needs