AESI-US Inc. Cyber and Physical Security Consulting
AESI-US, Inc. provides cyber and physical security engineering and consulting for public power utilities (electric, water, gas). Leaning on best practices and meeting appropriate industry standards, AESI supports the planning, implementation, and maintenance of comprehensive security solutions. Services include risk assessments, product assessments, network architecture reviews, penetration testing, hands-on day-to-day routine tasks, and regulatory compliance. Beyond security, AESI works for optimal communication and resiliency in its strategic solutions when integrating IT/OT technologies.
AESI has been supporting utility clients since 1984, providing services to over 500 utilities in North America and internationally. The company has a deep and successful track record in public power, with long-term experience supporting joint action agencies and municipal distribution utilities. Drawing upon the NIST Framework for Improving Critical Infrastructure Cybersecurity, AESI works with utilities through the different elements in the process to develop an appropriate, sustainable program.
Products and Services
Holistic Approach to Cybersecurity
At the IT level, every utility must protect confidential customer data, billing data, and corporate data. Additionally, the utility must secure its Operational Technology (OT) for the monitoring and operations of the power system—EMS/SCADA systems, substations, smart metering, telecommunications, monitoring systems, and physical protection systems. Understanding what each system needs, and recognizing that IT and OT are not the same, are important steps to ensuring that the right measures are applied to the applicable systems to appropriately protect the systems and assets. It is the understanding that cybersecurity is more than just firewalls—it’s a living process that MUST be proactive and flexible/adaptable.
AESI keeps public power systems ahead of the game by providing cybersecurity education to all levels of the organization, developing policies and procedures for staff to follow, and providing hands-on, niche technical skills that may not exist on staff at the utility or joint action agency.
Cybersecurity Check Up
AESI’s Cybersecurity Check Up is a cyber risk assessment designed specifically for power utilities, focusing on critical business operations impacting IT and OT systems and networks. AESI conducts an operational survey and reviews cyber security related policies, standards, procedures and architecture design documents to determine a utility’s cyber posture. The outcomes of the assessments result in a quick health check and a defined path to become more cyber resilient.
Three Lines of Cybersecurity Defense
Hometown Connections partners with AESI, N-Dimension Solutions, and Wortham Power Gen Insurance to provide THREE LINES OF DEFENSE against cyber threats:
By N-Dimension Solutions
- Continuous threat monitoring of network traffic
- On-demand vulnerability assessment
- Holistic program development, assessments and implementation
- Workshops/training for board, executive management, and staff
By Wortham Power Gen Insurance
- Financial protection from breach of customer/employee data
- Including notification/credit monitoring costs, legal fees, fines, income protection, professional services
Physical Security Assessment
The utility’s risk management program must incorporate the physical security of its facilities. AESI’s Physical Security Assessment examines the overall physical security of buildings, specific equipment within the building facilities, and locations while factoring in key business objectives. AESI evaluates all the physical security controls, such as:
- Visitor entry and verification procedures
- Access control systems (including badges)
- Security guards and guard rotation
- Data center and control center specific controls
- Document destruction
- CCTV or other surveillance cameras
- Life safety systems
- Exterior & interior lighting for security & safety purposes
- Landscaping for crime prevention
- Crisis management & business continuity programs
- Workplace violence protection and training
AESI focuses on helping the utility avoid a potential disruption in service, loss of reputation, negative financial impacts, and dangerous physical conditions for staff and customers.
AESI supports the integration and communications that marry IT and OT with technology strategy and planning, architecture design, communications network planning, system installations and configuration, system integration and commissioning, data management and historians, SCADA/GIS/OMS Services, on-going sustainment and support, and custom software development.