Our Partner for Utility Security Consulting
Utilities working through the Cybersecurity Check Up by AESI-US, Inc. receive baseline information for developing a comprehensive cyber posture.
- Cyber protection based on established security frameworks and authoritative sources
- Cost-effective identification of vulnerability and risk analysis
- Demonstration of due diligence to identify initial security posture
- Utility staff time commitment in approximately one day
- Identification of the cybersecurity maturity level of the utility
- Recommendations for improving the security posture and maturity level for the utility, based on the results of the cybersecurity check-up
The physical security services from AESI-US, Inc. protect the utility from the consequences of access to facilities by bad actors.
- Avoid a potential disruption in service
- Loss of reputation
- Negative financial impacts
- Dangerous physical conditions for staff and customers
Organizations must be pragmatic and choose the right level of security that balances acceptable risk (tolerance), budget, and other factors. Although risk cannot be eliminated, it can be mitigated. Firewalls, malicious code protection, etc.—a fortified defense is only part of the mix. A 360° perspective on cybersecurity also includes strategies and policies, along with solid plans for risk management and disaster recovery.
The Cybersecurity Check Up service from AESI-US, Inc. consists of three components:
- Cybersecurity Program Survey
A customized survey-style assessment to be completed with the utility.
- Policies, Standards & Procedures Review
Review of a representative set of existing cybersecurity-related polices, standards, and procedures based on the survey results.
- Remote Testing
Remote testing of high-risk web applications.
Designed for utilities requiring a starting point for a cybersecurity program or a quick health check of an existing cybersecurity program, AESI bases the remote Cybersecurity Check-Up survey components on the ten (10) domains described in the Department of Energy’s Electricity Subsector Cybersecurity Capability Maturity Model:
- Asset change and configuration management
- Risk management
- Cybersecurity program management
- Identity and access management
- Supply chain and external dependencies management
- Workforce management
- Threat and vulnerability management
- Situational awareness
- Event and incident responses: continuity of operations
- Information sharing and communications
AESI’s deliverables for the Check-Up service include:
- Dashboard view of utility’s cybersecurity posture
- Scan results
- High-level recommendations
Based on the results of the Cybersecurity Check Up, the utility can tap into any of the following additional services to build/augment their cybersecurity program:
- Training for the board/executive team and IT/OT technical staff
- Develop or validate Core Policies, Procedures, and Governance:
- Templates for a “fill in the blanks” approach to setting policies, procedures
- Roles and Responsibilities matrix (RACI)
- Cyber Vulnerability Assessments (CVA)
- Risk Assessments
- Penetration Tests
- Cybersecurity Program Development
The utility’s risk management program must incorporate the physical security of its facilities. AESI’s Physical Security Assessment examines the overall physical security of buildings, specific equipment within the building facilities, and locations while factoring in key business objectives. AESI evaluates all the physical security controls, such as:
- Visitor entry and verification procedures
- Access control systems (including badges)
- Security guards and guard rotation
- Data center and control center specific controls
- Document destruction
- CCTV or other surveillance cameras
- Life safety systems
- Exterior & interior lighting for security & safety purposes
- Landscaping for crime prevention
- Crisis management & business continuity programs
Workplace violence protection and training
AESI supports the integration and communications that marry IT and OT with technology strategy and planning, architecture design, communications network planning, system installations and configuration, system integration and commissioning, data management and historians, SCADA/GIS/OMS Services, on-going sustainment and support, and custom software development.