CompanyServicesCareers with Power System Engineering News / EventsPublicationsContactSearchSite MapHome
power systems engineering, inc.
Power Delivery
Utility Automation
Technology Work Plan
Security and Disaster Recovery
Information Management
Supervisory Control and Data Acquisition (SCADA)
Substation Automation/Integration
Distribution Automation
Distribution Management Systems
Energy Management Systems
Outage Management Systems
Communications
Operations
Rates
Financial Planning
Resource Planning
Substation Design
Line Design
Workshops and Seminars

Security and Disaster Recovery

Emergencies are by nature unexpected and can tremendously affect the operations of the utility. From natural disasters to homeland security causes, utilities need to be prepared to protect their assets from both physical and cyber threats.

Power System Engineering, Inc. (PSE) offers a full range of security and disaster recovery related services to assist utilities in protecting their enterprise, field, and automation systems. PSE can complete security assessments to identify systems and applications that are vulnerable and to prevent loss and service interruption caused by security breaches. PSE can also assist in the development of a disaster recovery plan to reduce the risk and exposure to unanticipated events.

PSE’s unique strengths will help utility clients by combining our expertise in utility automation systems and operational practices with state of the art security related expertise. Focused upon utility needs, PSE knows how to engineer and design security solutions for field automation applications such as SCADA, AMR, load-management, DA, mobile workforce, Land Mobile Radio, Ethernet substation networks, and other common utility applications.

PSE provides the following security related services:
  • IT security assessment and vulnerability analysis.
  • Physical facilities security assessment and vulnerability analysis
  • Design and solution development.
  • Development of cyber security policies and procedures.
  • Review compliance with 7 CFR 1730 – RUS Risk Assessment and Emergency Planning.
  • Review compliance with NERC Urgent Action Standard (UAS) 1200 and UAS 1300.
  • Training and executive workshops.

Security Assessments and Vulnerability Study

PSE offers a comprehensive analysis of utility facilities, systems and applications to determine security exposures, problems, and threats. Both internal and external entry means will be reviewed. Commercial and custom applications can be reviewed including automation applications such as SCADA, AMR, DA, meter tampering, and the associated communication network and hardware/software. A report will be completed defining the findings of the assessment.

Some of the individual elements of the Security Assessment and Vulnerability Study that PSE can provide are:
  • Identification of risks and possible criminal activity.
  • Internal process and policy shortcomings.
  • Identification of security related requirements for individual systems.
  • Analysis of networks – wireless, dial-in, partner-level, Internet, and Intranet.
  • Design of backup facilities for critical communications and enterprise systems.
  • Specification of security and communication systems to enhance physical security of central and remote facilities.

Cyber Security Design and Solution Development

PSE will come to your facilities, conduct interviews, review policies, perform physical inspections, perform intrusion testing, and provide an assessment of your existing security posture.

After defining specific security requirements by application and system, PSE will recommend a security solution to address the business needs. The solution starts with an overall design; consideration of risks, costs, resources, and level of threat. Then, PSE can help develop vulnerability “patches” and improve policies. In some cases, new hardware, software, encryption and capital investments may be part of a recommended solution. PSE’s recommendations will balance the utilities budget and level of risk and exposure.

PSE’s services include:
  • Written reports and presentations with recommendations.
  • Hands-on resolution of issues.
  • Unbiased vendor neutral recommendations of possible solutions.
  • Project management of the implementation of the solution.
  • Engineering review and acceptance testing.

Physical Facilities Design and Solution Development

After a risk assessment of physical utility facilities, PSE will recommend a security solution that will provide additional protection for the utility and their critical customers. PSE’s recommendations will help the utility gauge the risk level they wish to provide protection for.

Services PSE provides include:
  • Written reports and presentations with recommendations.
  • Unbiased vendor neutral recommendations of possible solutions.
  • Project management of implementation of the solution.
  • Engineering review and acceptance testing.

Disaster Recovery

The development and implementation of a disaster recovery plan is not a casual undertaking. The planning team must first develop and agree upon a disaster recovery philosophy and then develop a disaster recovery plan. In the beginning, the appropriate team must be assembled and executive support must be secured; an awareness campaign has to be developed; and all enterprise risks must be identified.

PSE’s involvement will encourage:
  • Development of a Disaster Recovery Planning process.
  • Risk assessments.
  • Documentation of business processes.
  • Recovery prioritization.
  • Development of an Emergency Response Plan that addresses emergency and operational issues within the utility.
  • Exercise of the Emergency Plan, coordinated with state and local offices, including other utilities potentially affected.
  • Testing and rehearsal.
  • Implementation.

Executive Training and Workshops

Often security risks can be avoided by establishing sound internal (non-technical) methods and procedures. Proven policies can often be best discussed in an executive workshop setting. Workshops are also helpful to inform management of the areas that can be penetrated at utilities and the impact it can have on the operations. By identifying common penetration areas, management can be given advice on possible “quick-hits” and areas to concentrate on improving.

Training and workshop topics that PSE can address include:
  • PSE’s top-ten list of utility vulnerability areas.
  • PSE’s top-ten list of internal policies and methodologies to address the security environment.
  • Review of the pros and cons of common communications media.
  • Review of the process and activities to complete a security vulnerability study.
  • Industry review of what leading utilities are implementing.

printsaveemail
2000 Engel Street • Madison, WI 53713 • 608.222.8400Madison, WI • Minneapolis, MN • Columbus, OH • Indianapolis, IN