Cigital: Simplifying Cyber Security
energycioinsights

Cigital: Simplifying Cyber Security

CIO VendorJohn Wyatt, CEO
The smart grid network has introduced enhancements and improved capabilities to the conventional power network. While ensuring the continuity of power supply, the complex network of over a million inter-connected devices and entities have made the smart grids more vulnerable to cyber attacks. These vulnerabilities made attackers to be more sophisticated to access the network, break the confidentiality and integrity of the transmitted data, and damage the service availability. These issues make it increasingly important for electric cooperatives to ensure the bar is set high enough to secure the cyber assets. “While companies want cutting edge solutions, they struggle to find the resources to self evaluate their security system,” says John Wyatt, CEO, Cigital. With years of expertise in working with leading Investor-Owned Utilities (IOUs), rural electric co-operatives, and Smart Grid vendors, the company helps energy companies to navigate the challenges and maximize the return on security investment by providing proven self assessment guides and security practices.

Cigital assists energy and utility companies in application security and vulnerability assessment. In partnership with National Rural Electric Cooperative Association (NRECA) and U.S. Department of Energy (DOE), the company has created the ‘Guide to Developing a Cyber Security and Risk Mitigation Plan’, for helping utilities address cyber security risks holistically and systematically. The guide is structured to make it easy for organizations to decide on and make improvements to the security posture of their installations starting from day one. Cigital has also assisted DOE to put together Electric Subsector Cyber-security Capability Maturity Model (ES-C2M2), a common set of industry-vetted cyber-security practices for energy sector. It provides a mechanism, comprising of a maturity model, an evaluation tool, and DOE facilitated self-evaluations, that helps organizations evaluate, prioritize, and improve cyber-security capabilities. “The ES-C2M2 model is publicly available and can be leveraged by any organization for self-evaluation to enhance its cyber-security capabilities,” says Wyatt.

Additionally, Cigital empowers utilities to address NERC Critical Infrastructure Protection (CIP) compliance requirements for annual Cyber Vulnerability Assessment (CVA) audits.


With our managed service approach, companies can move at the speed of innovation without sacrificing security


The NERC CIP plan consists of nine standards and 45 requirements covering the security of electronic perimeters and the protection of critical cyber assets, security management and disaster recovery planning as well as personnel training. Cigital combines this process with a comprehensive end-to-end risk-based mitigation approach for application security. Not only assisting electric utility companies to comply with the federal security standards, Cigital also helps them strengthen their application security program with a three stage process. It includes ‘Gap Analysis & Remediation Planning’, a study of utility's security program’s current state to identify the loopholes; ‘Remediation Plan Execution’ for mitigating the risk by establishing a new application security program or fine-tuning the existing; and ‘Ongoing Program Execution’. It ensures effective risk management and cost-effective compliance with existing and upcoming cyber security regulations.

While helping electric utility companies to address the cyber challenges, Cigital executives have realized the importance of spreading awareness about the cyber attacks and provide expert training to thwart it. The firm offers Instructor-Led Software Security Training, an offline hand-on course and Online Application Security Training, an on-demand eLearning application security training classes.

Cigital, with a holistic approach to application security, goes beyond traditional testing services and helps organizations to identify, remediate, and prevent vulnerabilities in the applications that power their business. The firm offers a balance of managed services, professional services, and products tailored to fit utility’s specific needs. “With our managed service approach, companies can move at the speed of innovation without sacrificing security,” says Wyatt.

Cigital, headquartered in Dulles with regional offices throughout North America, Europe and India, will continue to develop their solution bag to help secure electric cooperatives across continents.