The smart grid network has introduced enhancements and improved capabilities to the conventional power network. While ensuring the continuity of power supply, the complex network of over a million inter-connected devices and entities have made the smart grids more vulnerable to cyber attacks. These vulnerabilities made attackers to be more sophisticated to access the network, break the confidentiality and integrity of the transmitted data, and damage the service availability. These issues make it increasingly important for electric cooperatives to ensure the bar is set high enough to secure the cyber assets. “While companies want cutting edge solutions, they struggle to find the resources to self evaluate their security system,” says John Wyatt, CEO, Cigital. With years of expertise in working with leading Investor-Owned Utilities (IOUs), rural electric co-operatives, and Smart Grid vendors, the company helps energy companies to navigate the challenges and maximize the return on security investment by providing proven self assessment guides and security practices.

Cigital assists energy and utility companies in application security and vulnerability assessment. In partnership with National Rural Electric Cooperative Association (NRECA) and U.S. Department of Energy (DOE), the company has created the ‘Guide to Developing a Cyber Security and Risk Mitigation Plan’, for helping utilities address cyber security risks holistically and systematically. The guide is structured to make it easy for organizations to decide on and make improvements to the security posture of their installations starting from day one. Cigital has also assisted DOE to put together Electric Subsector Cyber-security Capability Maturity Model (ES-C2M2), a common set of industry-vetted cyber-security practices for energy sector. It provides a mechanism, comprising of a maturity model, an evaluation tool, and DOE facilitated self-evaluations, that helps organizations evaluate, prioritize, and improve cyber-security capabilities. “The ES-C2M2 model is publicly available and can be leveraged by any organization for self-evaluation to enhance its cyber-security capabilities,” says Wyatt.

Additionally, Cigital empowers utilities to address NERC Critical Infrastructure Protection (CIP) compliance requirements for annual Cyber Vulnerability Assessment (CVA) audits.