One of the largest U.S. energy utilities feeds the energy grid, powering millions of customers. Like many utility companies, they utilize information technology (IT), operational technology (OT), and a vast and complex supply chain to deliver their service across tens of thousands of miles of high voltage transmission lines, linking generation operations to substations, then into distribution networks and delivered to homes and businesses. As the industry incorporated emerging technologies into the grid amid ever-increasing cyber security risks in this space, their need to protect against these risks became more imperative. The company needed a better way to keep up with identifying, assessing and managing their third-party risks, as well as identifying and resolving vulnerabilities within their OT environment. Procurement leadership needed a better way to determine criticality with each vendor engagement to adequately cover the risk in the contract. Recent NERC enforcement actions increased the pressure to show compliance within the risk management arena.
The company partnered with Fortress Information Security to deliver its Total Solution, including managed third-party risk services, OT security services, and a fully integrated and data-driven solution providing holistic visibility of emerging risks. Fortress leveraged a combination of Technology, Analytics and Services to deliver consulting and managed services, supported by the proprietary Fortress Guardian platform to deliver industry-specific cyber intelligence solutions. Fortress provided expert managed services, collecting, assessing, and reporting the NERC-compliant risk management program through automated and orchestrated channels, giving the board full transparency and guidance throughout the process. Continuous monitoring, threat intelligence, and dashboards provided visibility to help mature the capabilities of the company’s cyber risk management program.
- Implemented a business-specific NIST security risk-based program, designed, staffed, and managed by Fortress.
- Program included identification of critical OT assets and high-risk vendors, assessing them for control weaknesses and vulnerabilities, and resolving identified findings.
- Full transparency dashboards enabled by the Fortress Platform to benchmark and communicate NERC compliacne, program health and obstacles to Procurement and Security stakeholders.
- As an integrated solution, Fortress moved quickly to implement. Also, as an expert in energy sector, the assets and vendors were well-known, and Fortress hit the ground running.