Fortress Information Security Adds Utilities Industry Veteran to Bolster Security Support for Power Companies
Michael Bailey Joins Fortress as the Energy Sector New Regulations Transform Cyber Defenses
Orlando, FL, May 19, 2020 — A leading cybersecurity expert to the energy industry has joined Fortress Information Security’s (Fortress) team working to secure the nation’s utilities. Michael Bailey, a senior compliance manager with 20 years of telecommunications and electric utility cyber and operations experience, will be working with clients supporting their third-party risk management and supply chain security concerns.
Previously, Bailey worked in Ernst & Young’s utility cybersecurity practice and managed compliance to North American Electric Reliability Corporation (NERC) Reliability Standards (both Critical Infrastructure Plan (CIP) and Operations & Planning) for Transmission Operations for American Electric Power (AEP).
“New regulatory changes will have a significant effect on how energy companies protect themselves from cyber threats,” Bailey said. “And while the utilities have been preparing for these changes, they will need partners who understand cyber risks, threats and compliance challenges to navigate the changing environment.”
The changes Bailey mentions include new CIP standards and a recently signed Executive Order (EO) from President Trump. The new CIP standards, CIP-013 (and the associated changes to CIP-005 and CIP-010), are requirements designed by NERC and industry to secure the supply chain and remote service connections for assets operating in North America’s Bulk Electric System. While initially slated to become effective July 1, 2020, the standards will now take effect on October 1, 2020. Additionally, the President’s May 1 EO will create new standards and requirements for utilities using products with provenance from a “foreign adversary.” The CIP standards and the EO are attempts to address potential vulnerabilities in the utility sector supply chain.
“Securing the supply chain is a huge priority on all levels of the industry – and that was true before the recent changes,” said Alex Santos, Fortress CEO. “The CIP standards are specific to cyber assets. The Executive Order encompasses all Bulk Power System (BES) assets and creates additional urgency. Michael fully understands the operations, security, and compliance models for utilities.”
To help address both security and compliance concerns, Fortress’ has partnered with AEP to create the Asset to Vendor Network for Power Utilities (A2V). A2V addresses concerns about protecting the U.S. power grid from cyber threats. The A2V Network provides partners a secure and efficient way to share information about equipment and suppliers. Additionally, A2V helps users ease the burden of cybersecurity regulatory compliance and budgetary limitations.
Bailey graduated from Malone University in Ohio with his Bachelor of Science in Organizational Management. He is a Certified Cybersecurity Practitioner (CSXP) and Certified Information Systems Auditor (CISA) and is Certified in Risk and Information Systems Control (CRISC).
About Fortress Information Security Fortress Information Security, based in Orlando, FL, specializes in securing the supply chain and industrial assets of North American critical infrastructure.