We are pleased to announce that ProtectWise and Archer Security Group have teamed to provide The ProtectWise Grid as a foundational security offering for Archer’s energy clients worldwide. This alliance combines the ProtectWise platform with the world-class Archer team which has deep background in North American Electric Reliability Corporation Critical Infrastructure Protection (NERC-CIP) compliance, utility operations, and industrial control systems security. We also jointly published a white paper today providing guidance for customers working with their auditors around deploying cloud-based security products in their NERC-CIP environment.
Through collaborating over a common customer deploying The ProtectWise Grid across its IT and OT environments, Archer and ProtectWise recognized that the utility industry is struggling with three fundamental issues:
- Enhancing security functionality to address emerging advanced industrial threats while meeting NERC-CIP compliance requirements
- Building a common, interoperable set of security tools that can be used across both regulated and non-regulated environments
- Providing a basic security posture for small to mid-size utilities that lack sufficient resources for a traditional SOC, and enabling accelerated mean time to resolution without impacting operational environments.
NERC-CIP requirements took effect in 2008 to define minimum security standards for critical systems operating the power grid in North America. Comprised of ten standards (with two more on the way), NERC-CIP has effectively established basic security for Control Center, power generation and substation environments. But utility companies have always been challenged by bridging the gap in their non-regulated environments to improve their security, and attackers have found ways to exploit these vulnerabilities as evidenced by the attacks in Ukraine.
Archer and ProtectWise believe this demonstrates a need for common security controls across all industrial environments, and through more modern and sophisticated means. In the white paper, “Using the Cloud to Address Compliance and Security Controls for Utility Companies,” we aim to help utility companies understand the complex threat landscape they face today, and the barriers to NERC-CIP compliance that compound them. We present a case for cloud-delivered security as a solution to these challenges and outline how it can be architected to satisfy the contrasting priorities of IT and OT teams while conforming to NERC-CIP compliance mandates.
Archer and ProtectWise believe the path forward in protecting critical infrastructure is to embrace new approaches to security that provide visibility without compromising industrial environments with additional points of failure. The Cloud presents utility companies with this opportunity.
Download the white paper to learn more about the future of industrial security and compliance.
Next blog post