Skip to content

Cybersecurity & Compliance

With cyberthreats growing by the day, companies in critical industries such as ours face the constant threat of interruption of essential services and the potential disruption in maintaining plant operational safety.

Securing the Industry to Keep Critical Infrastructure Running

PFES provides industry-leading Cybersecurity expertise and advisory services within the Industrial Control System (ICS) and Operational Technology (OT) environments.

This is possible because we have access to the industry’s best Subject Matter Experts with extensive ICS/OT credentials and experience. Our experts will implement cost-effective, comprehensive solutions that will minimize customer risk exposure to cybersecurity threats and regulatory fines without impacting operations.

Cost-effective, Reliable, Secure, and Compliant Solutions

Clients look to us because of our hands-on resources, insight, and a successful track record of providing data and regulatory compliance solutions for the North American energy sector.

Our team provides utilities with audit-proven, experienced regulatory professionals that have relationships with current regional auditors to provide feedback and ensure compliance. We keep sight of the project scope and cost from front-end planning through compliance implementation.

Our Industry-Best Certified Professionals Can Help with ICS/OT Security in these Areas:

NERC CIP and NRC compliance, validation, and oversight

ICS/OT operations, compliance, security tool testing, and implementation

ICS/OT secure design, configuration, testing, implementation, and project support

Establishment of sustainable cost-effective and compliant strategies

Supply chain risk management

MOC audit and audit preparation services for NERC CIP and NRC compliance

ICS/OT cyber vulnerability assessment and remediation (NERC CIP-010-3 R3)

Self-report preparation and mitigation services for NERC CIP and NRC

Incident response, disaster recovery, and business continuity planning and testing for ICS/OT (NERC CIP 008 & CIP 009)

Risk management frameworks and risk identification, documentation, and mitigation within ICS/OT

Governance and Regulatory Compliance (GRC) workflow implementation; automation of evidence collection and validation

Policy / procedure drafting and review capabilities

Physical security (CIP-006 and CIP-014) evaluation and assessment of customer facilities

Physical security plan drafting and implementation to keep people and environments safe

NERC CIP compliance and cybersecurity awareness training

ISO 27001 security assessments

Hydroelectric cybersecurity assessment (FERC security program for hydropower projects)

power transformers up close with sky and trees in background

Case Study: Sustainable NERC CIP Compliance Program

During preparation for a NERC CIP audit, deficiencies were identified within the compliance program of a West coast power system which needed to be addressed quickly.

The client faced a lack of resources and defined processes to adequately maintain compliance and was burdened with mitigation plans from ongoing open enforcement items.

electric power grid on rolling hills wit clouds in the background

Case Study: Cybersecurity Gap
Analysis

A leading energy company wanted an independent assessment of their CIP-010-3 processes to assess and remediate any compliance gaps within their policies, procedures, and processes.

Among their requirements: planning change management, configurating monitoring, assessing vulnerability, and reviewing Transient Cyber Assets and Removable Media.

solar panels with wind turbines in the background against a cloudy sky

Case Study: Development of NERC CIP Program

The owner-operator of a portfolio of clean, efficient, and responsive power needed to develop a NERC CIP program with a six-month implementation time frame.

PFES oversaw the rebuild of existing networks and the implementation of all cybersecurity controls required by NERC CIP to meet compliance requirements.