CyberSecurity Performance Questioned; New Collaboration Agreement Seeks to Address

Two releases on the wire today might catch your attention regarding cybersecurity for the grid.

First, despite good intentions to shore up security on the electric grid over the last several years, there’s still some skepticism whether this is occurring to the degree necessary.

EnergySec, a U.S. Department of Energy company, today released results of an online survey about the cyber security of the electric infrastructure. The industry’s response isn’t reassuring: 67% of respondents said they don’t believe the grants awarded under the American Recovery and Reinvestment Act of 2009 adequately addressed security. The CEO of EnergySec said the results make sense to him in view of the challenge of gaining consistency in the cyber security measures, given the large number of grants that have been processed by the DOE.

This acknowledgement was fortuitous in its timing with the New York-based Wiznucleus’ announcement of their collaboration agreement with Microsoft to create best of breed compliance management solutions for the energy and utilities industry.

For those who ask “What does Microsoft do for utilities?” here’s a paragraph in the Wiznucleus press release that explains our presence:

Wiznucleus software products are based on Microsoft technology frameworks and are built ground-up for managing the life-cycle of regulatory compliance. Wiznucleus' integrated knowledge management, domain-specific best practice methodology, and automation algorithm support our customers in meeting the latest standards and practice requirements. By leveraging the Microsoft development platform, Wiznucleus has been able to deliver proven compliance management solutions and reduce overhead in nuclear power plants and utilities.

Of particular note, you should know that Wiznucleus found great value in the principles described in Microsoft’s Smart Energy Reference Architecture. designed and developed its advanced and intuitive software using this seminal document.

In terms of capabilities, Wiznucleus software tracks the complex cyber security compliance requirements like NERC CIP, NEI 08-09/NEI 10-09/10 CFR 73 that are designed to protect North America's critical infrastructure. Their focus is on advanced software for tracking complex cyber security compliance requirements in nuclear power plants, distributed control systems (DCS) and power generation plants. They are a great compliment to our partner SUBNET Solutions who is a leading provider of substation security through access control and security software supporting the NERC requirements.

To keep up with this compliance burdens, utilities must have the ability to configure their systems to the latest standards so as to manage and track compliance in an automated manner. Through this type of automated capability, utilities can work to reduce the costs and complexity burdens of managing standards such as NERC CIP 002-009.

Satish Talekar, the Chief Technology Officer of Wiznucleus, confirms the value of the Microsoft platform and SERA document to their effort: "Achieving risk assessment and compliance management in the critical infrastructure such as power plants and utilities is a complex and heavy overhead task. Our decision to base our development utilizing the Microsoft platform has enabled us to successfully deliver cost effective and easy-to-use software, and deploy them in record time at our utilities customer sites. Our products are aligned with Microsoft's Smart Energy Reference Architecture, and we intend to continue to help evolve and align our platform with the Microsoft architecture."

In view of the DOE-survey, there is greater focus on compliance efforts in ARRA funded projects. Wiznucleus seems well positioned to manage and track these efforts moving forward. – Jon C. Arnold