Cybirical has worked for six years for one of our best clients on a variety of their projects and initiatives, and that work’s description provides a good showcase of our team’s capabilities and quality of service. For this utility client, we work under contract for their team who is responsible for the security of all that has to do with the delivery of power to their customers. And so that covers cyber work from the DMZ down through switch house to the distribution pole.
Rather than describing all the projects and initiatives, we’ll describe the activity of
- a single day
- for of a subset of our team
- for just one of their projects
- for that same single client
In a later blog post, we’ll describe a typical work week for that same client, including this and other projects.
Substation Cyber Visibility and Monitoring
We work closely with our client’s team to help them install cyber appliances in their transmission and distribution substation switch houses. One of those appliances is a firewall, for network segmentation and threat detection within the substation. And the other is a NSM sensor, for visibility into all network traffic of that sub.
Our role in the project is both engineering and technical project management: we thrive in the middle of several technical teams who are excellent in their own field but need a little glue (that’s us) to have their work and ideas go together well with the other teams’ work.
Here are some examples of what I mean. In a typical day, we might:
- Submit a detailed request for firewall objects and rules to be added to the firewall management system.
- Request a new set of IP addresses and Autonomous System Number from the power delivery networks team for us to assign to the new devices we’re deploying to the substation.
- Mark up engineering drawings from the protection and control (P&C) team’s drawing vault show the changes we’re about to make to the SCADA and automation panel in the switch house:
- Panel front view and switch house layout drawings
- Communications cabling diagrams
- The DC supply and alarm contact elementary diagram
- The panel’s wiring diagram for power and alarm wire termination at the device and on the terminal blocks and ground bars
- And many others as needed.
- Submit an online request for a network change to centralized network change management software, detailing the when, what, who, and why of our work and supplying sufficient detail for EMS to anticipate any impacts our work might cause to their station’s polling and visibility.
- Organize and conduct a weekly PM check-in meeting between the P&C, wired networking, firewall, wireless networking, and broader cybersecurity team to review our recent work and coordinate upcoming work.
- Produce status reports about the various project to upper management, complete with satisfying graphs and telling statistics.
- Conduct another recurring meeting with the subset of the cybersecurity team that crafts dashboards in a web-based security analytics software to answer pertinent questions (these questions being from the manager of the substations) from data we’re collecting by our Cyber monitoring tech at these subs.
Our team is dynamic, and we have a keen sense to conform our principles of work to our customers’ people, goals, history, and processes.
Email us at info@cybirical.com – we want to fit right into your organization, too.