New Jersey-based IPKeys Power Partners has released a platform to provide utilities, generators and grid operators with simple and unified cyber-security monitoring and compliance requirements.

The SigmaFlow Beacon platform is built to help organisations align with North American Electric Reliability Corporation (NERC) compliance mandates. It provides NERC registered entities with a single way to advance, simplify and improve existing cyber-security and monitoring requirements.

“We are pleased to provide utilities, generators and grid operators a system that ensures unification of cyber-security monitoring and NERC-CIP compliance requirements,” said Robert Nawy, CEO of IPKeys. “It is long past time for the worlds of compliance and cyber defence to converge to provide cyber assurance for our power grid. The SigmaFlow Beacon unites needed capabilities of real-time cyber-security monitoring with governance and regulation.”

The SigmaFlow Beacon provides one, purpose-built system for NERC baseline management, collecting the critical cyber data in real time and seamlessly incorporating the approval process within the SigmaFlow workflow and evidence platform. The technology is built for rapid deployment, making it faster and easier to implement than current monitoring methods. It can save utilities time and provide seamless critical infrastructure protection, improved cyber security and audit ready results.

Today, NERC registered entities must use multiple vendors and systems to monitor baseline security and compliance data. These are not connected to workflow, making the correlation between change management and baseline authorisation next to impossible because multiple changes could be made since the facilities’ last scan.

“SigmaFlow Beacon is a major step towards our vision of bringing compliance and security teams together, at the same time simplifying the act of maintaining compliance while enhancing real world cyber security,” said Louis Riendeau, IPKeys vice president.

Trey Kirkpatrick, vice president of NERC implementation services and consulting, added: “Many of our clients and governance and regulation communities tend to get a sense of false cyber-security validation by passing NERC compliance audits. SigmaFlow Beacon and the entire IPKeys cyber lab-as-a-service platform introduces automated NERC compliance and advancement in real cyber-security protection.”

Benefits of a unified approach between cyber security and compliance include:

• Improved cyber security: The fewer moving parts, the fewer opportunities for errors, and the fewer cracks for hackers to get in through. With cyber security and compliance in sync, there is a shared knowledge between organisations.
• Time savings: When a crisis strikes, immediate action is vital. With unified security and compliance, there is less risk of misunderstanding or miscommunication between organisations, less need for work to be redone, and fewer questions about completion.
• Seamless CIP management: Unified end-to-end management of security and compliance ensures consistent CIP management, while providing more efficient and accessible records, greater access to critical information, and reducing data errors, missed assignments or due dates.
• Always audit-ready: All data are stored in one secure location, and are consistent, connected, complete and primed for scrutiny.

Large cyber-security incidents such as the SolarWinds breach or the Colonial Pipeline hack garner most of the attention, but hundreds of smaller attacks have impacted businesses, municipalities and utilities, and the threat is accelerating. According to Statescoop, between 2013 and 2018, 180 documented cyber attacks occurred, while 236 incidents have been reported since 2019.

IPKeys Power Partners is headquartered in New Jersey and has offices in California, Louisiana, Maryland, Texas and Virginia.