Industries Served

Energy

With high-value assets ranging from sensitive power grid information, to energy generation information and end-customer billing data, the energy and utility industries face special information security issues. Consider the vulnerabilities of the current and near-term national security environment where unauthorized access to the grid and core infrastructure could have disastrous outcomes, negatively impacting the ability for countries to respond to external threats. Combined with the volatility of the global energy market, and the increase in awareness of the role these organizations play in our national stability and growth, utilities are also facing stricter, more comprehensive security, reliability and audit requirements around their Critical Energy Infrastructure (CEI). As part of this environment, they must not only be concerned with who has access to sensitive information, but also how it is being transferred among providers, and what activity people are doing with the CEI.

U.S.-based security guidelines set forth by various regulatory groups like the Federal Energy Regulatory Commission (FERC) have paved the way for new standards being adopted by global entities. While the standards are a good step in the right direction, some utilities complain about ambiguity associated with how the standards are defined and enforced. As a result, energy companies have worked to develop their own internal security policies and controls to meet audit requirements and protect against attacks. Let Cyber-Ark empower your energy or utilities organization, secure your CEI, and provide a complete audit trail for your security and compliance programs.

Compliance drivers:

• Federal Energy Regulatory Commission (FERC)
• North American Electric Reliability Corporation (NERC)
• PCI DSS
• Electric Reliability Organization (ERO)
• Critical Infrastructure Protection (CIP)
• Regional Reliability Organizations (RRO)

Key challenges:

• Shared Administrative Accounts
• Application Identities
• Monitoring & Recording Privileged Activity
• Application Encryption Keys
• Managing File Transfers
• Sharing Sensitive Information

Customer Snapshot:

• Direct Energy
• Enbridge
• Suncor
• Denver Water

Related Media:

• Utility Products article
• Forrester energy company case study