Smart Grid Strategic Planning
Location: Sacramento, Calif.
Client: Sacramento Municipal Utility Board
Completion Date: 2010-2013
Burns & McDonnell was contracted to assist in the planning, design and implementation of the Sacramento Municipal Utility District's cyber and information security risk assessment review, including vulnerability, penetration and configuration assessments.
Tasks included vulnerability, penetration and configuration assessments. Each team member created a preassessment report given to the client based on the technical analysis. The report contained findings and recommendations to meet compliance or security best practices.
Based upon findings from an audit, technical analysis or remediation, Burns & McDonnell created a strategy to comply with the initial standard, such as North American Electric Reliability Corp. Critical Infrastructure Protection (NERC CIP), reliability standard or National Institute of Standards and Technology (NIST).
At the conclusion of the project, Burns & McDonnell performed a detailed evaluation of all submitted compliance documents and interview responses. Evaluation points included:
- Specific application of collected documents to standards
- Applicability of informal processes
- Scoring according to measurements and levels of noncompliance
- Recommendations for corrective actions
- A detailed technical drawings of systems
Burns & McDonnell created a severity matrix to underscore which of the critical technical assets are most vulnerable in terms of client security and which systems highlight a likely skill gap. A preliminary training program based on the core vulnerabilities discovered was also implemented.
The security assessment service will describe the security as it exists and provide an enumerated list of vulnerabilities and risks that should be addressed through administrative and/or technical controls.
- Smart Grid cyber security plan
- NERC CIP variance analysis
- Critical asset and critical cyber asset methodology determination
- Physical security assessment and design
- NERC CIP policy and procedure development
- Smart Grid cyber security assessment
- Substation cyber and physical security assessment