Cyber Protections for Utilities

Today, the U.S. government views the energy sector as the most significantly threat-targeted commercial industry in the country, according to the U.S. Nuclear Regulatory Commission (NRC). The Government has aggressively increased levels of federal regulatory scrutiny to safeguard our nation’s critical nuclear and electrical infrastructure. Protecting operations from physical, cyber, and insider threats has never been more urgent.

While other industries had been bolstering their cybersecurity for years, it was only in 2009 that the NRC mandated that all U.S. nuclear plants comply with new cybersecurity regulations. Successfully addressing these new regulations, combined with overcoming the challenges of mitigating unforeseen and previously unconsidered vulnerabilities, would be a Herculean task for any company, especially for those unfamiliar with the intricacies of cybersecurity and the digital frontier.

For the last several years, Booz Allen helped SCANA Corporation accomplish both feats, and in the process, set the bar high for the industry while cementing the firm as a pioneer in the nuclear cybersecurity space. SCANA Corporation is a publicly owned utility company providing energy services to approximately 660,000 residents throughout Georgia, North Carolina, and South Carolina. The company operates multiple power plants in the region, including one nuclear facility, which, like its nuclear counterparts nationwide, was built 30 years ago with analog technology. With the integration of small but vulnerable digital upgrades over the years, there was a need to build a cybersecurity program―including any policies and procedures—before the NRC mandates were enforceable.

“The power industry is adjusting to a new set of critical standards, and we got involved immediately, bringing our expertise and experience from complex cyber-based missions in other industries,” says Principal Jeff Winslow. “We’re helping SCANA Corporation and other clients secure this critical infrastructure, which includes keeping the lights on certainly, but more importantly, educating them on new threats that are emerging every day.”

Booz Allen supported SCANA through the development of a full-range and long‐lasting cybersecurity program, which included assessing digital assets and implementing operational security controls at the V.C. Summer Nuclear Station (VCS). Booz Allen’s people brought a distinct edge to the work—through our mix of technology and consulting skills that includes unparalleled expertise in federal and commercial cybersecurity, specialized engineering services, and staff skilled in Industrial Control System (ICS) assessments and program management.

“In this very new space we were able to bring the firm’s broader information technology (IT) and program management capabilities to bear; we went in with a consulting mindset and tailored a cross-functional team for each issue they were trying to solve: nuclear, IT, cyber, and analytics,” adds Senior Associate Steve Lee, a Utility team leader.

Booz Allen’s thought leadership and experience helping large organizations across the government and commercial landscapes were critical success factors―not just in terms of cybersecurity and asset protection, but in other essential capacities like calculating potential risks and overcoming an industry culture that is cautious when it comes to implementing newer approaches.