Your Partner in Cybersecurity Implementation
At Control Infotech Inc. (CII) we provide cybersecurity services and tools to support a wide
variety of cybersecurity practices within organizations in the electric transmission and
distribution Operational technologies (T&D OT) domain.
Our services and tools focus on substations and help identify, assess, remediate, and
monitor
cyber risks and support the implementation of security controls for prevention, detection,
and
correction of security incidents.
Services and tools are based on the NIST Cybersecurity Framework 2.0 and aligned with
national
and international standards and guidelines (e.g., NIST, NERC CIP, ISO, IEC, and other
industry
specific standards) to provide interoperable solutions that integrate with organizational
processes and industry best practices.
CII Value Propositions
Vulnerability assessment and penetration
testing – assessing the vulnerabilities of substations and testing the
effectiveness of security measures provides valuable insights into the organization’s
cyber
security practices. Our knowledge of substation networks and protocols coupled with
cybersecurity experience provides us a unique capability to address the challenges of
assessing substation networks and endpoints. Assessment reports are presented in an easy
to
understand and actionable manner, catering to the information needs of different
stakeholders within the organization (e.g., chief executives, engineers, and operators).
Asset discovery and inventory management
– we provide services and tools to collect device information at various
levels
within a substation based on Modbus, DNP 3, or IEC 61850 protocols and integrate the
solutions with existing inventory management systems within the organization.
Continuous determination of risk score
– risk assessments are typically point-in-time reports. However, utilities
should ensure that they are updated to remain current, and that the security level
remains
adequate. Our services and tools support a continuous assessment model. Assessments are
triggered by change events rather than time events!
Cybersecurity Awareness and Training
– cybersecurity related training yields the largest return on security
investment. We provide customized, personalized, and interactive sessions presenting
current
risks to the organization and its defenses, table-top exercises specific to
participating
groups, Kahoot relevant to the learning context (e.g., cybersecurity policies and
procedures) and other topics suggested by leadership.
Read
more