The Power of PSIM Protects Utility Giant’s Critical Infrastructure

Duke Energy is one of the first electric power companies in the U.S. to successfully deploy PSIM

According to Marcello, the PSIM also made it easier to consolidate security operations for Duke Energy and Progress Energy when the two companies merged last year.

“NICE Situator gave us a framework to automate and transition disparate operating procedures onto a common platform to facilitate consistent response actions across our entire security enterprise,” he said.


Up next: merging monitoring of regulated sites into Situator

In addition to monitoring the 53 critical sites, the ESCC monitors 35 regulated (NERC CIP) sites as well. (Essentially, NERC CIP sites are locations that house Critical Cyber Assets as defined by NERC, the North American Electric Reliability Corporation.) These sites are subjected to more stringent security requirements to protect them from threats that could otherwise affect the reliable operation of the bulk electric system.

Currently, a separate team of security operators in the ESCC oversees security for these regulated sites by monitoring alarms from two legacy Physical Access Control Systems (PACSs), remnants of the company’s premerger days.

Duke Energy plans to migrate these legacy systems over to a single, new enterprise-wide Physical Access Control System. Once this migration is complete, the new system will be integrated into Situator.

“The intent is for all sites across the Duke Energy enterprise to be monitored through Situator, regardless of how they’re classified,” says Marcello. “The strategy over the next 12 months is to bring all of our access control and video into a single platform, to integrate these various tools through the PSIM.”

One huge benefit of this approach is that monitoring of critical and regulated sites will no longer be handled by siloed groups; it will come into the center in a single prioritized work queue. That, in turn, will help distribute and balance the workload better. Any operator will be able to monitor any incoming sensor data input regardless of whether it originated from a regulated or critical site; the automated procedures will be there to guide their response.

“Situator will also enable us to increase our capacity to take on new work in the ESCC without adding headcount,” says Myers. “We’ll be able to put priorities on the alarms so that the most critical ones rise to the top.”

Myers says this is particularly important given that NERC CIP-002 version 4 will go into effect sometime in 2014. NERC CIP-002 version 4 applies new bright-line criteria to determine what constitutes Critical Assets and Critical Cyber Assets, and this will greatly increase the number of facilities that need to be protected under NERC CIP.

Compliance with NERC CIP is enforced through NERC audits, and utilities found to be in violation can be subjected to large fines. The burden is on the utility to provide documentation and proof of compliance.

“The ability to document incidents and generate reports, to integrate this function into the process, particularly on the regulated side, is especially important to us,” Marcello adds.

With NICE Situator, every single action taken during the course of incidents will be automatically captured and saved, and readily reproducible in PDF format for compliance audits. Reports can be generated automatically in a fraction of the time it would take to manually pull the information together.


Transforming security operations: the power of PSIM

Myers foresees other benefits to consolidating monitoring of regulated and nonregulated sites through Situator. “It will allow us to have one set of training for all of our operators. If you’re an operator and you come into work you can sit down in any seat in the ESCC and have the same experience. Everyone will have the same training.”

He also says that while PSIM is often equated with improving operator efficiency, it’s important not to overlook another aspect — the operator experience.

“No doubt Situator improves efficiency, but I’m also looking at it in terms of the experience for the operator. One of the big problems with security monitoring is if you’re perpetually trying to watch for something to happen, for hours and hours on end, you can get fatigued. Situator allows our operators to focus on handling real events that are brought to their attention, and then go back to a state of rest in between.”