Last year, I went to ISC West—the nation’s leading converged security trade show—for the first time ever, and let’s just say I felt a tad unprepared by just how massive of a security event it is. To put it simply, there’s a big difference between reading that the event draws nearly 30,000 total industry professionals and actually seeing with my own eyes swarms upon swarms of security professionals buzzing and navigating through the halls of the Venetian.   It’s a security spectacle unlike any other I have seen—and one that I found to be especially valuable to my efforts to grow my connecti…

ALCEA, the critical infrastructure-focused division of ASSA ABLOY, recently released a white paper on NERC CIP Standards and physical security solutions. We sat down with ALCEA North America’s Managing Director, Jerry Burhand, to discuss compliance strategies and physical security technologies. CURTIS MARQUARDT: So, what inspired ALCEA to develop a white paper that details the purpose and scope of NERC CIP Standards?  JERRY BURHANS: As the reference brand for Critical Infrastructure, ALCEA is always involved in the business of providing secure ways to ensure life goes on uninterrupted…

In the last issue of Utility Security Magazine, I mentioned a federal law that the United States has in place to combat attacks in the energy sector in my article on strategies to defeat copper theft in substations. In this article, I’m going to use the theft triangle to show how this law (and a similar one in Canada) can be used to deter substation attacks and intrusions.  This is how it works: in the theft triangle, there are three elements at play: motive, opportunity and rationalization. (This triangle is also called the fraud triangle. It’s versatile and can be adapted to most form…

President Eisenhower, the five-star general who commanded the largest invasion in history during World War II, stated, “In preparing for battle, I have always found that plans are useless, but planning is essential.” This philosophy directly relates to utility security for two reasons:  Establishing a robust security posture is a complex issue that requires planning Threats never materialize as planned In today’s environment, maintaining a strong security posture is essential and effective planning is key to achieving it. However, there are a few obstacles that can hinder the cr…

Ross Johnson Continues His Series on Substation Security with an Exploration into How to Develop a Valid Scenario that Helps You Plan to Stop Unacceptable Consequences In the previous issue, we asked how you would know if your critical substation would survive an attack. (It might be a good idea to go back and re-read the column in the November 2024 issue of Utility Security magazine. You can read it at utilitysecurity.com.) In this issue we will examine how a scenario is developed. The first step is to assemble a vulnerability assessment (VA) team. An ideal team would include Security…

Stacy Mill’s First Utility Security Magazine Contribution Provides a Roadmap to Better OT Security Welcome to my first article in Utility Security magazine! It’s an honor to contribute to this community of professionals working to protect critical infrastructure. In this space, I’ll offer insights into the current threat landscape facing utilities, share practical advice on securing operational technology (OT) networks and—most importantly—provoke a chuckle or two. Or at least a polite smirk. Now, you might be wondering why you should read what I have to say. Fair question. I’ve been in I…

Burns Engineering’s Security Practice Leader Rene Rieder Jr. Talks Facilities Security, the Importance of Communication and How to Balance Form with Function in Ways that Enhance Security CURTIS MARQUARDT JR: Please tell our readers about yourself and your experience working in security. RENE RIEDER JR: Certainly! I have nearly three decades of security design and engineering experience involving planning, development, design, project management, construction, installation and commissioning of electronic and physical security solutions. I currently serve as the Vice Chair of the ASIS Se…

VRP Group’s COO Ross Falisi Details Why Executives Should Consider this Event an Eye Opener and What it Takes to Adequately Protect High Profile Utility Personnel CURTIS MARQUARDT JR: Thanks for joining us, Ross! Can you tell our readers a bit more about yourself and your security background? ROSS FALISI: Thank you for having me, truly a pleasure being here. I started my career as a police officer in New York City. I spent about four years there and was honored to be selected to the elite NY State Police. I completed the balance of my public service there with a variety of assignments…

Jim Willis Shares Three Steps to Better Equip You for the Increasingly Complex Challenges that Utility Security Professionals Face “It ain’t what you don’t know that gets you into trouble. It’s what you know for sure that just ain’t so.” ~ Mark Twain.  Mr. Twain’s statement reflects the understanding of the utility security dynamic of many utility professionals. There has always been a disconnect in recognizing the overlap between the utility and security sectors. This lack of understanding has led to an insular approach, where many believe the two fields have little, if any, connection t…

One of my favorite books is Meditations by Marcus Aurelius. And in that book is one of my favorite quotes: “Never let the future disturb you. You will meet it, if you have to, with the same weapons of reason which today arm you against the present.” Every day, the world is growing more complex and complicated. For security professionals, this means that the job of maintaining and growing the resilience of an organization’s security posture is becoming increasingly difficult. Technology has both empowered us and made us more vulnerable than ever before. Things like IT-OT convergence…

Burns Engineering’s Security Practice Leader Rene Rieder Jr. Sat Down with Us to Talk About Facilities Security, the Importance of Communication and How to Balance Form with Function in Ways that Enhance Security CURTIS MARQUARDT: Please tell our readers about yourself and your experience working in security.  RENE RIEDER JR: My name is Rene Rieder Jr. and I am the Security Practice Leader for Burns Engineering. I have  nearly three decades of security design and engineering experience involving planning, development, design, project management, construction, installation and commission…

The Security Industry’s Biggest Event is Bigger in 2025 and Has Expanded its Utility-Specific Education and Events Last year, I went to ISC West—the nation’s leading converged security trade—for the first time ever, and let’s just say I felt a tad unprepared by just how massive of a security event it is. To put it simply, there’s a big difference between reading that the event draws nearly 30,000 total industry professionals and actually seeing with my own eyes swarms upon swarms of security professionals buzzing and navigating through the halls of the Venetian Expo.  It’s a security sp…

In the US, the Cybersecurity & Infrastructure Security Agency (CISA) has identified 16 critical infrastructure sectors ranging from Food and Agriculture to Manufacturing, Communications, Public Health, Transportation, and Energy & Utilities. These sectors are so vital that any incapacitation or destruction would have a debilitating effect on the nation’s stability. Among these sectors, the Energy & Utilities sector stands out for its foundational role in supporting all the others.  A reliable energy supply is crucial for economic growth, public health, and national welfare. Witho…

Utility security professionals know it takes a multilayered approach to have effective security. What might not be known is just how multilayered the financial impact of false alarms can be to a utility. We sat down with Yaron Zussman from Magos to talk about the bottom-line costs of false alarms and what your organization can do to ensure they are minimized.   Utility Security: What are the biggest challenges utilities face when it comes to implementing a perimeter security strategy that minimizes false alarms? Yaron Zussman: One challenge I often see is that organizations mi…

As headlines continue to reinforce, cyberattackers are increasingly putting utilities’ operational technology (OT) and Internet of Things (IoT) security to the test—some with the intent of disruption at a societal scale. A recently issued warning by U.S. and international cyber authorities cites efforts by pro-Russian hacktivists to exploit vulnerable OT systems at utilities across North America and Europe. The decentralized nature of U.S. utilities means a wide variety of cybersecurity maturity for individual targets. Authorities ask that utilities shore up protections to their internet-conn…