Convergint and Deloitte Partner to Build Holistic Utility Security Solutions

As the complexity of physical and cybersecurity grows for utilities, the need for a comprehensive understanding of risk has never been more critical. To address this, global systems integrator Convergint recently formed a strategic partnership with Deloitte — one of the world’s largest professional services networks and a member of the “Big Four” accounting firms. The goal: to deliver deeper security insights and help utilities adopt a stronger, risk-based approach to protection.

In our conversation, we explored the challenges of convergence, ransomware, drone threats and vulnerabilities within industrial control systems — all pressing issues facing today’s utility security professionals.

Curtis Marquardt Jr.:
Recently, Convergint and Deloitte forged an alliance to work together. Can you talk about what inspired that and how it’s mutually beneficial to both organizations?

David Nowak:
From both sides, we saw a unique opportunity in the marketplace. Deloitte is focused on enterprise risk security, with an emphasis on cyber. We know that physical security is part of the enterprise, and we are always looking to combine physical security with cybersecurity — especially in the utility sector.

Steven Sinclair:
We saw an opportunity to take the physical and cyber conversation to the next level and have a holistic discussion. The alliance exists not only in the utility space, but universally across all of Convergint. We see this as a strong opportunity to drive additional value in the marketplace and to leverage both of our strengths as powerhouses in the industry.

Curtis Marquardt Jr.:
Convergence is a big topic among utility security professionals right now. How will this alliance help provide a better experience for utility customers?

David Nowak:
By approaching things with a physical security risk management posture — from deep experts like Convergint and its vendor partnerships — along with Deloitte’s cybersecurity perspective on enterprise risk management, we can combine these areas of expertise to solve the challenges of protecting utilities.

Steven Sinclair:
In the past, security was purely physical, right? Back in the day, it was guards, gates and guns — very much a defense-in-depth approach. But now, with evolving sensors and new capabilities, this is the next chapter.

When we say “holistic,” we’re talking about achieving positive business outcomes. It’s not just about safety and security anymore — it’s about IT, operations and every part of the business portfolio. This convergence allows us to apply enterprise risk management strategies across the entire organization.

That’s the value we’re bringing to the market — not a single-focus view, but a full enterprise perspective. We’re solving problems and driving value and efficiency across the board.

Curtis Marquardt Jr.:
What are some trends or areas of concern that utilities should start prioritizing?

David Nowak:
On the physical side, we remember the Metcalf incident — shooters conducting reconnaissance on substations. That’s still a real threat. And the drone threat is escalating, especially as we watch drones being weaponized in international conflicts — often cheaply and effectively. That concern is growing here in the U.S.

That said, drones can also serve beneficial purposes, such as performing reconnaissance on your own substations or remote plants — for both security and operational purposes. The advancements in sensors support asset conditioning, vegetation management and much more.

On the cyber side, the top concern is ransomware — or any cyber event that disrupts operations or impacts corporate systems. The Colonial Pipeline attack is a prime example.

In the past, if you asked me whether to pay a ransom, the answer was always “no.” Now, it’s become a business decision. Executives are asking: “Should we pay? What are the consequences to operations, safety, personnel, or customers? Can we trust the integrity of our data?”

Ransomware is now targeting industrial control systems. It’s happening more frequently, and we have to manage that threat.

When we talk about convergence, we must clearly define the physical segmentation between operational and corporate networks. As the number of interconnected digital devices increases, so does the physical threat footprint.

Steven Sinclair:
It can be as simple as improving software and patch management. We need a defense-in-depth strategy with a risk-based approach.

As threats evolve, so must our strategies. We need to think creatively about how we harden our security posture — both physically and digitally.

Curtis Marquardt Jr.:
David, you mentioned ransomware. We know adversarial nation-states are involved. Can you elaborate on that threat and potential mitigations?

David Nowak:
It’s real. It’s happening. And it’s complex. At the end of the day, you need defense in depth. You need to understand which assets are connected, how your systems are networked, and what your critical systems are. And most importantly, you need to know how to protect and recover them quickly. Managing this risk is essential.

Curtis Marquardt Jr.:
Final question — looking ahead, where is utility security headed in a positive direction that professionals might not yet be thinking about?

David Nowak:
I think the focus will be on breaking down traditional silos — physical security being only physical, and cyber being only cyber. We’ll start building shared use cases and playbooks to ensure those teams are not just in the same room, but also collaborating at the system level.

Legacy analog physical security — like door alarms and camera alerts — is becoming digitized. These are data points that need to feed into a common platform, just like we’ve done in cybersecurity. It’s about correlating digital, event-driven data in real time.

Steven Sinclair:
I completely agree. What Dave said is exactly why this alliance makes sense. There’s so much value in combining our capabilities.

Convergint brings over 20 years of experience as a systems integrator with a massive utility footprint and a specialized team. Deloitte brings the same caliber of expertise on the cyber side. Together, we can deliver a holistic strategy that serves the industry better than ever before.