BlogResources

Energy and Utilities

From Chevron to Exelon,
Leading Energy Companies Choose D3 Security

Energy & Utility NERC CIP Compliance Incident Reporting

D3 is a flexible records management system that consolidates management of physical infrastructure, diversified workplaces and critical cyber environments. Offering streamlined reporting solutions, including for copper theft, workplace violence and theft of power, D3 can capture events and manage the response—allowing utilities to safely and consistently produce, distribute and deliver their products withing the NERC Compliance framework.

COMPLIANCE


  • NERC CIP

  • FISMA/NIST

  • Regional Reporting

  • SCADA Security

PLAYBOOKS


  • NERC CIP 008-009

  • Malware

  • Customer Data Breach

  • Risk Assessments

INVESTIGATIONS


  • Compliance Violation

  • Fraud

  • Copper Theft

  • Theft of Power

How You Benefit From Our Software

guard tour

Full spectrum of situational awareness

The energy sector’s utilities and regulators rely on D3 because it is a single incident management solution that enables situational awareness across the full spectrum of cyber threats, physical threats, risk assessments, and the status of compliance with standards such as NERC CIP.

Implement the NIST Incident Handling Guide

D3 helps utility organizations adopt the NIST Cybersecurity Framework and NIST 800-61 Incident Handling Guide by building processes into the software and guiding its usage through playbooks. Over time, users clone and enhance workflows with custom procedures, such as threat intelligence enrichment and increased collaboration.

incident response software

Enable flow of actionable intelligence

Making it easy to share actionable intelligence and relevant information across a utility—whether through task collaboration, data correlation or user search—eases risk-informed decision making. In addition, D3 is used to share reports with information centers and the regional reliability councils of NERC.

Create playbooks, risk assessments & metrics

D3’s extensive platform provides utilities with a library of NIST-based playbooks and the ability to create custom playbooks based on other methodologies like those provided by COBIT or ISO. As well, D3 supports various risk assessment formats including those needed by NERC or CFATS reporting, and incident metrics that standardize threat tracking across multiple locations, such as a utility’s many substations.

“Cyber risks are a rising intangible peril that threatens assets and revenues and creates rising liabilities for energy companies. In a period of unprecedented change and transition, along with significant needs for investment, the sector must look to better manage and finance cyber risks.”

 

Andrew George

Chairman of the Energy & Power Practice for Marsh

SUPPORT

1-800-608-0081

[email protected]