NAES Case Study
NAES is an independent services provider dedicated to optimizing the compliance of energy facilities across the power generation landscape. More than four thousand NAES team members with extensive experience in operations, maintenance, construction, engineering, and technical support build, operate, and maintain both traditional and renewable resources.
NAES is a Registered Entity with experience in all six North American Electric Reliability Corporation (NERC) regions. The organization’s capabilities and experience in NERC compliance are born out of a mandate to comply with NERC regulations at the fleet of power plants that NAES operates. With more than two hundred Generation Entities, forty-nine are NERC Registered Entities.
Industrial Control Systems are made up of multiple control networks supplied by various vendors, such as Siemens, GE, Emerson, and Rockwell. Some of these vendors require interactive remote access for services, maintenance, tuning, and patch deployment.
Contractors and vendors accessing these networks provide a much needed function for operational continuity. However, by doing so, they pose a risk when they access the network. Ensuring that vendor accesses respect the principle of least privilege and keep a manageable attack surface to protect is a critical priority for both NAES and its customers. Modeling and understanding network connectivity are key steps to verifying the exposure of critical assets.
NP-View is designed to determine connectivity offline and to conduct a thorough examination of firewall, router, and switch configurations. It flags any breaches of security regulations, guidelines, or best practices. Anyone may easily comprehend concerns thanks to the network visualization. The automated analysis results can be easily converted into actionable security and compliance reports, reducing the likelihood of human error and cutting time spent auditing firewalls by 50 percent on average.
Additionally, NP-View delivers a continuous network access monitoring solution that operates in the background and automatically warns stakeholders when a network configuration change impacting compliance or security happens.
The application automatically constructs the topology of the network and then verifies connectivity paths to ensure compliance with Critical Infrastructure Protection (CIP) criteria by parsing configuration files from firewalls and routers related to Electronic Security Perimeters.
Best-In-Class Customer Service
NAES is fully dependent upon the reliable operations and output generated by NP-View.
“We value that the support we receive is best in class regarding responsiveness, timeliness, thoroughness, and reliability,” said Michiko. “These things are very important to our operations.”
Michiko is so pleased with how NP-View supports the work of her team that she has suggested that Network Perception start a user group. “There’s a lot of learning and feedback to be gleaned from the superusers,” she said.
NAES Network Security Before and After NP-View
Previously, evaluating and fortifying NAES’s network security was a challenge.
“It was brutal,” said Michiko Sell, NERC CIP Services Supervisor. “Back then, we would have to take the raw file and parse it manually. I simply did not have the capacity to handle the work quickly and efficiently. Thankfully, we now use NP-View.”
NP-View allows Michiko’s team to review all their external facing Operational Technology (OT) firewalls for misconfigurations, discover all overly permissive rules that are allowing access into the control environment, and uncover any unintended open paths that can increase the attack surface.