Situation

Public Service Enterprise Group Inc. (PSEG) is a diversified energy company headquartered in Newark, New Jersey. Established in 1903, the company has long had a key role in fueling New Jersey’s economy and supporting the state’s quality of life. PSEG’s principal operating subsidiaries are Public Service Electric and Gas Co. (PSE&G), PSEG Power, and PSEG Long Island.

Each of PSEG’s business units must stay in compliance with the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards. NERC ensures the reliability of the nation’s Bulk Electric System and currently includes eleven CIP cybersecurity standards. These standards specify a minimum set of controls and processes that power generation and transmission companies must follow to ensure the reliability and security of the North American power grid.

Initially, PSEG would handle periodic NERC audits by way of a manual process. “We would generate a lot of spreadsheets and Visio diagrams to demonstrate that our networks were compliant,” said Lead Cybersecurity Analyst David Fletcher. “But Network Perception’s NP-View is basically what’s used by the auditors, so we figured if that’s what they use, that’s what we wanted to use as well.”

Solution

PSEG now uses Network Perception’s NP-View and considers the platform to be the perfect comprehensive solution for audits and everyday monitoring.

The company relies on NP-View to comply with NERC audits. NP-View works offline and performs a comprehensive analysis of firewall, router, and switch configurations to determine connectivity. It also identifies any deviation from security policies, standards, and best practices. The network visualization enables anyone to understand issues instantly. The results of the automated analysis can be seamlessly exported into actionable security and compliance reports.

“Aside from the fact that NP-View is perfect for responding to the questions that auditors raise, I love that it’s an offline software,” said David. “That means that we don’t need to have it set up in our production environment. We can use it anywhere.”

PSEG also uses NP-View Enterprise to help monitor and report on the state of the networks of its business units. This platform leverages automation and human-centered design to provide a continuous network monitoring solution that works in the background and automatically alerts users when a relevant compliance or security event occurs.

“The great thing about NP-View Enterprise is that even though it needs to operate in the production environment, we don’t have to go in and manually pull the data because NP-View Enterprise automatically grabs the data it needs,” said David.

Network Perception also allows PSEG to effectively manage its both its information technology (IT) and operational technology (OT) networks.

“The general rule of thumb for IT/OT security is that you want to have your networks separated. So, for instance, your OT network should not be able to talk to your email servers,” said David. “Network Perception allows us to create that separation and keep those controls in place. It is a solution that helps us discover which ports are open and automatically notifies us to traffic that it considers to be high-risk.”