One of the initial decisions made by the co-op upon initiating the project was to bring in a third-party vendor to conduct a thorough cyber-risk assessment of their networks, to determine the threat actors and risk level that affect different operational units, and prioritize the most effective mitigation measures to minimize risk based on each network’s unique characteristics and needs, accounting for budget and specific needs.
The decision to conduct a risk assessment was also in line with established cybersecurity best practices, as outlined in NIST-CSF’s guidelines and the IEC62443 standard. And while most of their facilities fell below the BES (Bulk Electric Systems) level for mandatory NERC-CIP compliance, the co-op also wanted to ensure their system-wide alignment with NERC-CIP regulations.
To provide the cybersecurity risk assessment and associated consulting services, the co-op chose InfoSight, Inc., an MSP who provides a variety of advisory and managed services for both IT and OT/ICS networks. As InfoSight operates as a vendor-neutral consultant, the co-op was assured that any solutions or technologies recommended by InfoSight would be based solely on the best interest of their client.