Our mission is to provide resources that support organizations in securing their critical infrastructure.
We provide various informational publications, including a weekly update on key security topics and a semi-monthly newsletter on NERC CIP topics. We also publish guidance and analysis documents and occasionally executive level briefs on key issues.
A monthly newsletter that details events within the EnergySec community in electronic and hard copy available to all parties interested in the work of EnergySec.
A weekly email newsletter containing updates on cybersecurity threats and vulnerabilities, emerging practices, policy, legislation, and regulation.
A semi-monthly email newsletter containing updates and analysis on CIP-related events, guidance, and published violations.
The Week Ahead Email
Sent at the beginning of each week, this includes security- and compliance-related events which are scheduled.
EnergySec’s Executive Briefs provide a 1-2 page abstract on key security topics of interest to an organization’s executives. Security professionals are able to present executives with a quick read on topics of security.
EnergySec’s team of experts, with years of relevant industry experience in cybersecurity and NERC CIP implementation and audits, review and and provide a written in-depth analysis of documents, white papers, and briefs that discuss the security of critical infrastructure.
EnergySec’s talented staff address the latest security and compliance standards with detailed insight into the effects on critical infrastructure.
NERC CIP Guidance
In cooperation with industry and our extensive network of advisors, EnergySec staff develops and publishes detailed guidance on topics in the latest CIP version. Published versions of all guidance are available as a member benefit in the EnergySec Community.
NERC CIP RFI Assistance
EnergySec can assist with, coordinate, and/or submit formal Requests for Interpretation (RFI) of the NERC CIP standards. EnergySec staff is well-positioned to assist member entities with the evaluation of potential RFI situations, drafting of the request where needed, and interacting with NERC and Interpretation Drafting Team (IDT) throughout the process.
Comments on Regulatory Actions
EnergySec staff review NERC draft standards and FERC NOPRs, providing comments that members can use as a response to the identified security measure.
In accordance with NERC’s Compliance Guidance Policy, EnergySec is seeking status as an organization prequalified to submit Application Guidance for potential “endorsement” by the ERO. Once approved, we will be able to work with our members and the broader community to develop and submit implementation approaches for CIP standards requirements.
Available in our online community at community.energysec.org. Also see the Technology section for additional resources.
The EnergySec CIPtionary is a comprehensive reference for words and phrases used in the CIP standards and related documents and discussions. This is a useful resource to further understanding of the CIP standards and specific requirements where terminology is ambiguous.
EnergySec staff provide discussion forums available to all members on topics of interest and concern to critical infrastructure security.
Vendor Resource Center
The number of security products and services on the market has exploded in recent years and continues to grow. EnergySec’s Vendor Resource Center (VRC) is designed to provide a comprehensive listing of available solutions for specific problems within our industry.
Our goal is to make the VRC a perfect starting point in the evaluation of potential security product and service purchases. In addition to vendor listings by category and topics area, the VRC will have areas for comments by member utilities and will contain results of industry surveys to determine the extent to which various products are used within industry.
EnergySec staff organize webinars that are educational in nature relevant to topics of security and critical infrastructure.
EnergySec organizes presenters to provide awareness of the latest technology products available in cybersecurity and ways these devices can be utilized to secure critical infrastructure.
Members receive priority speaking engagements and a 30% discount off attendee pricing.
Annual Security and Compliance Summit
For more than 11 years the EnergySec Security Summit has been the premier gathering for stakeholders in the energy sector focused on physical and cyber security. Our summits give each attendee a rare opportunity to mingle with asset owners, government agencies, researchers, consultants, vendors and academia under one roof. We are one of the oldest and most mature security events in the industry, bringing the most relevant and timely security topics to the forefront of discussion
Security Education Week
In 2017, EnergySec will launch its Security Education Week designed for apprentices and/or students interested in the cybersecurity profession within critical infrastructure. The event will feature speakers from industry, mini-tech sessions on topics like NERC CIP, and question and answer forums.
Hawaiian Educational Sessions
EnergySec’s Hawaii Educational sessions are cybersecurity educational events targeted at security professionals representing businesses in Hawaii, the United States West Coast and Japan who are eager to learn more about what they can do to improve security in mission critical environments. Through our Hawaii events, EnergySec continues to drive toward our mission of helping people learn more about what they can do to improve the security and reliability of critical infrastructure.
Security Leadership Forum
EnergySec’s Security Leadership Forum facilitates collaboration between senior security leaders within the energy industry and provides a vehicle for the execution of joint projects that serve industry-wide interests.
Other Professional Forums
Professional forums are developed as members define a need for discussion and connecting with peers in industry. Any member may request the creation of a forum meet the needs of their peer group.
Security Analysts Forum
A Security Analysts Forum is being formed to support our Information Sharing and Analysis programs.
EnergySec conducts “members only” briefings concerning topics of relevance to security personnel, such as NERC CIP requirements, the latest in security incidents, etc. Commercial members have the opportunity to participate in such briefings to share security news and information discovered by their research or analysis teams.
EnergySec provides a monthly (third Thursday) security news briefing to state regulatory commissioners and staff.
EnergySec staff and leadership participate in numerous industry events. Our staff is available to our member organizations for questions and consultation.
EnergySec has staff dedicated to closely monitor new CIP drafting team efforts. The discussions, changes, and/or insights are made available to our members. Staff are available to members for clarification of results released by the drafting team.
Regional Entity Meetings
EnergySec staff attend meetings and conferences organized by regional entities to keep abreast of compliance-related activities throughout the country. The reporting of events is available to our members through our member publications and briefings.
EnergySec staff attend a variety of security conferences to keep informed of current issues and inform our membership.
EnergySec staff participate in events that relate to our five core areas of operation to keep abreast of the latest trends in security, compliance, and cybersecurity education.
EnergySec’s online community is available to support collaboration in industry by providing industry-specific online forums. This platform is also used to distribute online resources for members and participants.
EnergySec’s HipChat server is a private instant messaging service provided to community participants. This service provides immediate interaction with EnergySec staff and others in the industry. We regularly host chat sessions in conjunction with industry events, enabling real-time discussions and tracking of events by those unable to attend directly.
Members are able to establish private chat rooms under their control for discussions with their peers across organizations.
Email List Server
EnergySec operates an email list server integrated into our community in support of our forums. We can also provide comprehensive list and group management to ad-hoc industry groups seeking an effective, private collaboration platform.
EnergySec staff conducts customized, confidential surveys for individual or group organizations as requested. These surveys provide much-needed feedback for organizations while providing anonymity to respondents.
EnergySec operates a security analyst collaboration community on the ThreatConnect platform. This technology allows security analysts to engage in robust collaboration on threat intelligence and incident analysis in a secure manner.