Michael Toecker | Consultant and Engineer, Control System Security Practice at Digital Bond
Michael Toecker is a Professional Engineer specializing in the cyber security of industrial control systems, and predominately those within the electric power sector. A graduate of the University of Missouri-Rolla’s accredited Computer Engineering program, he has a focused background in the development of computer systems, hardware engineering, electronics, networking, and computer programming.
Toecker started his career at the consulting engineering firm Burns and McDonnell, working specifically for electric power infrastructure owners on cyber security and compliance projects. While at Burns and McDonnell, Mr. Toecker participated in successful penetration tests directed at Energy SCADA infrastructure, led multiple cyber security assessments of generation, transmission and control center facilities. In addition, Mr. Toecker has worked federal control system security projects, namely assessments of massive building control systems.
Later in his career at Burns and McDonnell, Toecker was recognized as the subject matter expert at Burns and McDonnell regarding control system security for electric power generation.
Toecker then moved to NextEra Energy, a sister company of Florida Power and Light. At NextEra, Toecker was part of a team responsible for ensuring the compliance and security of multiple generation facilities that had been designated NERC CIP Critical Assets. Toecker’s major activities consisted of ensuring security controls were functional and accurate, ensuring that compliance activities were conducted on a timely basis, interacting with vendors to pursue enhancements and issues, and reviewing the output of controls to meet compliance requirements. Additionally, Toecker was consistently tapped for advanced systems troubleshooting outside of cyber security, as his knowledge of the computing systems was often superior to existing NextEra personnel and field vendor personnel alike.
Toecker continues his work on ensuring the cyber security and reliability of automation systems at Digital Bond. His focus is heavily steered into navigating the dividing line between the engineering and cyber security camps, and developing recommendations that strive to preserve the availability and reliability of the infrastructure, while ensuring that adequate security is being designed to protect against threats to that infrastructure.
- Has worked with, and is knowledgeable of the design as it pertains to cyber security, of most major Generation DCS platforms in use in North America today. Specifically, these are the Emerson Ovation, GE Mark, Toshiba D-EHC, and ABB/Bailey INFI-90 systems.
- Assessment lead for transmission and distribution substation security assessment projects. Vendors and equipment include SEL digital protective relays, GE protective relays (L, D, C series), Cisco networking, RuggedCom firewall and Crossbow systems.
- Lead Engineer for the full implementation of security controls at an 800 MW Combined Cycle Power Plant, involving three different control system vendors.
- Spearheaded the use the Integrated Factory Acceptance Test, an effort to bring three disparate control system platforms into a single facility for common testing of cyber security controls. This effort was successful, in that it validated all security configurations were complete before the installation of the products, reducing outage time and allowing for a faster return to production.
- Developed internal tools and methodologies to streamline and reduce the complexity of cyber security assessments conducted to adhere to NERC CIP.
- Leader of 20+ assessments of Electric Critical Infrastructure in the United States and Canada, and 3 assessments in the SAR of Hong Kong.
- Registered Professional Engineer in Missouri
- BS in Computer Engineering, University of Missouri-Rolla