Energy Investment Firm Seamlessly Adds Plants to Portfolio Through Cloud
Hull Street Energy, LLC
Hull Street Energy is a Bethesda, Maryland-based energy private equity firm that invests in independent power plants. In the energy industry, private equity firms often purchase plants that sell electricity to utilities wholesale. While the firm has a portfolio of power producers similar to other firms in their business, they operate a little differently: Hull Street Energy runs the plants it acquires, so the firm is directly involved in the IT and OT infrastructure of dozens of facilities.
Preparing for IT Migration
In 2020, the firm purchased hydroelectric power plants in river basins throughout the U.S. from energy company Enel, creating a subsidiary the firm named Central Rivers Power U.S. (CRP). With that maneuver, Hull Street Energy knew they had some work to do to migrate Enel’s infrastructure into their business.
In anticipation of the acquisition, Hull Street Energy needed to gain an understanding of Enel’s existing IT and OT assets and data systems to prepare to integrate and take over its operations, which included five offices, 34 plants, and 52 potential new employees.
Each of these plants is a hydroelectric facility located in a river basin, often remote, with minimal if any staff. It’s a setting that can be vulnerable for several reasons.
- Physical security—From protective hardware to prevent trespassers from accessing the dam or its gates to disrupt power generation, to controls to manage water levels for the safety of the surrounding area.
- Digital security—As plants are networked, there were vulnerabilities to malware targeted attacks by anyone who might be looking to destabilize critical American infrastructure.
Looking at The Big Picture
ProArch began the transition project with intensive discovery and planning. The ProArch team visited every plant and office. They noted the equipment in use. Took more than 2,500 photos for reference. Studied how the plants currently talk to each other. And gave personnel a questionnaire to see which applications staff were using.
Next, the team formulated a solution to address their findings and came back to the firm with its proposal. The holistic plan considered the control systems on the OT side, software, hardware, and monitoring, all related. And how each plant could be optimized with maximum flexibility to enable sharing information while securing sensitive data.
The centerpiece of the solution: a cloud-based architecture. With the client’s approval, ProArch migrated Enel’s systems over to a standardized one featuring:
- Microsoft Azure
- Microsoft365 applications for all users (including configuring each of their desktops and backed up by Veeam)
- Microsoft OneDrive for simple, secure data storage and organization
- Microsoft Defender Advanced Threat Protection
- Azure Conditional Access, Multi-factor Authentication and Azure Security for logging, alerting and access controls
- Microsoft SharePoint for easy collaboration across offices and plants
The security-first architecture features two-factor authentication throughout the network that protects critical infrastructure beyond standard North American Electric Reliability Corporation (NERC) CIP requirements. On the operations side, dam controls are protected by remote 2-factor authentication, which also resides in the cloud.
Going forward, ProArch will serve Hull Street Energy’s continuing IT and OT needs related to its acquisition of Enel’s assets, from system maintenance to monitoring, ensuring a secure, reliable environment.
An IT Infrastructure Aligned with Business Goals
Hull Street Energy is successfully integrating CRP, with its dozens of sites, offices, and staff, into its portfolio. Thanks to a Microsoft-powered, cloud-based solution designed by ProArch, the firm has:
- A user-friendly environment for staff, who can now access all of the data and applications they need through a standardized infrastructure with a consistent fit and feel for everyone. Not only when it comes to their Office applications, but in the consistency of their hydro controls and dam controls as well—staff can go work across multiple plants easily.
- A secure environment across the country—both operationally and technologically—in which staff can control which devices are approved to communicate while those that don’t need to aren’t enabled to, increasing security.
- The firm also recognized a principle ProArch lives by: Just because you’re compliant doesn’t mean you’re secure. They followed ProArch’s recommended IT best practices related to cybersecurity, which exceeded standards set forth by the industry’s North American Electric Reliability Corporation (NERC) requirements.
- A valuable selling point should the firm ever sell the plants, as the cloud-based infrastructure makes migration painless for the prospective buyer.