Improved Security Posture and Reliable Team for Power Plant Under New Ownership
About Garrison Energy Center
Garrison Energy Center is a 309MW combined-cycle gas-fired electric generating facility in Dover, Delaware. Garrison is an energy plant that converts energy into bulk electrical power.
Solutions Used
- OT Managed Detection and Response
- OT Threat Assessment
- Support Managed Services
- IT Transition Services
- Azure Cloud Services
- Microsoft 365
A Tight Transition Deadline
Garrison Energy Center had just been bought by an investor, which created some challenges for their IT operations.
Before, their IT operations had fallen under a corporate umbrella; now that they had new ownership, they didn’t have all the information they needed about potential security vulnerabilities. They also needed to figure out if the previous owner and former vendors still had backdoor access. Additionally, they needed to bring their IT environment over to the new system, all within six weeks.
Transition, Assessment, and Continuous Support
ProArch was already contracted with Garrison’s new owner, so in May 2019, ProArch started moving Garrison’s entire IT operations over to the owner’s infrastructure. ProArch moved: personal computers, internal Wi-Fi network, regulatory networks, phones, and site security items like security cameras and access controls.
Less than six weeks later, Garrison’s entire IT environment was fully integrated with their new owner.
With the transition complete, ProArch did an OT Threat Assessment to determine the security baseline of the OT network and what Garrison could do to tighten security.
“I was concerned that we had vulnerabilities—that the previous owner might still be able to access our system through backdoors,” says Gerald Kissel, plant manager at Garrison Energy Center. “During the assessment, ProArch found areas that the previous owner and other vendors could get in. So the ProArch team started putting remedies in place.”
First, ProArch set up a SecureLink system, which gave contractors and outside vendors separate access and used a secure portal with multi-factor authentication to allow users to get into the plant network. Now, when someone tries to access the network, the control room operator can approve access to the DCS, an email is sent out to the IT team, and the time of entering and exiting the network is timestamped. This process has helped Garrison stay compliant with NERC reliability standards for the electrical grid.
ProArch also connected Garrison with another vendor, SCADAfence. SCADAfence is a non-intrusive continuous network monitoring solution that provides visibility and security for organizations using advanced Industrial IoT/OT technologies. The ProArch team felt this vendor would be an important piece of Garrison’s security system. After a proof of concept, SCADAfence provided an automated monitoring system to determine who was coming in and out of the network.
“They changed firewalls, network switches, and the way the network was set up,” Kissel says. “They took out all the vulnerabilities or ways to access the system and tightened it up.”
A Mature Security Program and a Reliable Team
What have the results of Garrison’s engagement with ProArch been?
“Today, I feel that we have a very secure system,” Kissel says. “Not only do I control access through vendors, but I also have automated monitoring, and ProArch is always there to assist us.”
Additionally, ProArch continues to provide the following services:
- Take care of network health, security patches, and antivirus updates
- Assist with third-party vendors including adding any new hardware or software
- Ensure hardware is compatible with the network
- Act as an IT service desk (“You put a ticket in, and within the hour, someone will respond to you, and it’s usually resolved by the end of the day,” Kissel says.)
Control
On the plant side, Kissel has more control over the network and a better understanding of what’s going on at a corporate level. Everything is set up in such a way that Garrison’s IT is prepared for any change.
“If we ever transition to another IT service or are sold again, we won’t have a scramble,” Kissel says. “We will just unplug a couple of wires and put a new service provider in charge. That’s about it. Even if the new company didn’t want to go with ProArch. it would be easy to transfer to another service because ProArch was so professional and meticulous about setting everything up.”
Peace of Mind
With best practices in place, Kissel doesn’t have to worry about compliance regulations or cyberattacks.
“Compared to other plants in our NERC category, we’re ahead!” Kissel says. “ProArch is helping us implement security best practices to stay compliant and ensure our cybersecurity is very locked down.”
And having their IT and OT security locked down means that cyberattacks aren’t nearly as troubling as they once were.
“When the E-ISAC [Electricity Information Sharing and Analysis Center] was sending out a lot of alerts about cyberattacks, I wasn’t that worried about it because I knew that SCADAfence would pick up any threat as soon as somebody tried to get in, and ProArch would shut it down with their firewall rules,” Kissel says. “So it really wasn’t a concern like it would have been for me in the past.”
ProArch has become a part of Kissel’s team.
“They’re integrated like employees,” he says. “The people who have worked with us from the beginning are still with us. It’s been a nice relationship with ProArch.”
“If we ever transition to another IT service or are sold again, we won’t have a scramble. Even if the new company didn’t want to go with ProArch, it would be easy to transfer to another service because ProArch was so professional and meticulous about setting everything up.”