Fortress, AEP team up to help protect power grid from cyber threats

Fortress Information Security launched a joint venture with American Electric Power to help protect the U.S. power grid from cyber threats.

The venture, called Asset to Vendor Network for Power Utilities (A2V), promotes collaboration among electric companies to reduce the costs associated with cybersecurity regulatory compliance

“Building the A2V Network is consistent with Fortress’ mission to secure critical infrastructure,” Alex Santos, the CEO of Fortress, said. “Our team is looking forward to working with AEP and other electric energy companies in taking this next step to secure the North American grid.” Fortress, based in Orlando, FL, specializes in securing the supply chain and industrial assets of North American critical infrastructure.

Santos points out that power utilities share many of the same vendors for equipment, software, and services. This has been recognized by malicious actors and has resulted in an increasing number of attacks on the power grid. To address this risk, the Federal Energy Regulatory Commission (FERC) issued new rules that require utilities to develop a plan for managing cyber risk related to their supply chain. Part of that calls for prioritizing vendors based on risk and requirements and verifying the authenticity of software manufacturers and the integrity of the software.

Utilities must file a plan by June 2020. Those that don’t meet the deadline can face penalties, ranging as high as $1,000,000 per day.

This compliance requirement can be potentially burdensome to vendors. Thus, Fortress created a platform to help vendors share technology and information to support security efforts for these vendors. The platform, developed in collaboration with AEP, includes a library of vendor risk assessments that comply with the new regulations. Power companies that join A2V will be able to purchase vendor assessments for much less than it would cost for them to conduct the assessment themselves. Utilities will also be able to contribute their own assessments for purchase by the network and receive a portion of the proceeds.

“Power utilities need to work together to accomplish our shared goal of a secure power grid. A2V offers the opportunity for companies to collaborate and help mitigate the significant costs of protecting the grid,” Stephen Swick, director of cybersecurity intelligence and defense for AEP, said.