Security measures implemented at hydropower facilities are the responsibility of the licensee. Division of Dam Safety and Inspections (D2SI) assists licensees when requested, or provides points of contacts to those requesting further information. The D2SI monitors the security programs and measures implemented by dam owners.
D2SI conducts periodic security inspections of projects based on the current threat conditions and as determined by the Attorney General and the Office of Homeland Security in order to insure the security of FERC hydropower projects. These inspections determine if the licensees have implemented a security plan appropriate to site conditions and to current threat conditions while remaining flexible enough to address elevated threat conditions. As a special focus of the Dam Safety Inspections, the FERC D2SI Engineer will evaluate the level of security, both physical and cyber, that is in place at facilities having the potential of causing significant to high consequences if attacked.
CyberForce leverages enterprises architecture models and frameworks to achieve comprehensive documentation of our customer’s active infrastructure. This data is used to populate the FedRAMP SSP templates for comprehensiveness. The complete system is then subject to a thorough and detailed RMF analysis to zero in on critical assets and assets in the critical path. Once this is done we leverage the NIST 800-53 and FedRAMP standards to undertake complete testing of the system.
As part of the baselining exercise, we leverage Client Staff to accomplish as complete a coverage as possible, as opposed to a statistical model, which is reserved for ongoing checks. This approach is taken to close the door on the would-be hackers banking on systems being left untested over time. We leverage proprietary and standard tools such as DHS CSET and CSAT.
We proceed further into CyberForce created micro-object models to document the results at a granular level. This micro-object oriented model allows us to compile state of security along many slices – such as state of security for a particular geography and for a specific set of systems.
Observations are cross walked to CIP and other relevant standards as well as any internal client system security framework of controls. It is this Architecture to Artifacts comprehensiveness that is representative of CyberForce’s value.