Search
Results will appear here...

Building Resilience: How Powin Protects Critical Infrastructure All Year Round

There’s more to October than pumpkin spice lattes and jack-o’-lanterns. It’s also Cybersecurity Awareness Month, as declared by the US Congress in 2004. It is a month for public and private sectors to work together to raise awareness of cyber threats on a local, national, and global scale.

Earlier this month, we shared some of the many ways we safeguard our systems internally and at the grid level against the threat of cyberattack. This list included things like investment in IT/OT convergence, proprietary firmware and software, our supply chain resiliency, and physical security at our Battery Energy Storage System (BESS) sites.

However, as cybersecurity threats continue to evolve, regular updates, audits, and compliance with cybersecurity regulations are part of our ongoing process to maintain the highest standards of protection. At Powin, cybersecurity is never a one-time effort, but a continuous commitment.

Compliance with Industry Standards

At Powin, we work to ensure that our systems remain secure and in compliance with industry-leading national and global cybersecurity regulations in the energy sector.

NERC CIP

The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards focus on securing critical infrastructure by enforcing strict controls over operational technology (OT). Powin complies with NERC CIP to protect the reliability of energy systems, ensuring robust access controls, real-time monitoring, and effective incident response protocols.

SOC2

Service Organization Control 2 (SOC2) is a framework designed to secure customer data by evaluating the effectiveness of controls in five key areas: security, availability, processing integrity, confidentiality, and privacy. SOC2 is essential for ensuring that Powin’s systems safeguard sensitive information and meet industry expectations for data protection.

NIST-800 Framework

The National Institute of Standards and Technology (NIST-800) framework provides comprehensive guidelines for managing cybersecurity risks. It focuses on areas such as identity management, continuous monitoring, and incident response, helping Powin ensure its systems are resilient and adaptable to emerging threats.

ISO27001

ISO/IEC 27001 is an internationally recognized standard for information security management. It sets the requirements for establishing, implementing, maintaining, and continuously improving an organization’s information security management system (ISMS). Powin is currently in the process of achieving compliance with ISO27001.

Compliance Matrix: Key Industry Standards and Powin’s Approach

Below is a summary of how these standards overlap across key cybersecurity topics and how Powin emphasizes cybersecurity in all aspects of our products and larger organization.

 

Core Security Requirement Summary Powin
Electronic and Physical Access Control Control and monitor access to digital systems and physical infrastructure to prevent unauthorized entry.
  •  Leverages Zero Trust Architecture through items like: Least Privilege Access and Strong Identity Management (MFA, identity management)
  •  24/7 surveillance and facility access management (performed through Powin Remote Operations Center)
Network Security Protect IT and OT systems by securing networks and controlling access to them.
  • ICS micro-segmentation
  • Third party audits
  • Constant automated system scanning for vulnerabilities
  • Purdue model, the industry standard that separates ICS architecture into two zone, creating “air gaps” for safe collaboration
Risk Management Identify, assess, and mitigate cybersecurity risks across IT/OT environments.
  • StackOS Gatekeeper provides customer safeguards, preventing any bad actor from controlling systems through the internet
  • All Powin software/firmware engineered, designed, and managed in the US
  • Regular penetration testing by internal and external CISSP/eCPPT certified professionals
  • Perpetual scanning of all Powin-created software to identify emergent and existing exploits
Incident Response and Recovery Detect, respond to, and recover from cybersecurity incidents to minimize or eliminate disruption.
  • Incident response plans tailored to customer needs
  • Routine exercises simulating security and major infrastructure emergencies
Data Protection Prevent unauthorized access to all IT/OT data.
  • Industry-standard encryption of all data both in transit and at rest
  • GDPR, UKGDPR, APP, CCPA compliant data management program
Asset and Change Management Tracks and manages hardware and software assets, ensuring they are updated and protected. Controls and documents changes to systems, ensuring they are tested and authorized to prevent disruptions.
  • StackOS Patch Management organization works with customers to safely update systems to minimize disruption
  • All patches automatically verified for malware and exploits
  • Comprehensive inventory and firmware management program of networked devices (switches/routers etc.)

By viewing cybersecurity through the lens of proven frameworks, we prove our commitment to ensuring that systems meet customer requirements and demonstrate our willingness to go above and beyond. This proactive approach allows us to deliver secure, reliable energy storage solutions to our customers, safeguarding both their operations and their data.

Cybersecurity All Year Long. Not Just October.

No company or individual can legitimately claim to be future proof from cyberattacks. But we can be future ready. At Powin, our focus on safeguarding our BESS never wavers. We encourage everyone to treat Cybersecurity Awareness Month as a reminder to remain vigilant in their own personal and private cybersecurity.

Mahesh Sathe, VP of Systems Operations at Powin

Norman Farquhar, Director of Product Management at Powin

For the latest updates and news please visit our website or connect with us on LinkedIn.

UP NEXT
All News