White Paper: Cybersecurity for Combined Cycle Powerplants

White Paper: Cybersecurity for Combined Cycle Powerplants

Download Paper

Learn how Industrial Defender worked with the plant commissioning team for a combined cycle power plant to provide complete cybersecurity asset monitoring and NERC-CIP compliance for a complex control system with dozens of vendors.

Customer Profile

A Fortune 500 power utility company that operates fossil generation plants. They are in the process of transitioning from traditional coal and increasing power generation using clean fuel sources such as LNG as well as sustainable sources like solar and wind.

Goals & Challenges

The customer was looking for a mature platform that is able to gather compliance data (NERC CIP, etc.) and able to perform cybersecurity monitoring of assets on its Industrial Control System (ICS) control networks as data is able to be provided for capture. This platform needed to be vendor neutral and be able to interoperate to gather data towards achieving compliance. Besides traditional servers and workstations, the solution needed to be able to gather data from other devices such relay gateways, GPS time sync servers, Programmable Logic Controllers (PLCs), PLC HMIs and industrial switches.


The Industrial Defender engineers worked hand-in-hand (as part of the plant commissioning team) with the Prime Contractor, SCADA supplier, DCS vendors as well as the plant owners engineering and cybersecurity team members. Together they designed and built the end-state for cybersecurity to include integration of the Industrial Defender ASM solution. Activities performed by Industrial Defender included:

Integration plans for the ASM within the plant to monitor each asset
Implementation of monitoring of every asset
Consulting on NERC CIP requirements and how the Industrial Defender ASM assists with compliance
Custom configuration of the ASM user interfaces and reporting subscriptions to meet the end user’s needs
Reduction of manual collection data collection for NERC Compliance as a result of ability to collect information from lower level endpoint endpoints using a new CIP collector