From left, Dave Taylor, CIP specialist, and Carl Epping, risk assessment mitigation engineer, MRO, examine data center equipment with Andrew Thompson, SCADA technician, and Larry Brusseau, compliance director.
Two auditors from the Midwest Reliability Organization (MRO) conducted a critical infrastructure protection (CIP) audit Jan. 29-31 at Corn Belt Power Cooperative, reviewing cybersecurity components of the cooperative's bulk electric system assets.
Because Corn Belt Power operates transmission system facilities above 100 kilovolts, it must complete a process that categorizes its assets into three risk levels: low, medium and high. Corn Belt Power personnel determined that two assets - the control center and the backup control center - are at medium risk and nine 161 kilovolt switching stations are at low risk.
From the three CIP cybersecurity standards that were audited, MRO personnel Dave Taylor and Carl Epping randomly chose to examine equipment including computers, firewalls and the supervisory control and data acquisition system, all located in the control center and backup control center.
Corn Belt Power will receive a draft report of the audit in about one month. This type of audit is conducted every three years.
Larry Brusseau, compliance director, Corn Belt Power, says Corn Belt Power staff has been preparing for the audit since last July. He notes the importance of thwarting attempts to breech Corn Belt Power's cybersecurity and access its bulk electric system. "We are always looking for intruders, for system vulnerabilities and seeing what can be improved. It's our function to minimize our cyber profile and mitigate any attempts to gain access."