The Cyber Security Project established implementation priorities based upon the gap analysis performed and cyber security vulnerability and risk assessment identify technology recommendations, cost estimates and budgets, process improvements, policy and procedure, recommendations, migration roadmaps, test plans, emergency and disaster recovery plans related to the cyber security operation and maintenance requirements for control, communications, SCADA and cyber related business systems

The scope of technical services work includes:

• Prepare an outline of the policies and procedures required by the NERC Critical Infrastructure Protection CIP standards.
• Discuss these requirements with the management and staff of Anaheim
• Prepare a draft set of policies, procedures, lists, forms, etc that are required by the standards.
• Provide a technical vulnerability assessment of the cyber security of existing utility control, communications, SCADA and cyber related business systems to protect against security breaches from hackers, software virus or other threats.
• Provide a performance and security risk analysis of existing control, communications, SCADA and cyber related business systems.
• Perform of a “gap” analysis between the utility’s existing cyber security and FERC/NERC cyber security requirements for existing control, communication and cyber related business systems.
• Develop a plan to ensure the Cyber Security Project is in compliance with FERC/NERC Cyber Security Standards in as expeditious manner as possible, and in compliance with the schedules mandated by FERC/NERC.
• Provide guidance and oversight of implementation of the Cyber Security Project.
• Provide FERC/NERC regulatory and regulatory compliance knowledge transfer to Utility personnel to ensure the on-going long-term success of the Cyber Security Project.

Provide additional regulatory compliance consulting/recommendations for future changes in the FERC/NERC CSRS.