The National Security Program is singularly focused on defending and securing the Republic and the American Way of Life.
The American Way of Life only exists if our local Critical Infrastructure is available and working for us. Almost every aspect of our lives is underpinned by technology, so it can be undermined by cyber adversaries.
We will actively work with your leadership team to establish high-level buy-in and a formal structure to create the conditions needed for proactive security rather than reactive security actions. Our approach is “Compliance does not equal security, but security does create compliance.” So our focus is:
Cyber-Physical Convergence: DHS and CISA strongly emphasize that physical security and cybersecurity can no longer be managed in silos. They must be integrated under a single security strategy.
Performance Goals: Implementation of sector-specific performance measures and Action Plans to accomplish improvements.
Compliance & Standards: Adherence to sector-specific mandates, such as NERC CIP (Energy), TSA Security Directives (Pipeline/Rail), or the Chemical Facility Anti-Terrorism Standards (CFATS).
We will work across your organization, and within the framework of your choice, to identify, assess, document, and recommend risk mitigations to optimize resiliency for your infrastructure and systems.
Threat Identification: Leveraging FBI InfraGard and CISA Central, as well as our deep expertise on what malicious actors are doing across New England, to recommend adjustments to risk assessments and mitigation strategies.
Vulnerability Assessments: Using tools like CISA’s Cyber Resilience Review (CRR) to identify weak points in systems and facilities.
Impact Analysis: Determining the "consequence of failure." If this asset goes down, how many lives are affected? How is the economy impacted?
We will work with your security teams to fuse security planning and operations into a holistic executable program. Physical and Cyber security programs that operate in “cylinders of excellence” are no longer able to defend Critical Infrastructure against the Nation-State actors who are attacking us.
Physical Layer (FEMA/DHS Standards)
Concentric Circles of Protection: Designing security in layers—starting from the property perimeter, moving to the building envelope, and ending at the high-value asset (e.g., the control room and hardware).
Access Control: Implementing PIV/HSPD-12 compliant credentialing for all personnel.
Cyber Layer (NIST CSF)
OT/ICS Hardening: Applying specific protections to Industrial Control Systems that cannot be patched as easily as standard IT.
Network Segmentation: Using the Purdue Model to air-gap or strictly control traffic between the public internet and the utility's "nerve center." Assume Breach.
Partner with the Cyber Defense Services Here
We will work with your Human Resources, Security, and Information Technology Leaders to create and implement an effective insider threat program for your organization. Insider Threats come in three variations: clueless, careless, and malicious. We’ll partner with you to transform clueless into awareness, careless into caution, and to recognize and react to malicious actions within your circle of trust.
Insider Threat Programs: Training staff to recognize behavioral indicators (e.g., unauthorized data access, attempts to bypass security) as outlined in FBI threat briefs.
Security Culture: Moving beyond annual check-the-box training to a culture of "See Something, Say Something."
Partnering with our Cybersecurity Practice, we will work with your leadership to create, improve and exercise your incident response and continuity of operations plans. The tactics, techniques, and procedures (TTP) of our adversaries, with the assistance of Generative Artificial Intelligence, now change so quickly that we recommend exercising and updating these plans at least ANNUALLY.
Incident Response Playbooks: Specific, rehearsed plans for ransomware, physical sabotage, or natural disasters.
Manual Overrides: Ensuring that even if the digital brain is destroyed, operators can still run the utility manually.
Supply Chain Resilience: Vetting the hardware and software vendors to ensure that "backdoors" aren't introduced via third-party components (SCRM - Supply Chain Risk Management).
Partnering with your Executive Leadership team, we provide consulting services to support policy and compliance development that adheres to, and aligns with, State and Federal law, policy and regulatory processes.
Regulatory Support: These services ensure your organization’s policy, procedures, and standards adhere to, and align with, State and Federal Regulations such as those that come from the Environmental Protection Agency, State Environmental Agencies, The Department of Energy and State Public Utilities Commissions, for example.
Privacy Framework Certification Support: These services assist you in achieving inclusion on the Department of Commerce’s list of those who comply with the Data Privacy Framework for the European Union, Great Britain, and Switzerland.
We’re proud to support New Hampshire service members, veterans,
and their families. Learn More
