News release

HP Unveils Security Solution to Help Energy Companies Meet Regulatory Requirements, Reduce Risk

	Related Links
	»	Security
	»	Software

HP today introduced an integrated security appliance for energy customers that provides an additional line of defense against cyber-security threats and helps automate compliance tasks.

The HP Trusted Compliance Solution for Energy (TCS-e) helps power and energy companies mitigate security risk by providing robust protection against threats from computer hackers. The automation technology in HP TCS-e also helps energy companies reduce the business risks and costs associated with noncompliance, such as regulatory audits, sanctions and hefty fines.

The solution combines HP compliance automation software and storage technology with event data management security analysis software from SenSage, Inc. It also includes the HP Atalla (FIPS) 140-2 Level 4-certified hardware-based security subsystem, which provides cryptographic operations – privacy, integrity, authentication and non-repudiation – and hosts the security-sensitive portions of the TCS-e applications.

HP TCS-e was designed specifically to meet the cyber-security, compliance and audit requirements of the North American Electric Reliability Corporation Critical Information Protection (NERC-CIP) 002-009 reliability standards mandate.⁽¹⁾ Approved nearly a year ago, the mandate calls for energy operators to implement and demonstrate appropriate controls, which require compliance documentation, security event monitoring, incident alerting, forensic analysis and event data retention.

To help energy customers meet these compliance requirements, HP TCS-e automates the NERC-CIP compliance management processes and transforms an energy operator’s intent to comply with new regulatory standards into actual plans, controls, records and processes.

"According to our research, HP platforms run the systems that control 65 percent of the world’s electric power transmission,” said Chuck Newton, president of Maryland-based Newton-Evans Research. “With these new security appliance products, HP is addressing many of the required NERC-CIP cyber-security and compliance tasks by transforming a company’s compliance processes from manual to automated and sustained. The TCS-e security solution undoubtedly will raise the bar for cyber-security, reliability and compliance solutions in our industry.”

The TCS-e solution’s ability to monitor user, system and network activity enables organizations to effectively respond to risks, demonstrate compliance and conduct thorough investigations in the event of a cyber-security threat. The solution provides for a purpose-built data store that optimally compresses collected data and reduces access time for data retrieval. This enables users to analyze terabytes of information in much less time compared to systems that store data using relational databases.

“As the provider of the IT backbone for a large part of the energy industry, HP works to keep operators’ services up and running while helping them face the changing regulatory environment,” said Martin Fink, senior vice president and general manager, Business Critical Systems, HP. “The TCS-e solution demonstrates HP’s ability to design integrated HP Integrity-based solutions that help address customers’ most critical business issues.”

Jim Pflaging, president and chief executive officer, SenSage, said, “Collecting, analyzing and storing log event data can be daunting due to the sheer volume of data involved, and the process becomes more complicated and critical for organizations that must adhere to specific industry regulatory requirements. The HP solution, integrated with SenSage’s robust data management software, helps utility customers protect their vital information and improve their audit responsiveness.”

HP provides a full range of solutions that deliver comprehensive security to help customers meet industry-specific regulatory standards and compliance measures. Security is also a key enabler of HP’s Adaptive Infrastructure initiative, which builds next-generation data centers to enable 24x7 lights-out computing.

The HP Trusted Compliance Solution for Energy is available now. More information is available at www.hp.com/go/TCS-energy.

About HP

HP focuses on simplifying technology experiences for all of its customers – from individual consumers to the largest businesses. With a portfolio that spans printing, personal computing, software, services and IT infrastructure, HP is among the world’s largest IT companies, with revenue totaling $94.1 billion for the four fiscal quarters ended Jan. 31, 2007. More information about HP (NYSE: HPQ) is available at http://www.hp.com.

⁽¹⁾ The NERC CIP-002-1 thru NERC CIP-009-1 standards and NERC CIP FAQ are copyright protected by the North American Electric Reliability Corporation. HP’s use of these terms does not represent an endorsement or recommendation of this product by NERC or any of its officers. The NERC CIP-002-1 thru NERC CIP-009-1 specifications and NERC CIP FAQ can also be found on the NERC website. A complete set of NERC’s current standards is available at www.nerc.com/~filez/standards/Reliability_Standards.html.

This news release contains forward-looking statements that involve risks, uncertainties and assumptions. If such risks or uncertainties materialize or such assumptions prove incorrect, the results of HP and its consolidated subsidiaries could differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements, including but not limited to statements of the plans, strategies and objectives of management for future operations; any statements concerning expected development, performance or market share relating to products and services; anticipated operational and financial results; any statements of expectation or belief; and any statements of assumptions underlying any of the foregoing. Risks, uncertainties and assumptions include the achievement of expected results and other risks that are described from time to time in HP’s Securities and Exchange Commission reports, including but not limited to the risks described in HP’s Quarterly Report on Form 10-Q for the fiscal quarter ended Jan. 31, 2007. HP assumes no obligation and does not intend to update these forward-looking statements.

© 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.