Jerome Farquharson, CISSP

Jerome Farquharson, CISSP
Practice Manager, Compliance & Infrastructure Protection
Email Jerome
P: 314-682-1628
F: 314-682-1600

Cybersecurity: Identifying Threats, Vulnerabilities

Cybersecurity: Identifying Threats, Vulnerabilities

Every day there’s a new threat to your business’ critical cyber assets, and most businesses operate without knowledge of these catastrophic vulnerabilities.

In May 2010, James Miller, principal deputy undersecretary of defense for policy for the U.S. Department of Defense, noted the nation is losing enough data from cyberattacks to fill the Library of Congress many times over.

Attackers could manipulate power-grid data by breaking into substations and intercepting communications between substations, grid operators and electricity suppliers. This data could be used to artificially establish electricity prices and upset the balance of supply and demand, according to Texas A&M professor Le Xie, speaking at the IEEE SmartGridComm2010 conference in Gaithersburg, Md.

Advanced Approach to Protecting Cyber Assets

You can’t afford to wait until you’re a target.

With decades of experience securing both the private and public sector networks, Burns & McDonnell assesses your risk, recommends mitigation measures and implements holistic security solutions that keep your business operating while ensuring the confidentiality, data integrity and continued availability of mission critical data.

Any device connected to your corporate network from a smart phone to a thermostat to a remotely monitored substation could introduce new vulnerabilities, introducing security weaknesses that your in-house information technology staff can easily miss. Burns & McDonnell security professionals use government security expertise to comprehensively evaluate your network infrastructure, identify weaknesses and mitigate risks.

Don’t wait until you’re the target. The costs of cyber crime are too high — interruption in operations, lost revenue and a damaged reputation. Proactive, holistic cybersecurity starts with Burns & McDonnell.

   Hear how Burns & McDonnell has helped ITC Holdings understand and implement programs to comply with NERC CIP standards.
  • Cybersecurity gap analysis and remediation
  • Cyber vulnerability assessment and remediation
  • Generation and transmission control system engineering and design
  • Physical security vulnerability assessment and remediation
  • Security policy design and development
  • Compliance program governance, management and automation
  • Critical asset and cyber asset identification methodology
  • NERC reliability and CIP compliance planning
  • NERC reliability and CIP compliance mock audit
  • Nuclear cybersecurity design and implementation
  • NRC cybersecurity plan compliance planning
  • NRC critical digital asset identification and tracking
  • Staff augmentation and training
  • Rate analysis
  • AURORA mitigation


CIP-014: Understanding the Standard

CIP-014: Understanding the Standard

In a free webinar, experienced professionals discussed strategies and provided examples for managing the fast-tracked standard from a physical security, compliance, cybersecurity and regulatory perspective.

Available on demand

Power Engineering: Integrated Factory Acceptance Tests

A factory acceptance test (FAT) often follows the addition, modification or upgrade of safety instrumented systems or others critical to the operation of a facility. Cyber security, because if its impact on the safety of critical systems, should be integrated with the FAT.

Read more

Power Utility Cybersecurity Webinars

For guidance in understanding and complying with NERC Critical Infrastructure Protection regulations, check out our series of webinars.

Watch now



The U.S. power grid generates and delivers power — just as it was designed to do. But as cyberattacks become more sophisticated and targeted, protecting the grid is of utmost importance.

Read more