SecureWorks Helps Utilities Comply with NERC's Cyber Security Standards

Enhanced Exam and Board Reports include New CIP standards

Atlanta, GA, July 25, 2006 - SecureWorks, a leading provider of Managed IT security services to the utility industry, is announcing its new enhanced exam and board reports. The new reports are making it manageable for utility companies to demonstrate best practices and compliance with the Cyber Security Critical Infrastructure Protection (CIP) standards adopted in June by the North American Electric Reliability Council (NERC).  SecureWorks provides security services to over 1,300 clients in the US and abroad, including network and host intrusion prevention, firewall management, vulnerability assessment, encrypted email, and email filtering.

All entities responsible for the reliability of the Bulk Electric System (including investor-owned utilities, most generation and transmission (G&T) cooperatives, and municipal joint action agencies) in North America are required to produce 12 months of auditable data, documents, logs and records on their information security controls in order to be compliant with the new CIP standards. Additionally, while many smaller entities, (such as most distribution cooperatives and municipal utilities) are not required to comply, they are adopting the CIP standards as best practices.

"NERC has outlined cyber security standards which help utility organizations identify and protect their critical cyber assets, and SecureWorks has a system in place to effectively track these efforts," said Mike Cote, president and CEO of SecureWorks. "Having on-demand reports from SecureWorks is a simplified way to illustrate - in black and white - your security position to the NERC auditors, your board and your management."

SecureWorks is providing on-demand reports that show how a utility's practices are matching directly to the CIP requirements. SecureWorks is also providing enhanced reports with easy-to-read graphs and tables that clearly identify attempted cyber attacks, attack targets, results of attacks and attack trends. "Whether it's providing evidence of compliance or wanting a clear picture of your information security landscape, we automatically populate data from our database into the reports," explained Cote.

"In this age of hackers and malicious Internet activity, electric utilities have a great responsibility to ensure the security of customer and utility information," said Barry Lawson, Manager, Power Delivery for the National Rural Electric Cooperative Association (NRECA). "Having straightforward reports, such as these, that outline an organization's Internet security controls are highly beneficial to any utility company, whether it is required to comply with the NERC Cyber Security standards or not."

The new CIP standards, CIP-002 through CIP-009, have been in development since July 2003. They address the need to protect the computer infrastructure supporting the continuous, secure operation of the Bulk Electric System in North America. Responsible entities must begin implementing these standards by the end of second quarter 2007, and complete implementation by demonstrating compliance to an auditor by the end of second quarter 2010.

A complete list of NERC's new CIP standards and the requirements on when to implement them can be found on NERC's Web site at www.nerc.com. You may also contact SecureWorks for more information at 1.877.905.6661 or info@secureworks.com.

About SecureWorks

SecureWorks, named by the Yankee Group as a leading MSSP, ranked 79th on the Inc. 500 Fastest Growing Private Companies List for 2005 and 39th on the 2005 Deloitte Technology Fast 500, a ranking of the 500 fastest growing technology companies in North America.  SecureWorks is the only service that prevents network intrusions at the perimeter, firewall and host levels; monitors client networks 24 x7x365; provides ongoing vulnerability assessments; and protects email from spam and viruses while automatically encrypting email to protect confidential information. SecureWorks is a member of the elite FIRST (Forum of Incident Response and Security Teams). It has been listed twice on CIO magazine's "CIO 100 List". www.secureworks.com.