CASE STUDY | POWER GENERATION

Affordably Unlocking Remote OT Visibility

A power company achieved NERC CIP compliance and enhanced OT cybersecurity via agentless config management in remote substations.

worker-in-hardhat-checking-on-large-power-transmission-equipment

A leading power transmission provider operates across a wide geographic region. This provider is responsible for managing critical infrastructure and providing secure, reliable delivery of electricity. The organization places a strong emphasis on compliance, cybersecurity, and operational efficiency across its remote substation environments.

Challenge

Needed integrated configuration management solution for OS-based and embedded OT devices, including HMIs, relays, RTUs, and communication processors
Required visibility into remote substations using low-speed, serial-based connections without deploying ERC tools directly in substations to minimize NERC CIP reporting burdens
Faced challenges in monitoring configurations and changes across segmented networks for compliance, reliability, and security

Solution

Used Verve® by Rockwell Automation to deploy agent-agentless solution to gather, aggregate, and monitor configuration data from OS-based and embedded OT devices
Installed Linux-based appliances in substations to collect and transmit configuration data and event files over serial connections to a central console
Enabled change management, alerting, and asset inventory including firmware revisions, COMTRADE event files, ports and services scans, and user access details

Result

Achieved NERC CIP compliance while reducing labor and travel requirements to remote substations.
Lowered overall cost by integrating across device types and avoiding the need for costly network taps or span ports
Enhanced cybersecurity through continuous monitoring of configuration changes and used existing corporate tools to reduce solution complexity and cost

Challenge

Bridging Isolated Substations with Low-Bandwidth Infrastructure

A leading U.S. power transmission provider approached Rockwell Automation with a persistent challenge. The provider needed reliable configuration visibility into their OS-based and embedded OT devices for compliance and security—without physically deploying external tools or frequently dispatching personnel.

Their operations comprised of remote substations connected via low-speed serial-based communication (9600–38400 bauds) to a SONET ring and protected by data diode infrastructure

Due to strict NERC CIP compliance protocols, the provider wanted to avoid installing equipment that would increase their audit footprint. They also sought to reduce operational costs by minimizing on-site visits—but they still needed to monitor unauthorized configuration changes and full asset visibility in real time. The other solutions that they explored couldn’t manage this mix of device types or work within such constrained network conditions.

Solution

Integrated Agent-Agentless Architecture for Full-Spectrum Visibility

Verve® by Rockwell Automation deployed its agent-agentless configuration management solution. This unique approach delivered holistic monitoring across IT and OT environments. OS-based assets like HMIs were managed by our agent software, which gathered configuration data and verified compliance against internal standards. For embedded devices—often inaccessible by conventional tools—we used our Agentless Device Interface (ADI) since it’s part of the platform’s core capabilities.

A breakthrough occurred from installing the ADI on a compact Linux-based appliance, which communicated over the client’s existing serial lines to collect data from remote substations. This included configuration files firmware revisions, installed software, port and service scans, and SEL COMTRADE event files. The information was then forwarded to a central console for review.

Increased Visibility to Streamline Operations

To further streamline operations, we placed all collected configurations under change management. Alerts automatically triggered any unauthorized change. Existing corporate tools were used for analysis which supported full integration with the provider’s current technology investments.

Result

Compliance, Visibility, and Security—Without Costly Hardware or Travel

Compliance dashboard visual graph of maturity data

The client achieved NERC CIP compliance with reduced labor and travel. Instead of sending engineers to substations for manual audits or data retrieval, configuration and event data were now securely and automatically transmitted over existing infrastructure.

The project resulted in the following benefits:

Lower costs by reducing the need for span ports, taps, or manual site visits
Deeper asset visibility across OS-based and embedded OT devices
Reduced complexity by integrating with existing corporate tools and avoiding redundant infrastructure

By solving a historically difficult problem in OT cybersecurity—visibility into isolated, legacy devices—we demonstrated how our solutions can deliver powerful, cost-effective outcomes in even the most constrained environments.

Published September 25, 2025