Energy and critical infrastructure

NIS2-essential entities — power, gas, water utilities — with both IT and OT-adjacent components.

Energy and critical infrastructure clients live in the strictest tier of the NIS2 regime: essential entities, with the corresponding penalty exposure and reporting obligations.

Our engagements in this sector cover the corporate-IT layer (which looks like any other enterprise) and the OT-adjacent layer (where the consequence model is fundamentally different). We are explicit that we are not OT specialists per se — we partner with sector specialists for the deeply OT-internal work — but we cover the IT/OT boundary, awareness across OT-adjacent staff, and crisis-management exercises that span both worlds.

Our largest energy-sector engagement to date is a four-year framework agreement with a regional power utility covering NIS2 readiness, annual tabletop exercises, awareness programme oversight, and quarterly executive reporting.

How we help

• NIS2 essential-entity readiness across IT and IT/OT boundary
• Annual coordinated tabletop exercises for crisis management
• Awareness programme oversight for control-room and field-engineering populations
• Third-party security oversight for ICT suppliers to the utility

Talk to us

To discuss your energy and critical infrastructure security programme, contact office@ellipseproject.com.