Independent technology governance for the systems where the cost of failure is measured in public health, public safety, and lives.
Utilities and critical infrastructure operators run OT, IT, SCADA, AMI, and operational technology platforms whose failure has consequences far beyond the budget. Federal directive cycles tighten. Cyber-physical threat surface grows. The cost of a wrong vendor decision is measured in customers, communities, and regulatory exposure.
US critical infrastructure sectors designated under PPD-21, each with its own regulatory architecture
community water systems serving the United States, the largest sector in PPD-21 by count
cyberattacks on utility infrastructure in 2024, a 70 percent year-over-year increase
incidents tracked through the CISA Operations Center in 2025
Critical infrastructure operators inherit a vendor-driven OT landscape that was never engineered with current threat surface in mind, on top of regulatory frameworks that change faster than the equipment lifecycle. AWIA. NERC CIP. TSA Security Directives. Each has its own audit posture, its own evidence trail, its own consequence structure. The operators on the inside need someone whose loyalty runs to the operation, not to the platform.
That is the work Sentinel does for utilities and critical infrastructure. We govern the program. We never sell the platforms.
Independent. Practitioner-led. Vendor-neutral.
Operational technology does not fail in the boardroom. It fails at three in the morning, in the field, with a crew on overtime and a public health officer asking when service is restored. Sentinel sits on the operator’s side of every vendor decision, every regulatory checkpoint, and every board briefing. And we produce the documentation that proves the operational discipline is real, not aspirational.
These are the structural pressures we hear from utility CIOs, plant managers, and operations directors in nearly every conversation. Sentinel’s role is to help you navigate them with documentation and evidence on your side.
SCADA systems are no longer air-gapped in any meaningful sense. The convergence with corporate IT delivers efficiency. It also delivers an attack surface most operators have not fully mapped. The governance to manage that boundary rarely exists in a written form anyone can audit.
CISA Cross-Sector Cybersecurity Performance Goals are the de facto baseline. AWIA for water. CIP/NERC for electric. TSA Security Directives for pipeline. Each cycle raises the bar, and operators are expected to keep pace without proportional budget increases.
Cyberinsurance for utility operations now requires a posture that looks more like a federal compliance regime than a small-utility reality. Premiums rise, coverage narrows, and the carrier questionnaire is increasingly the document driving the actual cyber program.
Control systems built in the 1990s are running production today, with patches the manufacturer no longer supports and protocols that predate the modern threat landscape. Modernization is unavoidable. The path between legacy and modern is where the operational risk concentrates.
Vendors offer AI-driven predictive maintenance, leak detection, and asset optimization. Most utilities have no AI procurement governance framework. The data flowing into the model is operational data. The risks of an opaque vendor model running against critical infrastructure data have not been fully scoped.
Critical infrastructure technology is not a product purchase. It is a multi-decade operational discipline built on regulatory authority, sector-specific frameworks, and the contracts a utility signs with every vendor that touches the production environment. Most utilities inherit a posture written by procurement, defended by IT, and never owned by an independent governance authority that answers to the board, the regulator, and the public health officer in equal measure. We change that.
Sentinel reads the actual contract language. We map it against the regulatory framework the utility operates under, the CISA performance goals, and the operational practices the field crews actually follow. We document the decisions before the audit cycle, before the insurance renewal, and before the next intrusion attempt. The artifacts we produce are structured under the assumption that they will be read by the regulator, by counsel, by the carrier, and by the public officer who has to explain a service interruption to the press.
Our work is independent. We sell no platforms. We collect no referral fees. We are not the EPC firm that built the system, and we are not aligned with the vendor that wants to upgrade it. Every recommendation is auditable, defensible, and built to survive the year-five conversation when the original vendor has been acquired and the utility still owns the consequences.
While the phases move, Sentinel stays.
What We Do Here
Forged in public safety. Hardened by critical infrastructure. From regulatory authorization to asset-lifecycle outcome, Sentinel’s signature practices govern every phase of the utility’s technology program.
For utilities that need a defensible artifact this quarter, not a six-month conversation. Each engagement is fixed-scope, independently delivered, and structured to survive scrutiny.
Where the boundary is breaking
Independent review of the boundary between operational technology (SCADA, control systems, field devices) and information technology, including alignment to CISA Cross-Sector Cybersecurity Performance Goals. Sentinel maps the actual data flows, identifies the unmapped attack surface, and delivers a board-presentable risk surface that survives a regulator’s questioning.
Output: a board-presentable OT/IT risk surface and remediation roadmap.
AWIA, NERC CIP, TSA Security Directives
Readiness review against the framework the utility actually operates under. AWIA for water systems. NERC CIP for bulk electric. TSA Security Directives for pipeline. Sentinel reads the active version of the rule, maps the utility’s posture against it, and documents the gaps in a form the regulator and the carrier both accept.
Output: a compliance-posture memo with regulator-ready and carrier-ready language.
Before the board approves
Independent assessment of major capital technology investments before board, council, or commission vote. Sentinel does not work for the EPC firm proposing the investment. We work for the utility evaluating it, with a defensible recommendation that survives a public-meeting question and an audit three years later.
Output: a defensible investment-decision package and procurement-file evidence.
Every engagement draws on the practices below. Each has its own discipline, its own training pedigree, and its own boundary. None of them are platforms.
Public-sector program management. Used on every deployment.
Operational program delivery means coordinating regulatory compliance, vendor management, OT/IT scope review, and field-crew coordination in one documented motion. SDF is the program management discipline Sentinel runs on every utility engagement, from the first scoping memo through the regulator-facing audit. Every checkpoint is documented to survive a regulator inquiry. Every decision is captured in a record the next plant manager can pick up.
Public-sector organizational change management. Used on every rollout.
A new control system or asset management platform is a change management problem before it is a technology problem. SRM coordinates the readiness work across operators, field crews, and the office staff who depend on the new system. The discipline manages stakeholder alignment, training cadence, communication architecture, and the operational handoff. Go-live becomes an operational event, not a surprise to the night shift.
Configuration authority on the operator’s side of the table. Practitioner-delivered only.
When the vendor builds the SCADA system or the asset management platform, someone has to govern the configuration choices. Operational practice becomes platform behavior through a thousand small decisions, each one with regulatory implications. SDB is Sentinel’s configuration authority discipline, deployed on strategic utility engagements where the configuration decisions need an independent custodian on the operator’s side. Never offered as training. Practitioner-delivered, on the operator’s side of the table.
Post-deployment outcome governance. Advisory and non-binding by design.
A go-live is not an outcome. SVA is Sentinel’s post-deployment governance discipline, designed for the multi-decade asset-lifecycle reality where the original vendor has been acquired, the original engineering team has retired, and the system is still expected to deliver service to the public. Findings are advisory and non-binding by design. Sentinel documents. We do not litigate.
Sentinel’s critical infrastructure bench leans on cross-domain pedigree. The disciplines that show up on day one of a utility engagement.
The boundary between operational technology and information technology is collapsing in every utility we work with. Sentinel maps the actual data flows, the actual access paths, and the actual change-control disciplines on both sides of the boundary. Then we document the gaps before the regulator, the carrier, or an adversary identifies them first.
AWIA for water systems. NERC CIP for bulk electric. TSA Security Directives for pipeline operations. Each framework has its own enforcement posture, its own audit cadence, and its own documentation requirements. Sentinel reads the active version of the rule and maps the utility’s posture against it, in language the regulator and the carrier both accept.
Field crews do not run the technology in the conference room. They run it in the field, at three in the morning, on overtime, in a storm. Sentinel’s engagement governance respects the operational reality. The artifacts we produce are usable by the staff who actually do the work, not just by the people in the boardroom approving the budget.
Sentinel’s critical infrastructure bench leans on Jason Floyd’s engineering and infrastructure pedigree, with additional sector specialists brought in as engagements require. Where additional SCADA-OT or sector-specific specialists are needed for a specific engagement, we say so up front, name the bench-in-flight specialist, and bring them in under the engagement governance the utility already trusts. We do not invent expertise we do not have.
The utility vendor playbook is patterned. Once you have sat through enough board briefings and read enough post-incident reports, the moves become obvious. These are five Sentinel sees most often.
A vendor or an internal team claims the operational network is isolated from the corporate network. The diagram looks clean. The reality is a remote-access path, an engineering laptop, an HVAC connection, or an asset-management integration that bypasses the gap entirely. The first time the utility hears about it is during the post-incident report. We map the actual paths, document them, and remediate before the incident.
A vendor markets the platform as CISA-aligned without naming which Cross-Sector Cybersecurity Performance Goals it actually meets. The phrase is reassuring. It is also unenforceable. We require the specific CPG mapping, in writing, before the configuration goes into the procurement file. The regulator will, eventually, ask for it.
A vendor demonstrates the backup or failover capability in a controlled test environment. Production never sees the failover until it has to. The first real-world failover is the worst time to discover the recovery window does not match the regulatory tolerance. We require the documented full-scale failover test in the procurement file, with witness signatures.
A vendor frames a major capital investment as a federally fundable cyber upgrade, implying the grant program will cover the cost. The grant rules are specific. The vendor’s reading of them rarely is. We require the citation to the specific grant authority and allowable cost rule before the procurement file accepts the financing claim.
A vendor offers managed patching for the OT environment as a value-add. The promise is real. The execution depends on which patches the vendor decides are critical, on what schedule, and with what change-control discipline. We require the actual SLA, the actual change-control process, and the actual escalation path in the contract, not the marketing material.
The people on the other side of every Sentinel utility engagement have run critical infrastructure programs from inside the operations. Not consultants who learned them in slide decks.
Lead Practitioner · Engineering, OT/IT Convergence
Two decades inside mission-critical CAD, RMS, P25, and dispatch architectures at the country's largest agencies, with deep operational technology and convergence experience. DC Metro CAD/RMS. National Capital Region Mutual Aid Hub. LAPD. LA County Sheriff. The architecture posture he brings to a utility or sector engagement is the same one he brought to the dispatch floor when the system had to come back up before shift change.
On every Sentinel utility engagement, Jason owns the engineering, OT/IT convergence, and operational technical posture, anchoring the program against AWIA, NERC CIP, and TSA Security Directives.
Managing Partner · Operations & Change
Twenty years inside the largest public safety and government technology programs in the country. The program management discipline he ran at LAPD became the foundation of the Sentinel Delivery Framework.
Justin owns the operations and change management arc, audit-defensible documentation, and council-grade communications.
Sentinel's critical infrastructure work is anchored by Jason Floyd, with sector-specific specialists named in-flight per engagement. Where additional SCADA-OT, water-system, electric-utility, or pipeline-specific specialty is required, Sentinel names the practitioner, the credential, and the role on the engagement record before the work begins.
We do not invent expertise we do not have. We name it and bring it in.
The right engagement depends on where the utility is in the program lifecycle. Each tier has its own scope discipline and its own deliverable cadence.
Managed Technology Subscription
End-to-end managed operations for the platforms Sentinel helped you stand up. Sustainment, on-site systems administration, vendor coordination, version-upgrade discipline, and 24/7 incident response. The system is still delivering safely, reliably, and on the regulator’s expected posture, because someone is still accountable for it.
Retained Governance & Advisory
Ongoing retainer with quarterly governance reviews, pre-decision advisory, and an open line for board briefings, regulator response, insurance renewal, and vendor escalations. The utility has independent counsel on the technology and operations side of the table, every cycle.
Anchored to one of the four signature practices
Anchored to one of SDF, SRM, SDB, or SVA. Best when the utility knows which discipline is needed: program delivery, change readiness, OT/IT configuration authority, or post-deployment outcome governance. Fixed scope, named practice, defined deliverables.
Specialized Services + Practice + Institute
A specialized service plus a signature practice plus Sentinel Institute training, packaged as a single integrated engagement. For utilities standing up a major modernization and building the institutional capacity to operate it themselves.
Related
Utilities rarely live in isolation. These adjacent disciplines and capabilities are commonly stitched together in the same engagement.
Sibling Discipline
Most municipal utilities are run inside or alongside city and county government.
Explore →Sibling Discipline
PUCs and state environmental agencies set the regulatory frame your program operates inside.
Explore →Sibling Discipline
Tribal utility authorities operate the same scope of systems under sovereign authority.
Explore →Service Offering
Continuous OT/IT cyber posture, monitoring, and incident response built for operational environments.
Explore →Service Offering
Sustainment and managed IT for the platforms we help your utility stand up.
Explore →Training
Practitioner training in SDF and SRM for utility IT, operations, and engineering staff.
Explore →Tell us where you are in the program lifecycle, and we will tell you honestly whether Sentinel is the right fit, or recommend someone better if we are not.
Schedule a Conversation →