As Rutgers continues its digital transformation, IP&O is setting a high standard in cybersecurity, especially within its cogeneration plants. These facilities are vital to campus infrastructure, and IP&O has taken proactive steps to ensure their safety and resilience.

IP&O has implemented cybersecurity practices that align with the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards wherever feasible. “While these standards are not mandated for facilities of our size, they offer a strong framework for securing operational technology,” said Cesar Masforroll, Director of Information Technology. Machine learning tools are being deployed to enhance network visibility and detect vulnerabilities, including systems that safeguard programmable controller logic.

The department also continues to expand its use of Center for Internet Security (CIS) Controls, with the goal of supporting a Zero Trust model that assumes no user or device is inherently trustworthy. As part of their annual data classification initiative conducted in alignment with Rutgers policy, Information Owners review and validate data access permissions, reinforcing the Principle of Least Privilege. This process ensures that access to sensitive information remains tightly controlled and limited only to those with a legitimate need.

Cybersecurity awareness is a cornerstone of IP&O’s strategy. Staff complete annual training and are evaluated through the Security Awareness Proficiency Assessment (SAPA), with phishing simulations providing measurable insights into user readiness.

Collaboration with the Office of Information Technology (OIT) has been key. IP&O’s IT team, led by Edward Fabula, Executive Director of Information Technology, works closely with OIT to ensure consistency in practices and to leverage centralized tools that support enterprise-wide efficiency. Vulnerability scans and cybersecurity training are two key areas where this partnership is especially valuable. “OIT regularly scans for vulnerabilities and we patch systems on a monthly basis,” Fabula noted. “Monthly scan reports provided by OIT help us stay ahead of critical issues, and our joint efforts on annual training ensure staff are equipped to recognize and respond to threats.”

Recently, IP&O hosted a tour of the Busch Power Plant for OIT staff, including Guy J. Albertini, Rutgers Chief Information Security Officer. The visit showcased the plant’s physical and technical controls, and Albertini praised the team’s efforts: “It was great to see the crew’s pride and efforts towards keeping the plant safe, clean, organized, and secure. Hats off to Cesar, Robert, and Michael for a job well done!”

Obi Agbara, OIT’s Risk Assurance team, echoed the sentiment and appreciates working with the IP&O IT team. “IP&O IT is the first business unit we proudly on-boarded into our vulnerability management program and the one we often highlight as the most progressive,” said Agbara.

The partnership between IP&O and OIT is essential, built on shared goals and collaboration that continue to drive innovation and strengthen cybersecurity.

Featured in the IP&O Newsletter, October 2025.