Remote operator stations in substations and plants. No x86 tax.
NERC CIP compliance expanded dramatically in 2025. CIP-003-9, CIP-005-7, CIP-010-4, and CIP-015-1 now extend mandatory endpoint controls to previously exempt low-impact assets — substations, distributed energy resources, and small generation facilities. An estimated 15-25% of previously exempt assets now fall under medium or high-impact compliance.
FERC Order 907 (June 2025) approved CIP-015-1 — mandatory internal network security monitoring
FERC, June 2025
What energy IT teams are dealing with
NERC CIP expansion to low-impact assets
The 2025 updates to CIP standards extend mandatory controls to assets that were previously exempt — substations, DERs, and small generation facilities. IT teams must now inventory, harden, and continuously monitor endpoints that were never designed for compliance. The cost of retrofitting existing x86 workstations with compliant configurations is prohibitive at scale.
OT/IT convergence on the endpoint layer
Managing both corporate IT endpoints and operational technology endpoints (SCADA HMIs, substation computers, control room workstations) with a single management plane. OT endpoints have 10-15 year lifecycles and minimal maintenance windows — they cannot be treated like office PCs.
Remote management of endpoints in unmanned facilities
Substations, pump stations, and wind farms are often hundreds of miles from the nearest IT support. Endpoint failures require a truck roll. Remote management, OTA updates, and automatic rollback eliminate the majority of these trips.
Compliance landscape
NERC CIP
Mandatory for BES cyber systems — expanded 2025
CIP-015-1
Internal network security monitoring — new June 2025
NIST CSF
Framework for critical infrastructure cybersecurity
IEC 62443
Industrial automation and control system security
How VelaOS helps
- A refurb thin client (Wyse 5070, HP t640) replaces a $500+ industrial PC in non-HMI roles
- 10-15 W idle on Gemini Lake / Stoney Ridge — runs on solar or UPS in unmanned substations without HVAC
- Bootc A/B deployments + Greenboot auto-rollback ensure zero-downtime updates in 24/7 facilities
- Read-only OS + kernel lockdown satisfies CIP-010 configuration change management requirements
- Per-device mTLS + ed25519 command envelopes satisfy CIP-005 electronic security perimeter controls
- Automatic rollback eliminates truck rolls when a bad update lands on a remote site
Typical energy fleet profile
Fleet size
500 – 50 000 combined IT/OT endpoints (mid-size utility to national grid operator)
Refresh cycle
5 – 7 years (IT), 10 – 15 years (OT)
Common VDI
VMware Horizon and Citrix for corporate. OT environments use purpose-built HMI clients. Growing thin client adoption in control rooms.
Run the numbers for your energy fleet
Pre-filled with 500 devices — the typical starting point for energy.