American Transmission Co. operates the high-voltage backbone serving over 5 million consumers across Wisconsin, Minnesota, Illinois, and Michigan's Upper Peninsula. Formed in 2001 as the nation's first multi-state transmission-only utility, ATC owns and maintains critical grid infrastructure that connects generation to load - no retail customers, no power plants, just the wires that keep regional energy flowing continuously. The threat model here is straightforward: operational technology environments running RTUs and PLCs that can't afford downtime, plus enterprise systems managing grid planning and maintenance across a geographically distributed footprint.
The security surface spans both IT and OT domains. On the OT side, remote terminal units and programmable logic controllers monitor and control transmission equipment in real time, requiring strict segmentation and monitoring to prevent unauthorized access or manipulation. Enterprise infrastructure includes cloud computing environments alongside traditional tools like Microsoft Office, MS Project, and Primavera for grid planning and operations coordination. The company emphasizes continuous operation - any disruption to these systems translates directly to power delivery risk across four states.
ATC's technical challenges center on protecting legacy grid infrastructure while integrating diverse generation sources and newer technologies. This isn't a move-fast-and-break-things environment; it's a regulated utility where security decisions must balance availability requirements, safety protocols, and compliance mandates. The work involves securing industrial control systems, managing third-party vendor access to critical infrastructure, and maintaining visibility across geographically distributed substations and control centers.