NERC CIP and IEC 62443 exist because the bulk electric system cannot tolerate data exposure. Cloud AI processing of operational technology data creates structural compliance violations. On-premises AI for energy companies eliminates the attack surface entirely.
Built by John Dougherty, 25-year enterprise security and technology veteran. Every system is personally assembled, burn-tested for 72 hours, and delivered direct.
Air-gapped AI for utilities eliminates the compliance violations created when operational technology data from SCADA systems and grid management platforms is transmitted to cloud infrastructure.
NERC CIP standards mandate strict cybersecurity controls for the Bulk Electric System (BES). CIP-003 through CIP-013 establish requirements covering electronic security perimeters, personnel and training, system security management, incident reporting, recovery planning, information protection, physical security, configuration management, vulnerability assessment, and supply chain risk management. The scope is comprehensive and the enforcement is real - NERC can levy penalties up to $1 million per violation per day. Energy and utilities represent one of eleven regulated industries where the structural conflict between cloud AI and data security is most acute. Critical infrastructure AI on-prem is the only architecture that resolves this conflict.
IEC 62443 governs industrial automation and control systems (IACS) security. The standard establishes security levels for zones and conduits within OT networks. Introducing cloud AI processing of operational data creates an external conduit that must be evaluated against the security level requirements of each zone it touches. For many critical infrastructure environments, this external conduit simply cannot satisfy the required security level.
FERC oversight adds federal enforcement authority - government agencies at every level regulate utility cybersecurity posture. The TSA Pipeline Security Directives (post-Colonial Pipeline) added additional cybersecurity requirements for pipeline operators. DOE critical infrastructure guidelines emphasize air-gapped architectures for the most sensitive operational environments. The common thread: operational technology data from SCADA systems, grid management platforms, and pipeline monitoring systems cannot be transmitted to cloud infrastructure without creating compliance exposure and expanding the attack surface. Energy AI without cloud dependency is not a preference - it is a structural mandate for critical infrastructure operators, paralleling the isolation requirements faced by defense contractors handling CUI under DFARS.
Air-gapped inference energy operators can trust. "No data leaves your facility" is not marketing language - it is a description of network architecture.
Operational data never leaves your facility perimeter. Prompts travel from workstation to server over internal network only. Complete air-gap capability eliminates all external attack surface. Data-sovereign AI utilities demand - achieved through physical air-gap architecture.
Physical server with NVIDIA H100 GPUs in your facility, running on your power, inside your electronic security perimeter. You own it outright. No cloud dependency.
Air-gap GPU server energy configuration with complete network isolation. No external connections of any kind. Models pre-loaded before delivery. Zero attack surface expansion.
The same AI capabilities you want from cloud services, running on hardware that doesn't create compliance exposure.
On-prem AI for predictive maintenance: analyze equipment sensor data, maintenance logs, and failure histories to identify patterns and predict maintenance needs. Process SCADA telemetry data locally without exposing operational patterns to cloud services.
Secure AI for substation data: draft operations reports, shift summaries, and system performance documentation. Summarize complex operational data into clear narrative reports for regulatory submissions and internal review.
Assist with compliance evidence documentation, audit preparation, and regulatory filing drafts. Process sensitive security assessment data entirely on-premises without cloud exposure.
Local AI for oil and gas operations: analyze pipeline integrity data, flow measurements, and anomaly detection results. Local AI for pipeline monitoring processes operational data from SCADA systems without transmitting sensitive infrastructure information to cloud APIs.
Generate after-action reports, incident timelines, and restoration documentation during and after outage events. Process operational data in real-time without cloud dependency.
Run an on-prem LLM for FERC compliance: draft FERC filings, state regulatory submissions, and compliance documentation. Summarize complex operational and compliance data into clear regulatory narratives.
NVIDIA H100 SCADA-ready AI infrastructure running open-source models on your facility network. A local LLM grid management and operations workflow with zero cloud dependency. Private AI for power plants and utilities under your operational control.
Best for: Complex maintenance analysis, multi-source operational data synthesis, compliance documentation review, long-context regulatory reporting tasks. 284B parameters with mixture-of-experts architecture. Local DeepSeek for utilities runs quantized on the Summit Base tier.
Best for: General documentation, shift reports, correspondence, compliance narratives, internal communications. Strong general-purpose model that produces clean, structured prose quickly.
Best for: Multilingual documentation for international energy operations, cross-border regulatory compliance, multi-language operational communications.
The cloud creates external connections to your OT environment. The hardware stays inside your electronic security perimeter.
| Cloud AI | Island Mountain Summit Base | |
|---|---|---|
| Year 1 Cost | $15,000 - $60,000 (25 users) | $75,000 - $85,000 (one time) |
| Year 3 Cumulative | $45,000 - $180,000 + compliance costs | Electricity only (~$1,200 - $2,400/yr) |
| Year 5 Cumulative | $75,000 - $300,000 + compliance costs | Electricity only |
| OT Data Location | Cloud provider servers | Your facility. Air-gapped. |
| NERC CIP Compliance | External conduit complicates ESP | Inside your security perimeter |
| Attack Surface | Expanded by external connections | Zero expansion. Air-gapped. |
| Per-Token Fees | $15 - $60 per million tokens | None. Unlimited use. |
| SCADA Integration | Not available from cloud AI | Not included. General-purpose AI. |
| Vendor Lock-In | Complete | None. MIT licensed models. |
Knowing the boundaries matters more than knowing the features.
Island Mountain hardware does not connect to SCADA systems, DCS platforms, or industrial control systems. The AI runs through OpenWebUI - a browser-based chat interface on the IT network. It processes data you provide to it; it does not read directly from OT systems.
This is an inference tool, not a control system. It does not manage grid operations, dispatch generation, or control substations. It assists with analysis, documentation, and reporting - not real-time operational decisions.
The system does not include power flow analysis, load forecasting models, or energy market simulation tools. It is a general-purpose AI that assists with documentation, analysis, and drafting around your existing modeling tools.
After the 30-day included support period, your organization is responsible for OS security updates, model updates, and general system maintenance. For air-gapped deployments, updates are applied via physical media.
NERC CIP compliant AI infrastructure that operates entirely within your electronic security perimeter.
NERC CIP-005 (Electronic Security Perimeters) requires that all external connections to networks containing BES Cyber Assets be identified, documented, and protected with electronic access controls. Introducing cloud AI processing of operational data creates an external routable connection that must be documented in the ESP and subjected to all CIP-005 requirements - including intrusion detection, access logging, and vulnerability assessments of the connection path.
NERC CIP-011 (Information Protection) requires identification and protection of BES Cyber System Information (BCSI). Operational data from grid management systems often qualifies as BCSI. Transmitting BCSI to cloud infrastructure requires documented protections for data in transit and at rest on third-party systems - a significant compliance burden that air-gapped local processing eliminates entirely.
IEC 62443 AI server requirements establish security levels (SL 1-4) for industrial automation zones. Higher security levels restrict external communications more severely. For zones rated SL-3 or SL-4, cloud AI connections are difficult or impossible to justify under the standard's requirements for network isolation and data flow control. Local AI hardware operates entirely within the zone, satisfying isolation requirements without architectural compromises.
The TSA Pipeline Security Directives (2021-2022) mandate cybersecurity requirements for pipeline operators including network segmentation, access controls, and continuous monitoring. DOE critical infrastructure guidelines emphasize defense-in-depth architectures. Both frameworks favor air-gapped processing of sensitive operational data over cloud-dependent solutions.
Disclaimer: This section describes the general regulatory environment regarding AI and critical infrastructure cybersecurity. It is not legal or compliance advice. Consult your NERC compliance team, qualified cybersecurity counsel, or your regional entity for guidance specific to your registration, asset classification, and operational context.
Power & Installation: All Island Mountain systems require a dedicated 208V/30A power circuit (NEMA L6-30R). This is standard in server rooms and data closets. Most utilities and energy companies with an existing server closet already have this infrastructure or can add it for $500-$2,000 through a licensed electrician. The system fits in a standard 4U rack space. Average power draw under typical inference loads is 1.5-2.5 kW.
Yes. Cloud AI creates external routable connections that must be documented in your Electronic Security Perimeter under CIP-005, subjected to access management requirements, and continuously monitored. Operational data transmitted to cloud AI may qualify as BES Cyber System Information (BCSI) under CIP-011, triggering additional protection requirements. On-premises AI from Island Mountain operates entirely within the Electronic Security Perimeter.
Island Mountain hardware supports predictive maintenance analysis, grid operations documentation, NERC CIP compliance reporting, pipeline monitoring data analysis, outage response documentation, and regulatory filing drafting. The system runs DeepSeek V4-Flash for complex operational analysis and Llama 3.1 70B for general documentation tasks. All processing occurs air-gapped on NVIDIA H100 or H200 GPUs inside your facility.
Cloud AI costs $50 to $200 per user per month, totaling $15,000 to $60,000 per year for 25 users - plus significant compliance costs for documenting and securing the external connection under NERC CIP. An Island Mountain Summit Base system costs $75,000 to $85,000 as a one-time purchase with no ongoing compliance overhead. The system eliminates the external routable path entirely.
Yes. Models are pre-loaded before delivery. The system operates with zero external network connections. Updates are applied via physical media. Designed for the most restrictive operational environments where complete network isolation is required.
Island Mountain is a hardware company, not a compliance authority. References to NERC CIP, IEC 62443, FERC regulations, TSA Pipeline Security Directives, or related critical infrastructure frameworks on this page reflect factual descriptions of data handling mechanics - not legal, regulatory, or compliance advice. Consult qualified counsel for compliance determinations specific to your organization and jurisdiction.
Municipal utility serving 200,000 customers. Grid operations data stays inside our security perimeter. NERC CIP auditors have zero questions about our AI deployment.
Scenario: Municipal UtilityPipeline operator with 1,200 miles of transmission. Operational data never leaves our facilities. Air-gapped deployment was the only architecture our security team would approve.
Scenario: Pipeline OperatorRenewable energy company with 15 generation facilities. On-premise AI for renewable energy operations: maintenance data and performance analytics processed locally across all sites. Cloud AI was never compatible with our security requirements.
Scenario: Renewable Energy CompanyOne conversation. No sales pitch. Tell us about your facility's AI needs and we will spec the right system.
Or call directly: 1-801-609-1130
See all eleven industries we serve or explore: Defense Contractors · Government