Custom Software for Energy — Field Ops, Assets, and Compliance, Built to Respect the OT Boundary

Energy software splits into two worlds with very different rules. There is operational technology — the SCADA systems, PLCs, RTUs, and safety-instrumented systems that actually run the grid, the plant, or the well. And there is information technology — the field-ops apps, asset registries, analytics, dashboards, and compliance reporting that the business runs on. The most important thing a responsible software firm can do in this sector is know which side it belongs on and never blur the line.

We build on the IT and data side, and we keep a clean boundary with operational technology. We do not write control logic for SCADA, PLCs, or safety systems — that is a specialized engineering discipline with safety and reliability stakes we will not pretend to own. When our software needs data that originates in OT, such as generation figures from a historian, we design a tightly controlled, segmentation-respecting data path rather than reaching into the control network. Any SCADA-adjacent work is scoped case-by-case, with explicit boundaries and your OT and security teams in the room.

The IT-OT boundary is the defining constraint. Energy security frameworks insist on strong segmentation between corporate networks and the operational environment that runs critical infrastructure, and the consequences of getting it wrong range from a compliance violation to a safety incident. Software that casually bridges the two is a liability. We treat the boundary as sacred, build firmly on the IT side, and design any data exchange to honor the segmentation your architecture requires.

Compliance and the field environment compound it. NERC CIP governs the bulk electric system with strict cyber and access rules; FERC, EPA, and state agencies layer on environmental and market reporting; emissions and methane rules keep tightening. Meanwhile the work happens at remote substations, well pads, and turbine sites where connectivity is poor and devices take a beating, so field software has to work offline and sync reliably. A generic team underestimates the compliance weight and over-assumes the network — and may not even register the OT boundary as the hazard it is.

IT-OT segmentation. This is the first principle. Our software lives on the IT side and never reaches into the control network. Where a data exchange with OT is genuinely needed, we design a one-way or tightly controlled, monitored path that respects the segmentation your security architecture mandates. We do not build anything that could become a pivot into operational technology.

NERC CIP. For utilities subject to NERC CIP, most CIP scope sits in the OT environment we deliberately stay out of. Where our IT-side software touches CIP-relevant data or evidence, we build the access controls, logging, and audit trails that support your compliance program. We are not your CIP compliance authority — we build software that helps you meet it.

Environmental and market reporting. EPA, state environmental agencies, FERC, and ISO and RTO market rules impose specific reporting obligations. We do not give legal or regulatory advice, but we build the data capture, validation, and audit trails your compliance and regulatory teams need to file with confidence.

Critical-infrastructure threat landscape. The energy sector is a top target for nation-state actors and ransomware groups, and incidents like the 2021 Colonial Pipeline attack showed how an IT-side compromise can cascade into operational shutdown. We harden the IT systems we build and map pentests to the techniques those adversaries use.

Field-device and access security. Field apps run on devices in the wild. We enforce strong authentication, encrypt data at rest on the device, and design sync so a lost or stolen device does not become a data breach.

Next.js 16 on the App Router with React and TypeScript end-to-end for dashboards and back-office systems. For field apps, React Native or an offline-first progressive web app with a local store and conflict-aware sync so crews can work without connectivity. Postgres for the system of record, with a time-series store when production or sensor data volume demands it. Prisma or Drizzle as the type-safe ORM, and a mapping layer for GIS-aware asset and field views.

Background workers (Inngest or a self-hosted queue) handle sync reconciliation, report generation, and analytics rollups. Where an approved OT data path is in scope, it runs through a tightly controlled, monitored boundary — never a direct connection into the control network. Strong authentication and on-device encryption protect field data. Sentry plus a log aggregator for observability, with audit-grade logging where compliance requires it. The IT-side web tier deploys to Vercel or a hardened cloud environment matched to the operator's security posture; sensitive systems move to a controlled VPC.

First, blurring the IT-OT boundary for convenience. A team wires an IT dashboard straight into the control network to grab a live value, and quietly creates a path an attacker could ride into operational technology. The convenience is never worth the risk. Approved data crosses the boundary through a controlled, monitored path or it does not cross at all.

Second, assuming connectivity. Field software designed for an office network fails at a substation or well pad where signal is intermittent. Offline-first is not a nice-to-have in energy field ops — it is the baseline, and bolting it on after the fact means rebuilding the data layer.

Third, underestimating compliance reporting. NERC CIP evidence, EPA and state environmental filings, and market reporting are specific and unforgiving, and a system that did not plan for the audit trail forces a painful retrofit. We build the validation and audit trail in from the start so a regulator's request is a query, not a scramble.

Energy is critical infrastructure, and the IT-OT boundary is not something you want an anonymous offshore contractor improvising around. You need a senior who understands why the segmentation exists, will say no to the convenient shortcut, and is accountable for the architecture. We are US-based and founder-led, and the person who designs your data paths is the person who can explain them to your security team and your regulators.

William Beltz writes or reviews every line, and personally owns the decisions about where our software sits relative to your operational technology. NDAs are mutual and signed before discovery. Source code lives in your GitHub organization, not ours. The handoff is documented for either ongoing collaboration or in-house ownership — your call.

The energy sector is a top target for nation-state actors and ransomware groups, and the 2021 Colonial Pipeline incident showed how an IT-side compromise can force an operational shutdown. We run penetration tests on the IT systems we build and assess, mapped to the MITRE ATT&CK techniques those adversaries actually use, then deliver a heatmap of which techniques succeed, which get detected, and which get blocked.

For the field-ops apps, dashboards, and reporting systems on the IT side, web application penetration testing covers authentication, authorization, and the controlled data boundaries that separate IT from operational technology. We focus on the IT and application tier and coordinate with your OT security specialists on the operational environment. Every finding maps to ATT&CK technique IDs so your team knows what to alert on.