When a leading renewable energy company pushes forward through worldwide turbulence rather than pausing, it sets the stage for a rare kind of resilience.
This is exactly what California Bioenergy (CalBio) did.
I had the privilege of sitting down with Abdulla Kagalwalla, CFO of CalBio, to explore one of the boldest growth stories. And how cyber resilience played an unexpected, but central, role.
In early 2019, California Bioenergy was running five plants. There were expansion plans in motion, joint ventures on the table, and new builds mapped out.
By 2022, CalBio had over 85 operational sites, despite the headwinds of global disruption.
However, the plant build-out was just one side of the story. The other was OT infrastructure. Fiber, routers, and SCADA networks formed the systems that kept operations running. And that part needed to catch up.
At that point, most of the OT systems were minimal with basic control setups and simple networks. But they were not designed for security and scale. Any compromise there meant risk to operations, revenue, and most importantly, trust.
It was clear the setup needed to evolve. Security, reliability, and data integrity needed a full reassessment. With joint ventures, ecosystem partners, and external integrations involved, CalBio had to ensure their operational networks could be trusted, end to end.
And there was another pressing concern. Compliance expectations from stakeholders and investors were rising fast. Cybersecurity was no longer a backend issue. It was front and center in boardroom discussions.
That is where our engagement began. CalBio brought in ColorTokens to secure the foundation, even while scaling. With diverse systems in play, the first step was to understand what was on the ground. The network posture had to be mapped before anything else could move forward.
Once the assessment was complete, we shifted focus to visibility and monitoring. East-west and north-south traffic needed to be controlled. SCADA communications had to be isolated and secured. The goal was to eliminate blind spots and give the team a clear, continuous view of activities across the environment.
A unified view was especially important given the decentralized nature of their operations. Centralized data management not only improved oversight but also helped remove dependency on legacy infrastructure that had grown increasingly vulnerable.
Security was not layered on. It was designed in from the beginning.
We implemented one of the core and critical pillars of Zero Trust, microsegmentation, to isolate critical OT assets. SCADA traffic was segmented and monitored. Every layer was protected with continuous visibility. The goal from day one was clear: contain any threat before it could move, and in doing so, strengthen the OT backbone.
The approach also significantly reduced the attack surface across their OT network, allowing CalBio to maintain business continuity even under persistent threat conditions. And by architecting with flexibility in mind, we ensured their future integrations—cloud, automation, or AI—would be built on a secure, scalable base.
We had to work through diverse protocols, legacy constraints, and different vendor environments across CalBio’s network. Each site brought its own operational nuances. Designing for this reality required constant flexibility. Even in critical moments, including off hours, the CalBio team could reach us and know someone was on the other side, ready to help.
CalBio made cybersecurity a leadership-level priority.
Operational data sat at the heart of how CalBio measured plant performance, generated carbon credits, and reported revenue. Trust in that data translated to trust in the business itself.
Today, CalBio operates with full visibility into its SCADA networks, which are monitored continuously to ensure early detection of threats and minimize risk. Lateral movement is contained, traffic across east-west and north-south paths is segmented and controlled, and every critical asset sits behind clear lines of defense. With this unified view of their OT environment, CalBio has the control and confidence needed to move forward securely.
Importantly, the company has now shifted from reactive to proactive defense. Their internal teams are no longer responding to alerts. They’re anticipating them, guided by early signals and anomaly-based threat detection.
The work does not stop here. With a secured OT backbone, segmented SCADA traffic, and real-time visibility in place, CalBio is now building on this foundation. They are developing an internal enterprise resource planning (ERP) system, advancing toward automation, and preparing to integrate machine learning and AI into plant operations. But none of that happens without a secure base.
? Watch the full conversation between Raja Ukil and Abdulla Kagalwalla below.
Strong OT security doesn’t just protect, it enables progress.
If you want to know more about OT security and how we can support your journey, just drop us a note here.
