System downtime, data loss, and facility control breakdowns quickly become business critical issues for Utilities and their customers. The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Cyber Security Standards (CIP 002 through 009) define reliability requirements to help address these Cyber Security Vulnerability issues for Bulk Power System owners, operators and users in North America and Canada. NERC violations may lead to costly sanctions and remedial action directives that must be immediately addressed. Moreover, NERC can assess fines of up to a million dollars a day per violation. With oversight by the U.S. Federal Energy Regulatory Commission (FERC) and Canada’s National Energy Board (NEB), cyber security standard compliance has become an increasing priority for the power utility industry. A few strategic cyber security investments at the network and application layers can significantly simplify NERC compliance. This paper outlines a better way to secure Utility Information Technology (IT) Infrastructure by leveraging a Unified Threat Management (UTM) approach and Vulnerability Assessment (VA) strategy that supports critical NERC compliance criteria, while maintaining high performance metrics – without calling for replacement of the entire infrastructure.