Powering Strong Communities

Public Power’s Noticeable Steps to Enhanced Cybersecurity

By Adrian McNamara, Utility Cybersecurity Deployment Analyst, and Chris Ching, Cybersecurity and Grid Modernization Senior Coordinator, American Public Power Association

The electrical grid is one of the most critical pieces of infrastructure in our country, and keeping it protected is important. Recognition of this importance is reflected through the American Public Power Association’s cooperative agreements with the Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response. These agreements have been developed to specifically aid participating public power members in improving their awareness of and response to evolving cyber threats.  

The first agreement, Cybersecurity for Energy Delivery Systems, focused on developing a suite of baseline resources to help utilities and other public power organizations assess their cybersecurity capabilities and practices and create a path to address any gaps. The suite of resources developed through this agreement – including the Cyber Incident Response Playbook and Cybersecurity Roadmap – have more than 3,000 downloads. Together, these resources provide a foundation for increased awareness of the steps utilities can take to bolster their security and mitigate the risk from cyber threats.

Tangible Supports

In recent years, the agreements have centered on supporting the deployment of cybersecurity solutions for operational technology networks – delivering direct financial support and solutions to public power systems. Two currently active agreements will support technology deployments through 2025 at utilities across the country.  

The first of these two agreements supports the deployment of sensors at eight public power organizations, with an emphasis on supporting small to medium systems. Each organization is receiving an average of $275,000 for the deployments. Beyond providing the much-needed resources to install sensors that allow for enhanced monitoring of public power networks, the projects help public power systems gain a greater understanding of all the components and underlying technologies necessary to support enhanced systems.  

The projects include a diverse range of system sizes and resources, including generation facilities, substations, and distribution networks. The peer learning emerging from the joint initiative has evolved to inform DOE and APPA about how public power can optimize these deployments, make them more efficient, and potentially target future funding efforts.   

A second agreement in progress will support a broader array of technology deployments that will enhance the cybersecurity of participating members. The agreement is targeted to larger systems, and more than 25 members submitted projects that are moving into the next phase of implementation. Each organization is estimated to receive an average of $450,000 for the deployments, although the size and scope of these projects varies widely.

More Benefits to Come

As these projects advance, the individual systems become more capable of detecting and responding to cyber threats, which in turn improves our overall national security. All organizations that receive funding through these initiatives are encouraged to participate in information sharing programs to improve our collective defense. Anonymized data from organizations that have already deployed technology are being analyzed. These analyses provide valuable insights into how well the deployed technologies work and the changing nature of threats against our grid. APPA will also continue to review how information sharing mechanisms can benefit public power utilities.

These agreements are part of APPA’s efforts to advance grid security on a national level. APPA continues to pursue opportunities to support our members and identify any gaps in public power’s security capabilities. As threats evolve, so will the targeted programs to support your preparation and response.