Public power utilities are faced with an increasingly hostile threat landscape that requires action to improve their cybersecurity maturity and posture. Cyber Pathways is a targeted effort to do just that — from assessing and identifying leading practices to helping utilities improve their readiness through cybersecurity training, participating in information sharing and incident response organizations, and getting recognized for implementing best practices.

Cyber Pathways activities are funded through a cooperative agreement with the U.S. Department of Energy’s office of Cybersecurity, Energy Security, and Emergency Response and the American Public Power Association.

What We’ve Accomplished

Since the first round of funding in 2024, some of the key outcomes of the program have included: 

  • Analyzed and assessed the baseline cybersecurity posture for public power
  • Reviewed cyber assessments and models for alignment with public power
  • Developed Cybersecurity Accelerator Program to allow utilities to assess and improve their posture

 

Cybersecurity Accelerator Program

Cybersecurity Accelerator Porgram logoReview your utility’s IT/OT, cyber posture, practices, and policies and gain recognition for maintaining a strong program. 

Learn about the Cybersecurity Accelerator Program


 

Cyber Mutual Assistance

assorted icons floating above a person's handAPPA encourages public power leaders to sign up for the Electricity Subsector Coordinating Council’s Cyber Mutual Assistance program. In the event a cyber incident affects utility systems, the program brings together industry cybersecurity experts to assist in incident response and to share information on threats to the industry. Similar to mutual aid provided in emergency events, the CMA does not require participants to provide support; all mutual assistance is voluntary. There is no cost to participate in the CMA program, though recipients of emergency cyber assistance reimburse supporting members for relevant costs and expenses. CMA program members also have opportunities for training, exercising, and relationship-building through two in-person meetings each year.

Sign up for Cyber Mutual Assistance

 

Information Sharing

Information sharing and analysis centers (ISACs) are central resources for receiving and sharing cybersecurity threat information within a sector. We encourage all members of the public power community to join the Electricity Information Sharing and Analysis Center (E-ISAC), which is open to all electricity asset owners and operators and select government and cross-sector partners in North America. Most APPA members are eligible to also join the Multi-State Information Sharing and Analysis Center (MS-ISAC), which is the designated resource for cyber threat prevention, protection, and response and recovery for state, local, tribal, and territorial governments.

 

Training

An array of cybersecurity trainings can support the latest needs and threats facing public power. APPA will soon provide a list of training programs that public power utilities can consider to keep everyone their workforce aware of the array of threats and how to respond to a cyber incident. Utilities, state associations, and joint action agencies can apply for funding to help cover the cost of the training from Cyber Pathways. Support is not limited to the training options on the list, and can cover other trainings that fit a utility's needs. 

As utilities try out different types of cybersecurity training courses or opportunities, APPA will compile their collective feedback to help utilities select trainings informed by peer reviews.

Contact our team at Cybersecurity@PublicPower.org with any questions about training programs or to request to apply for funding.

 

Resources

Get Involved

Contact our team at Cybersecurity@PublicPower.org with further questions about Cyber Pathways or to request to participate in program activities.