As public power utilities work to protect key operational technology (OT) components that enable the safe delivery of electric power, they face hurdles in finding and evaluating cybersecurity solutions, safely sharing sensor data for independent analysis, and developing right-sized mitigation strategies.
There is no common terminology to describe the network monitoring solutions and no standard baseline hardware specification that aligns with public power network architecture – especially for smaller utilities. Being a smaller network also means having less data available to analyze, whereas larger or shared information networks allow for more robust and meaningful data analysis. And the volume of shared information across the industry can make it difficult for a small system to identify the most pertinent threats it needs to mitigate.
To address these problems, the Department of Energy Office of Cybersecurity, Energy Security, and Emergency Response (CESER) signed a $6 million cooperative agreement with the American Public Power Association to develop and demonstrate cyber-physical solutions for public power.
This agreement will help utilities to acquire and implement hardware, firmware and software to detect and respond to adversarial activity through information sharing, provide advanced analytics for pinpointing when and where a system was compromised, and employ autonomous defense at remote endpoints.
The agreement builds off of APPA’s previous project with DOE, Cybersecurity for Energy Delivery Systems, which focused on helping public power utilities understand and improve their cybersecurity maturity.
As part of the continuous journey to stronger cybersecurity, public power entities can strengthen our collective response to cyber threats by sharing our insights and lessons learned.
View our cybersecurity resources page for links to reports, training opportunities, information sharing and analysis centers, and other helpful tools.
The primary objectives and tasks of this effort include:
- Refining existing - but disparate - OT cybersecurity models, frameworks, and monitoring criteria into more uniform hardware specifications and guidance to facilitate deployment at public power utilities. This includes creating an RFP process that will scan the OT monitoring and defense marketplace for known and vetted solutions, exploring and field testing vendors and their cybersecurity monitoring system offerings against the specifications and guidance developed, and identifying any gaps in technical support resources, training, and setup equipment for the public power market. This analysis will also help ensure that sufficient technical supports and training are available to utilities.
- Develop a framework, methodology and platform to allow OT cybersecurity data to move securely from public power utilities to analysis providers. We will create a public power-specific unified framework and methodology for information sharing that allows aggregated and anonymized OT sensor data to move from where it is created to where it can best be analyzed. This process will include setting up a legal framework and applicable agreements between stakeholders to share anonymized data from point to point.
- Reinforce collective defense through improved information sharing. The processes and procedures for disseminating threat and mitigation recommendations to defend OT networks can be better defined and be more widely accepted across the industry. Small and medium public power utilities can benefit by engaging industry cybersecurity analysis organizations and the federal government to provide useful threat and mitigation recommendations, especially with respect to threats to OT networks.
- Refine and reform OT data analysis. We will explore the benefits, barriers, and gaps of different data analysis methods – including those that analyze all data or only detected threats – and establish an OT threat intelligence analysis and information sharing process in partnership with industry cybersecurity analysis centers. This process will attempt to refine and curate threat information to maximize OT threat detection and mitigation at electricity subsector entities and state, local, tribal, and territorial entities with OT networks with limited cybersecurity staff.
Cybersecurity Defense Community
The Cybersecurity Defense Community is a working group on cybersecurity efforts in public power, including advising APPA's work on its cybersecurity cooperative agreements. The community includes representatives from public power utilities, joint action agencies, and state/regional associations who inform program activities and resources to ensure they meet cybersecurity needs and best practices for public power.
APPA is actively looking for members at any cyber program maturity level to join the group. To volunteer to participate in the Cybersecurity Defense Community, email our team at [email protected].