Cybersecurity for Energy Delivery Systems

Cyber and physical threats pose an ever-increasing threat to our businesses and communities. The Association is committed to helping the public power community improve their cybersecurity posture. As a part of this effort, in 2016 we entered into a 3-year cooperative agreement with the U.S. Department of Energy (DOE), providing the Association with up to $7.5 million to help public power utilities create stronger, more secure systems. This effort is known as the Cybersecurity for Energy Delivery Systems (CEDS) program.

View the video below for a brief introduction to the program.

A brief overview on the current status of the CEDS plan is available here.

Learn more about this program in our complete Project Management Plan.

Public power utilities, state associations, and joint action agencies can access the following resources and opportunities offered through this program.

Association members can access additional cybersecurity resources on our Cybersecurity and Preparedness page.

Cyber Resiliency and Security Assessments

Public power utilities can use the following tools and resources to assess, benchmark, and improve their cybersecurity programs.

Cybersecurity Scorecard

Use this online self-assessment tool to gauge your utility’s security posture. Based on the DOE Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2), the scorecard provides a starting point to address cyber risks. For more information, view an overview of the scorecard platform or email [email protected].

Get started with your assessment.

Cybersecurity Training

Access discounts on cyber training courses developed specifically for the public power community.

Cybersecurity Procurement Needs

Review the Managed Cybersecurity Service Providers for Electric Utilities report to find out which vendors may be able to assist you with certain cybersecurity needs.

Cyber Resiliency and Security Videos

This series of short, actionable videos can educate utility staff, first responders, city officials, and other community stakeholders about security issues related to the electrical system.

For downloadable versions of these videos, please contact [email protected].

Watch this video to learn more about basic cybersecurity “hygiene” to ensure that your utility is #CyberReady.

This video explains the four steps of the cybersecurity risk cycle that a public power utility can use to manage risk and be #CyberReady.

This video explains why sharing information between public power utilities is vital to improving the security of the grid.

 

Stay tuned! The series will also include a video on information sharing.

Cybersecurity Roadmap

After assessing your cybersecurity posture, this guide will help you take the next step to improve your utility’s readiness based on your identified needs and priorities. The Association has worked with Beam Reach Consulting Group and a group of pilot members to develop the Cybersecurity Roadmap, which is available for download here.

Public Power Cyber Incident Response Playbook

The Public Power Cyber Incident Response Playbook walks through the steps and best practices a utility can follow in the event it experiences a cyber incident or attack. The Playbook can be downloaded here.

Vulnerability Assessments

The Association has partnered with Burns & McDonnell to conduct onsite vulnerability assessments for the public power community and to integrate processes and technologies to alert public power utilities of threats and vulnerabilities in their cyber and physical systems. A list of utilities to be assessed has been selected from a pool of applicants and the on-site vulnerability assessments are underway.

Extend and Integrate Technologies

Public power providers can receive financial assistance and other support to use cyber technologies through the Cybersecurity Technology Assistance Program.

The reliability of delivering electricity is influenced by the maturity of a utility’s security program. Small public power utilities are eligible for subsidized eReliability Tracker (eRT) subscriptions. Email [email protected] and [email protected] for more information. The Association’s eRT Team is also working to integrate an Interruption Cost Estimate (ICE) calculator with the eRT platform. When finalized, this will allow public power utilities to estimate the costs associated with a given cyber or physical attack. Further, we are also developing a Public Power Cyber Asset Tracker.

Information Sharing

Sharing cyber and physical security threat information with other utilities and our federal partners is crucial for the stability of our nation’s electric grid. The Association encourages our members to sign up for both E-ISAC and MS-ISAC.

The Association is piloting a partnership with ArmorText to roll out a secure information sharing platform through which to disseminate and discuss threat information. Selected applicants may receive funding to cover the cost of rolling out ArmorText to their security teams.

The Association is also piloting a new Weekly Situation Report, which collects vulnerability and threat alerts from multiple sources and distills them into actionable digests. These reports are issued weekly and are freely available to members who sign up for the Association's Security List or are federated with the Association on ArmorText. Public power utilities interested in joining the ArmorText platform or receiving the Weekly Situation Reports can email [email protected] for more information.

Learn about information sharing in two reports:

Cybersecurity Summits

The Association has inaugurated an annual Cybersecurity Summit held every Fall. These summits gather leading subject matter experts as well as other cybersecurity professionals and offer training and networking opportunities to attendees. The 2019 Cybersecurity Summit will be held in Nashville, TN on November 18-20. Additional registration information can be found here.