Cybersecurity for Energy Delivery Systems

Cyber and physical threats pose an ever-increasing threat to our businesses and communities. The Association is committed to helping the public power community improve their cybersecurity posture. As a part of this effort, in 2016 we entered into a 3-year cooperative agreement with the U.S. Department of Energy (DOE), providing the Association with up to $7.5 million to help public power utilities create stronger, more secure systems. This effort is known as the Cybersecurity for Energy Delivery Systems (CEDS) program.

View the video below for a brief introduction to the program.

Learn more about this program in our complete Project Management Plan.

Public power utilities, state associations, and joint action agencies can access the following resources and opportunities offered through this program.

Association members can access additional cybersecurity resources on our Cybersecurity and Preparedness page.

Cyber Resiliency and Security Assessments

Public power utilities can use the following tools and resources to assess, benchmark, and improve their cybersecurity programs.

Cybersecurity Scorecard

Use this online self-assessment tool to gauge your utility’s security posture. Based on the DOE Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2), the scorecard provides a starting point to address cyber risks. For more information, view an overview of the scorecard platform or email [email protected].

Get started with your assessment.

Cybersecurity Training

Access discounts on cyber training courses developed specifically for the public power community.

Cybersecurity Procurement Needs

Review the Managed Cybersecurity Service Providers for Electric Utilities report to find out which vendors may be able to assist you with certain cybersecurity needs.

Cyber Resiliency and Security Videos

This series of short, actionable videos can educate utility staff, first responders, city officials, and other community stakeholders about security issues related to the electrical system.

For downloadable versions of these videos, please contact [email protected].

Watch this video to learn more about basic cybersecurity “hygiene” to ensure that your utility is #CyberReady.

This video explains the four steps of the cybersecurity risk cycle that a public power utility can use to manage risk and be #CyberReady.

This video explains why sharing information between public power utilities is vital to improving the security of the grid.

 

Stay tuned! The series will also include a video on information sharing.

Cybersecurity Program Roadmap

After assessing your cybersecurity posture, this guide will help you take the next step to improve your utility’s readiness based on your identified needs and priorities. The Association is currently working with Beam Reach Group to create the roadmap, which will provide specific strategies and guidance for a number of key areas.

Cyber Resiliency and Security Incident Response Model Playbook

The Incident Response Model Playbook [forthcoming] will walk through the steps and best practices a utility can follow in the event it experiences a cyber incident or attack.

Vulnerability Assessments

The Association has partnered with Burns & McDonnell to conduct onsite vulnerability assessments for the public power community and will be integrating processes and technologies to alert public power utilities of threats and vulnerabilities in their cyber and physical systems.

Public power providers interested in participating in the onsite vulnerability assessment program can fill out the interest form.

Extend and Integrate Technologies

Public power providers can receive financial assistance and other support to use cyber technologies through the Cybersecurity Technology Assistance Program.

The reliability of delivering electricity is influenced by the maturity of a utility’s security program. Small public power utilities are eligible for subsidized eReliability Tracker (eRT) subscriptions. Email [email protected] and [email protected] for more information. The Association’s eRT Team is also working to integrate an Interruption Cost Estimate (ICE) calculator with the eRT platform. When finalized, this will allow public power utilities to estimate the costs associated with a given cyber or physical attack. Further, we are also developing a Public Power Cyber Asset Tracker.

Information Sharing

Sharing cyber and physical security threat information with other utilities and our federal partners is crucial for the stability of our nation’s electric grid. The Association encourages our members to sign up for both E-ISAC and MS-ISAC.

Learn about information sharing in two reports: