Cybersecurity and Physical Security

APPA cybersecurity partnership with DOE yields significant resources for members

A partnership that the American Public Power Association entered with the Department of Energy (DOE) in 2016 has resulted in a wide range of resources that help public power utilities develop a culture of cybersecurity.

“Now more than ever, it is vital that the public power community stays on top of the latest cybersecurity threats and is able to effectively respond to those threats,” said Nathan Mitchell, Senior Director of Cyber and Physical Security Services at APPA.

“APPA successfully leveraged our partnership with the DOE over the last four years to deliver a wide range of resources to our members in order to help them successfully meet the ever-changing cybersecurity threat landscape,” he said. The agreement terminates at the end of this month.

“The end of our agreement with DOE is not the end of the cybersecurity journey, it is only the beginning,” Mitchell said, noting that all of the guidance documents that have been developed as a result of the agreement are still available for download from APPA’s website at: https://www.publicpower.org/topic/cybersecurity-and-physical-security

“APPA encourages its members to continue to use these resources to further enhance their cybersecurity programs,” he said.

Tools available to APPA members as a result of the agreement (Award No. DE-OE0000811) include:

Public Power Cybersecurity Scorecard

The Public Power Cybersecurity Scorecard is a customized platform that allows public power utilities to evaluate their cybersecurity program, plan improvements, and benchmark their security posture across peer utilities. There are currently 338 participating utilities in the program.

Free access to the Cybersecurity Scorecard will end as of Sept. 30. While the Cybersecurity Scorecard program will remain open to members to use, APPA is transitioning to a commercial, paid for service offering. 

Public Power Cybersecurity Roadmap

The Public Power Cybersecurity Roadmap, which builds on the Cybersecurity Scorecard, is a strategic plan designed to help public power utilities develop a stronger, sustainable state of security that is continually monitored and improved upon.

Developed with input from public power utilities’ security, information technology, operational technology, and leadership experts, the roadmap breaks down how a public power utility can develop and implement an action plan to improve its cybersecurity practices into four manageable stages.

The Public Power Incidence Response Playbook

The playbook offers public power utilities with step-by-step guidance and critical considerations in preparing for a cyber incident and developing a response plan that enables staff to take swift, effective action.

The playbook helps public power utilities think through the actions needed in the event of a cyber incident, clarifies the right people to engage in response to cyber incidents of different severity, and offers advice and templates to coordinate messaging about the incident.

Cybersecurity Training at the Cybersecurity Virtual Summit

To expand member outreach, APPA has started hosting an annual Cybersecurity Summit, now in its third year.

The summit, which welcomed over 150 attendees in its first year and over 200 in its second year, offers training and networking opportunities to attendees. The summits continue to be held annually. 

The next summit is scheduled for Nov. 16-17. Additional details are available here.

Other resources

Other resources flowing from the agreement for member utilities include a Weekly Situation Report prepared by APPA staff and a Regional Shared Cybersecurity Services Model.

To receive the Weekly Situation Report, subscribe to the Security List Serv at: https://www.publicpower.org/subscribe/lsoft-manual.

Additional information about the Regional Shared Cybersecurity Services Model is available here.

What is Next?

APPA will continue to work with DOE and is in the process of signing a new cooperative agreement to help public power utilities defend their OT cyber assets.