Public power utilities across the country are working to create a more resilient and secure electric grid that appropriately manages the risk from a range of threats. By working with APPA, their communities, states, and the federal government, utilities are improving their physical and cyber security postures to continue providing safe, reliable, and affordable energy.
October 2023 E-ISAC Threat Briefing for Public Power
Cybersecurity and Technology Summit, September 8 - 11, 2024, Cleveland, Ohio
The Cybersecurity and Technology Summit is a dedicated venue for knowledge sharing, networking, and advancing cybersecurity initiatives across the public power community.
The summit brings together professionals, experts, and stakeholders within the public power sector to share insights and raise awareness of how to better protect their public power utility, its assets, and customers from cyber threats and other challenges posed by emerging technology.
The summit will address the unique challenges, best practices, and emerging trends in cybersecurity and IT infrastructure relevant to public power utilities. Topics include strategies for protecting critical infrastructure, mitigating cyber threats, implementing secure technologies, and fostering collaboration among utilities to enhance cybersecurity resilience.
Our Security Team
Michael Coe
Vice President, Physical and Cyber Security Programs
Richard Condello
Utility Cybersecurity Deployment Director
Paul Carroll
Cybersecurity Programs Senior Manager
Rachael Beitler
Procurement and Contracts Senior Manager
Adrian McNamara
Cybersecurity Program Manager
Chris Ching
Cybersecurity Specialist
Matt Whiting
Security Programs Specialist
For cybersecurity inquiries, contact [email protected].
For physical security inquiries, contact [email protected].
Cybersecurity Programs
With an increasingly hostile threat landscape, APPA has obtained over $25 million in funding from the federal government to effort to improve the cybersecurity maturity and posture of its members. Members are able to avail themselves to a host of programs and resources, from deploying sensing technology to baseline assessments to technical assistance and more.
ICS CyberShield
The ICS CyberShield program is the result of the National Security Council’s 100-day Action Plan to improve OT cybersecurity in the electric sector and expand collective defense. Through a cooperative agreement with the Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER), APPA received funding to support OT cybersecurity sensor deployment at public power utilities with over 50,000 meters as well as joint action agencies serving an aggregate 50,000 meters.
To date, APPA has awarded almost $5 million to the first 11 utility participants to fund 50 cybersecurity projects from 30 different technology companies and is working with an additional 15 utilities and 12 technology companies in various phases of the process.
APPA is still looking for eligible utilities interested in participating in the program to deploy various technologies to enhance the security of their OT and ICS networks. Interested utilities can reach out to [email protected] to learn more.
OT Insight
The OT Insight program is a cooperative agreement with DOE CESER to deploy operational technology (OT) cybersecurity sensors to small public power utilities to improve cybersecurity maturity and expand collective defense. The program is also focused on evaluating the capabilities and suitability of various OT sensors for use in public power utilities and developing a data aggregation platform to share anonymized threat information across vendors for further analysis and dissemination.
APPA has awarded $2.3M to 10 utilities to deploy 5 sensor technologies. Although at this time the program is fully enrolled, we encourage interested utilities to contact APPA as soon as possible as additional funding may become available depending upon demonstrated demand for funding. The program is progressing into the data sharing stage of the project plan and utilities interested in sharing their expertise and participating in the data sharing working group can reach out to [email protected] to learn more.
Cyber Pathways
APPA’s Cyber Pathways program is a new cooperative agreement funded by DOE CESER’s Rural and Municipal Utility Advanced Cybersecurity Grant and Technical Assistance (RMUC) Program to support public power utilities of all sizes improve their cybersecurity maturity. While this four-year effort is targeted toward small public power utilities, public power utilities of all sizes and maturity levels are welcome to participate.
The focus of the program is on improving cybersecurity maturity by first baselining the public power community’s cybersecurity posture and then providing resources for utilities to improve their readiness through cybersecurity training, participation in information sharing and incident response organizations, and a new cybersecurity designation program to recognize utilities for implementing best practices.
APPA is seeking utilities interested in participating in the program in any capacity, whether through the baseline effort, evaluating training opportunities, or serving on the working groups to develop the cybersecurity designation program and other new resources. Interested utilities can reach out to [email protected].
For more information, see our one-page overview (PDF).
Physical Security Essentials: A Public Power Primer
APPA's physical security guide, Physical Security Essentials: A Public Power Primer, is for utility professionals interested in enhancing their organization’s physical security posture. Updated in February 2024, it explains various physical security concepts in tandem with actionable checklists and guidance so that security personnel can identify areas for improvement and enhance their utility’s physical security. The guide also includes updated data on public power’s physical security posture and practices so utilities can see how their practices align with peers.
The guide is available to purchase from our e-store in both digital and print formats. (A login is required for the APPA member discount price.)
Resources
Many of the free resources available to the public power community were funded through cooperative agreements between APPA and the Department of Energy's Office of Cybersecurity, Energy Security, and Emergency Response to help public power utilities create stronger, more secure systems.
Information Sharing and Analysis Centers
The information sharing and analysis centers (ISACs) are central resources for receiving and sharing cybersecurity threat information within a sector. The public power community is served primarily by the Electricity Information Sharing and Analysis Center (E-ISAC) but APPA member utilities are also often eligible to join the Multi-State Information Sharing and Analysis Center (MS-ISAC).
The E-ISAC is open to all electricity asset owners and operators and select government and cross-sector partners in North America. The MS-ISAC is the designated resource for cyber threat prevention, protection, and response and recovery for state, local, tribal, and territorial (SLTT) governments. The MS-ISAC offers similar cybersecurity threat advisories, educational materials, and reports as the E-ISAC but is more focused on IT network monitoring and alerting. Joining the E-ISAC or the MS-ISAC is free for eligible organizations.