Powering Strong Communities
Security and Resilience (Cyber and Physical)

Public Power Cyber Incident Response Playbook

This playbook provides public power utilities with step-by-step guidance and critical considerations in preparing for a cyber incident and developing a response plan that enables staff to take swift, effective action.

The playbook helps public power utilities think through the actions needed in the event of a cyber incident, clarifies the right people to engage in response to cyber incidents of different severity, and offers advice and templates to coordinate messaging about the incident.

The playbook:

  1. Provides guidance to help a utility develop its cyber incident response plan, including identifying processes and procedures for detecting, investigating, eradicating, and recovering from a cyber incident.
  2. Maps out the industry and government partners that public power utilities can engage during a significant cyber incident to share information, get support for incident analysis and mitigation, and coordinate messaging for incidents that require communication with customers and the public.
  3. Outlines the process for requesting cyber mutual aid for an incident that significantly disrupts utility business or operational energy delivery systems and overwhelms in-house cyber resources and expertise.

This material is based upon work supported by the Department of Energy under Award Number(s) DE-OE0000811.