Navigating Cybersecurity in
Energy Grids:
A Roadmap for Resilience and Innovatiion
EPRI Insights | October 2023
DOWNLOAD FULL REPORT
Share this:
Contemporary Trends in Cybersecurity
for Improving Grid Resilience
by Jordan Aljbour & Bailie Neary,
EPRI Technology Innovation
65%
% of energy utilities now adhering to the NIST Cybersecurity Framework
Increased Regulation
Implementation of AI & Machine Learning
78%
% of energy utilities with real-time data analysis able to detech cyber threats faster and with greater precision
A voluntary set of standards, guidelines, and best practices designed to help organizations manage and reduce cybersecurity risk.
National Institute of Standards and Technology (NIST) Cybersecurity Framework
55%
Advanced Monitoring & Detection System
% reduction in successful breaches using advanced Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)
Adoption of "Secure-by-Design" Principles
Integrates security considerations form the onset of system development
INTEROPERABILITY:
THE NIMBLE SMART GRID
NIST Interoperability Framework
Increasing Interoperability
Cyber-Physical Security Convergence
Quantum
Computing and Post-Quantum Cryptography
Supply Chain Security and Incident Response Capabilities
Click on objects to reveal
Impact Analysis I:
Cybersecurity Resilience on
Power Generation Variability
The intertwined components of a smart grid, underscoring the urgency for robust cybersecurity solutions in safeguarding information flow and system integrity
Current Assessment and Lessons Learned
AI-based anomaly detection and adherence to NIST cybersecurity frameworks may offer a 27% reduction in cyber-induced system downtime across all generation facilities
Risk Informed Program Guidelines and
Standards of Practice
Risk-based strategies, like the U.S. NERC CIP standards and the EU's NIS Directive have resulted in a 30% reduction in severe breaches in energy utilities over the past two years.
Research Gaps and Priorities Going Forward
- Creating robust and defensible network architectures that are resilient to cyber threats.
- Integrating cybersecurity considerations into the engineering of power generation systems (cyber-informed engineering),
- Cultivating a skilled workforce that can manage and respond to an increasingly complex threat landscape.
Impact Analysis II:
Cybersecurity Resilience on
Power Delivery and Utilization
Regulatory Assessment and Lessons Learned
Global regulatory bodies enforce strict cybersecurity standards such as the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards in the US, setting specific protocols for utilities, from physical security to incident recovery planning. Compliance often requires investments in technology, processes, and training, and thereby increasing operational costs.
Infrastructure Vulnerabilities and Resilience
The impacts of cybersecurity failures ocan be substantial and immediate. Cyberattacks can poentialy disrupt service(s), damage equipmentand other infrastructure, and even cause widespread power outages.
Competitive Dynamics and Trust in the Utilities Industry
Cybersecurity can be a competitive edge in the power industry, where reliability is crucial. Conversely, utilities with weak cybersecurity protocols risk reputational damage and customer loss following cyber incidents in an increasingly security-conscious market
Impact Analysis III:
Cybersecurity Resilience on Power Systems
and Energy Infrastructure
Anticipatory Measures
In addition to equipping systems with advanced cybersecurity tools, comprehensive visibility allows for risk prioritization and proactive threat mitigation.
Absorptive and Adaptive Strategies
Apart from deploying robust security measures such as advanced firewalls and intrusion detection systems), it's essential to establish a defensible architecture, enabling effective threat isolation.
Recovery Mechanisms
Organizational preparation plays a pivotal role in recovery from cyber attacks. This involves not just technology, but also thorough training, detailed incident response playbooks, and practiced procedures process.
Cybersecurity Vision for 2030
Implement a Risk-Informed Cybersecurity Program
Program Resilience:
Security, Safety, and Responsiveness
Adopt an Integrated Security Operations Center (ISOC)
Combine information technology (IT), operations technology (OT), and physical security (PS) systems for greater insight.
Devote Resources to Continuity Incident
Response Planning
Cybersecurity must transition into an essential embedded design in utility operations
Fleet Risk Assessment
Check if operations are aligned with governance; identify critical functions, and scope to align with governance model
Integrated Policy and
Procedural Framework
Defines the strategy for creating new and modifying old policies and procedures to implement updated cyber controls and requirements.
Strategy and Architecture
Define an overall architecture composed of security zones that share cyber requirements. Include planning for comunications between zones, protective measures and infrastructure, and maturity targets.
Implement Program Changes
Deploy the plan. Use pilots to identify gaps, allow for sufficient training, and establish an incident response team before scaling to entire organization.
Administrative Control and Program Integration
Implement necessary processes and procedures into overall framework to maintain and adhere to all technical and administrative controls.
New and Enhanced
Technical Controls
Define the strategy to mitigate, transfer, avoid, or accept risks identified during evaluation
Evaluate Current State
Attack Surface
Asess the access points for cyberattack and identify current vulnerabilities. Use target maturity levels to determine the level of evaluation.
Governance
Identifies responsibilities, expectations, and standards which inform the organizational structure and policies. Goal is to operate within the defined risk threshold.
Continuous Improvement
Monitor program and implement updates to stay on toip of evolving control system, security technologies, and attacker capabilities.
Gain greater visibility into the entire organization
Enable coordinated response efforts, leverage the same resources to conduct SOC mission
Adopt tools that give insight into control system network
Learn More
Web
www.epri.com
About EPRI
Founded in 1972, EPRI is the world's preeminent independent, non-profit energy research and development organization, with offices around the world. EPRI's trusted experts collaborate with more than 450 companies in 45 countries, driving innovation to ensure the public has clean, safe, reliable, affordable, and equitable access to electricity across the globe. Together, we are shaping the future of energy.
X/Twitter
@EPRINews
DOWNLOAD FULL REPORT
Share this:
EPRI
3420 Hillview Avenue, Palo Alto, California 94304-1338 USA • 800.313.3774 • 650.855.2121 • askepri@epri.com • www.epri.com
© 2023 Electric Power Research Institute (EPRI), Inc. All rights reserved. Electric Power Research Institute, EPRI, and TOGETHER…SHAPING THE FUTURE OF ENERGY are registered marks of the Electric Power Research Institute, Inc. in the U.S. and worldwide.
Train to identify indicators specific to power generation facilities
Use Protect, Detect, Respond & Recover, the defense-in-depth techniques, to determine potential impact of cyber event
First line of defense is preparedness. Develop an incident response playbook
EPRI Success Story:
Duke Energy’s Generation Fleet
In a successful collaboration with EPRI, Duke Energy implemented a risk-informed operational technology security program to enhance the security of their generation fleet – strategically optimizing cybersecurity investments while saving millions of dollars.
EPRI/Duke Energy Collaboration: Key Takeaways
5/5
Cross-Sector Collaboration
Duke Energy and EPRI's successful collaboration underscores the value of cross-sector partnerships in enhancing cybersecurity outcomes
4/5
Continuous Evaluation
Cybersecurity requires ongoing effort; continuous assessments, updgradses, and iimprovements are vital to remain resilient against evolving threats
3/5
Strategic Investments
Duke leveraged their mature cybersecurity strategy to guide capital and operational investments, integrating cybersecurity considerations into broader business strategies
2/5
Structured Roadmaps
EPRI's systematic methodology provided Duke with a step-by-step roadmap, simpligying the complexity of cybersecurity implementation
1/5
Risk-Informed Approach
Duke Energy's use of a risk-informed cybersecurity strategy led to prioritized protection and signifiant cost savings by deferring unnecessary investments
Navigating Cybersecurity in Energy Grids:
A Roadmap for Resilience and Innovation
DOWNLOAD FULL REPORT
Future States: Cybersecurity for 2030