2017 Research Portfolio

Power Delivery and Utilization - Distribution and Utilization

Program 183 - Cyber Security and Privacy

Last Updated: 04-Jan-2018
Program Description

Cyber and physical security have become critical priorities for electric utilities. The evolving electricity sector is increasingly dependent on information technology and telecommunication infrastructure to ensure the reliability and security of the electric grid. Specifically, measures to ensure cyber security must be designed and implemented to protect the electric grid from attacks by terrorists and hackers, and to strengthen grid resilience against natural disasters and inadvertent threats such as equipment failures and user errors.

The Cyber Security and Privacy Program of the Electric Power Research Institute (EPRI) focuses on addressing the emerging threats to an interconnected electric sector through multidisciplinary, collaborative research on cyber security technologies, standards, and business processes.

Research Value

The rapid pace of change in the electric sector creates a challenging environment for asset owners and operators to monitor the cyber security activities of industry groups, develop an understanding of how new technologies affect security, and maintain the right internal resources for assessing those technologies. EPRI employs a team of experts with comprehensive backgrounds in cyber security who address these challenges by providing insight and analysis of various security tools, architectures, guidelines, and results of testing to program participants.

Participation in EPRI’s Cyber Security and Privacy Program can provide the following benefits:

  • A better awareness of industry and government collaborative efforts, where members can "plug in" to current activities;
  • Guidance on developing cyber security strategies and requirements for selecting effective technologies;
  • Guidance on security metrics;
  • Techniques for assessing and monitoring risk;
  • Practical approaches to mitigating the risk of operating legacy systems;
  • Early identification of security gaps through laboratory assessments of security technologies; and
  • Technologies which support the management of cyber incidents and increase the cyber security and resiliency of the grid.

The Cyber Security and Privacy Program focuses on developing security requirements, creating new security technologies, and performing laboratory assessments of existing, relevant technologies. Members may use the products to enhance their current cyber security posture and increase the security of systems that are deployed in the future.

Key deliverables in this program include:

  • Newsletters and whitepapers to address high-impact issues;
  • Guidance on security metrics;
  • Guidance on assessing and monitoring risk;
  • Tools to manage networks and devices for power delivery systems;
  • Tools to support improved incident and threat management; and
  • Tools and techniques for assessing grid security, resiliency, and cyber security posture.

The portfolio of projects in the Cyber Security and Privacy Program has delivered several key accomplishments that have helped its members specifically and the industry as a whole.

National Electric Sector Cybersecurity Organization Resource (NESCOR): National Electric Sector Cybersecurity Organization Resource (NESCOR): The U.S. Department of Energy (DOE) awarded EPRI a contract to provide research and development resources for DOE’s public-private partnership, NESCOR. EPRI led the working groups that focus on identifying vulnerabilities and threats, assessing cyber security standards, and testing and validating technologies. The results of this work have been used to develop improved threat models, cyber security requirements, and security technologies. NESCOR delivered the following documents:  

  • Electric Sector Failure Scenarios and Impact Analyses : This document includes cyber security failure scenarios and impact analyses for the electric sector. A cyber security failure scenario is a realistic event in which the failure to maintain confidentiality, integrity, and/or availability of sector cyber assets creates a negative impact on the generation, transmission, and/or delivery of power.
  • Analysis of Selected Electric Sector High Risk Failure Scenarios : The failure scenarios in this document provide detailed analyses for a subset of the failure scenarios identified in the document listed above, which were prioritized for inclusion in this document, based upon the level of risk for the failure scenario and the priorities of NESCOR utility members.
  • Attack Trees for Selected Electric Sector High Risk Failure Scenarios : This briefing includes the modified attack tree diagrams from the detailed analysis documents.
  • Guide to Penetration Testing for Electric Utilities : This security test plan provides guidance to electric utilities on how to perform penetration tests in the smart grid domains of advanced metering infrastructure (AMI), demand response (DR), distributed energy resources (DER), distribution grid management (DGM), electric transportation (ET), and wide-area monitoring, protection, and control (WAMPAC). Penetration testing is one of the many different types of assessments that utilities can perform to evaluate their overall security posture.
  • Guidelines for Leveraging NESCOR Failure Scenarios in Cyber Security Tabletop Exercises: This document provides exercise facilitators with guidance concerning procedures and responsibilities for exercise development, facilitation, simulation, and support. It also includes a NESCOR failure scenario and explains how to expand this scenario for use in a cyber security tabletop exercise. 

Incident and Threat Management: Within the Security Technologies Project Set, EPRI is addressing the challenge of managing cyber and physical threats to substation and field devices.  In 2016, EPRI:

  • Developed and tested use cases for real world situations correlating aggregated data from substation sources in the Cyber Security Research Lab (CSRL);
  • Identified incident detection architectures for the Integrated Security Operations Center (ISOC) field devices and developed a corresponding test bed in the CSRL; and
  • Specified the requirements and tasks necessary to integrate the incident detections systems with SIEM tools.

Assessing and Monitoring Risk: Within the Information Assurance Project Set, EPRI focuses on security challenges that affect multiple operations domains, such as designing security into products, creating security metrics for the electric sector, and developing technical solutions for meeting security compliance requirements.  In 2016, EPRI:

  • Built on the 2015 Cyber Security Architecture Methodology report (3002005942) to include applicable device classes, security tools, and NESCOR failure scenarios for testing.
  • Revised the 2015 Creating Security Metrics for the Electric Sector report (3002005947) to include more in-depth parameters for creating a metrics program as well as risk-based security metrics.
  • Updated the Security, Cyber, Risk Assessment Methodology (SCRAM) database (3002005943).   
Key Activities

In 2017, this program expects to accomplish the following objectives:

  • Industry Collaboration: Track industry and government activities and provide technical contributions to key working groups;
  • Situational Awareness: Develop tools and technology for improved situational awareness for transmission and distribution systems;
  • Event and Incident Response: Improve the electric sector’s ability to detect, respond, and recover from cyber incidents.  The program will also continue technical development of the Integrated Security Operations Center (ISOC);
  • Threat and Vulnerability Management: Develop guidelines for advanced threat management for power delivery systems;
  • Cyber Security Program Management: Extend the security architecture methodology to include DER systems and address the technical challenges of cyber security compliance;
  • Asset, Change, and Configuration Management: Develop guidelines for effective configuration management;
  • Risk Management: Provide a methodology and metrics to establish a framework to evaluate the effectiveness of implemented security controls within power-delivery systems and operational environments; and
  • Supply Chain and External Dependencies: Examine various measures to reduce supply chain risk. 
Estimated 2017 Program Funding
Program Manager
Galen Rasche, 650-855-8779, grasche@epri.com
Non-EPRI Members: Contact Program Manager - Galen Rasche; 650-855-8779; grasche@epri.com
Last Updated
  • Business Process Challenges for Security Operations in Power Delivery Systems

    PS183D: Information Assurance (2017)

    This project set focuses on security challenges that affect multiple operations domains, such as designing security into products, creating security metrics for the electric sector, and developing technical solutions for meeting security compliance requirements.

  • Industry Collaboration and Technology Transfer

    PS183A: Industry Collaboration and Technology Transfer (2017)

    The landscape of cyber security activities in the electricity sector involves numerous industry, government, and regulatory groups. Although tracking these groups can be a daunting effort, it is critical for utilities to be up-to-date on key industry activities. This project set provides members with an up-to-date view of industry activities and supports technical contribution to these groups.  It also supports white papers and working groups on key cyber security topics. 

  • IT/OT Security Convergence

    PS183B: Security Technologies (2017)

    The Security Technologies project set addresses several security challenges facing power-delivery and control systems, including threat and vulnerability management, incident response, identity and access management, and situational awareness. The technology addressed within these focus areas can increase the security of next-generation power-delivery systems through a combination of new security tools and procedures to provide end-to-end security and support defense-in-depth strategies. Additionally, this project set will explore technology that helps organizations remain resilient to cyber security threats and continue to perform critical operations while under duress and during the recovery process.