Cybersecurity Building Blocks

Through the Resilient Energy Platform, the USAID-NREL Partnership is developing a set of resources—the Cybersecurity Building Blocks—designed to help a variety of stakeholders improve security for the electrical grid. This effort grows out of USAID and NREL's discussions with utilities around the world, as well as past cybersecurity assessments performed by NREL on dozens of utilities and government agencies, with a focus on the cybersecurity challenges faced by small and under-resourced utilities.

new figure.png
Cyber Security Building Blocks

The Cybersecurity Building Blocks will consist of eleven concise resources, each discussing a particular element of a well-rounded cybersecurity framework:

  • Governance: The processes that direct a utility-wide cybersecurity effort and provide accountability for that effort. Cybersecurity governance requires the understanding and action of those at the very top level of the utility, such as the executive director, chief executive officer, board of directors, and others.
  • Organizational security policy: The high-level document that captures the essential elements of a utility’s efforts in cybersecurity.
  • Risk management: Activities that identify and evaluate cybersecurity risk, with the goal of reducing that risk to a level appropriate to the utility’s business objectives.
  • Cyber threat intelligence: Cyberattack tools and adversaries that might constitute a threat. Utilities need cyber threat intelligence to understand the threat landscape and take action to mitigate the risks arising from those threats.
  • Laws and regulations: The compulsory directives that a utility must comply with regarding cybersecurity.
  • Compliance: The effort within a utility to remain in compliance with laws, regulations, and organizational policies.
  • Procurement: The processes used to monitor and improve the cybersecurity of devices as they are acquired and integrated into utility operations, as well as efforts to manage supply chain risk.
  • Technical controls: The hardware and software components that protect a system against cyberattack. Firewalls, intrusion detection systems (IDSes), encryption, and identification and authentication mechanisms are examples of technical controls.
  • Incident response: The actions taken by a utility to prepare for cyberattacks. This includes creating plans for response, rehearsing the response prior to an attack, continuous monitoring to identify attacks, and the actual response.
  • Cybersecurity awareness training: Steps taken by utilities to educate all employees about potential cyber threats and their roles in preventing them.
  • Workforce development: The efforts by multiple organizations, such as government, industry, or academia, to ensure an adequate supply of workers with specialized cybersecurity knowledge and skills.

The resources under development will provide details about each Cybersecurity Building Block, their importance, how they intersect and support each other, processes and actions associated with each building block, and data essential to each. The resources will also include case studies showing the value of each Cybersecurity Building Block and references for more information.

The Cybersecurity Building Blocks are meant to be a starting point for utilities to promote a more rounded approach to cybersecurity that addresses both the technical and managerial requirements for protecting critical infrastructure.

Related Content:

Webinar: Building Blocks to Support Cybersecurity in the Power Sector

Webinar: Cybersecurity and Distributed Energy Resources

The Cybersecurity Building Blocks are expected to be published on this site in March 2021.