Power Sector Cybersecurity Building Blocks

Through the Resilient Energy Platform, the USAID-NREL Partnership has developed a set of resources—the Cybersecurity Building Blocks—designed to help a variety of stakeholders improve security for the electrical grid. This effort grows out of USAID and NREL's discussions with utilities around the world, as well as past cybersecurity assessments performed by NREL on dozens of utilities and government agencies, with a focus on the cybersecurity challenges faced by small and under-resourced utilities.

BBDiagram.png

Note: Solid color blocks are internal to the utility; shaded blocks are external to the utility.

The Cybersecurity Building Blocks consist of eleven concise resources, each discussing a particular element of a well-rounded cybersecurity framework:

  • Governance: The processes that direct a utility-wide cybersecurity effort and provide accountability for that effort. Cybersecurity governance requires the understanding and action of those at the very top level of the utility, such as the executive director, chief executive officer (CEO), board of directors, and others.
  • Organizational Security Policy: This building block focuses on the high-level document that captures the essential elements of a utility’s efforts in cybersecurity and includes the effort to create, update, and implement that document.
  • Risk Management: Activities that identify and evaluate cybersecurity risk, with the goal of reducing that risk to a level appropriate to the utility’s business objectives.
  • Cyber Threat Intelligence (CTI): Cyberattack tools and adversaries that might constitute a threat and the vulnerabilities they could exploit. Utilities need CTI to understand the threat landscape and take action to mitigate cyber risks.
  • Laws, Regulations, and Standards: Laws and regulations are the compulsory host country directives that a utility must comply with regarding cybersecurity. Regulations sometimes enforce standards created by nongovernmental entities that capture best practices.
  • Compliance: The effort within a utility to remain in compliance with laws, regulations, and standards.
  • Procurement: The processes used to monitor and improve the cybersecurity of devices, applications, and services as they are acquired and integrated into utility operations, as well as efforts to manage supply chain risk.
  • Technical Controls: The hardware and software components that protect a system against cyberattack. Firewalls, intrusion detection systems (IDS), encryption, and identification and authentication mechanisms are examples of technical controls.
  • Incident Response: The actions taken by a utility to prepare for cyberattacks. This includes creating plans for response, rehearsing the response prior to an attack, continuous monitoring to identify attacks, and the actual response.
  • Cybersecurity Awareness Training: Steps taken by utilities to educate all employees (including nontechnical staff) about potential cyber threats and their roles in preventing them.
  • Workforce Development: The efforts by multiple organizations, such as government, industry, or academia, to ensure an adequate supply of workers with specialized cybersecurity knowledge and skills.

The resources provide details about each Cybersecurity Building Block, their importance, how they intersect and support each other, processes and actions associated with each building block, and data essential to each. The resources also include case studies showing the value of each Cybersecurity Building Block and references for more information.

The Cybersecurity Building Blocks are meant to be a starting point for utilities to promote a more rounded approach to cybersecurity that addresses both the technical and managerial requirements for protecting critical infrastructure.