Facilitating Cyber Security Information Exchange for Smart Grid Early Adopters

Client: U.S. Department of Energy, Office of Electricity Delivery and Energy Reliability

Nexight Group helped design and facilitate two workshops that shared critical cyber security information and best practices with utilities who are rapidly deploying advanced smart grid technologies across the U.S. electric grid.


New smart grid technologies and systems promise improved grid reliability and disruption response; but they also exponentially increase digital access points to the grid and introduce new cyber risks. Smart grid early adopters—like those utilities who are cost-sharing smart grid investments using DOE Recovery Act grants—must work with state-of-the-art cyber security tools and practices as they deploy new technologies. But connecting utilities with available tools and resources can be an outreach challenge.

Our Solution

Nexight Group worked with OE and a team of contractors to design a two-day workshop that put smart grid grant recipients face-to-face with cyber security experts and their utility peers. In August 2011, we facilitated the first Cybersecurity Information Exchange to foster direct peer-to-peer sharing and enable cyber security experts to link utilities with tools and best practices to better secure their systems.

Nexight’s facilitation plan included expert presentations, panel discussions, and 10 facilitated breakout group topics over two days to:

  • Identify the critical and persistent cyber security challenges utilities face as they deploy new smart grid technologies
  • Prioritize gaps and needs for DOE to address
  • Directly share lessons lessons learned  and best practices from implementing required cyber security plans

Nexight facilitated the plenary sessions and analyzed outcomes from breakout sessions to help develop a concrete set of gaps and needs from grant recipients. We then built a comprehensive spreadsheet tool that crosswalked priority needs with available tools and programs from across government and the private sector. The resulting Resource Guide served two purposes: it educated grant recipients on new resources available to them, and highlighted the true information and technology gaps to better direct OE resources.

In December 2012, Nexight facilitated a second Information Exchange, designed to share the multitude of best practices and lessons learned since project inception, identify remaining gaps and unmet needs, and share ideas on maintaining a strong cyber security posture and making a continued business case for cyber security.


The Resource Guide was used widely by smart grid grant recipients to access new resources and improve their cyber security practices. The workshops also helped build the relationships that enable direct peer-to-peer information sharing outside of organized events.