Nexight, supporting the American Public Power Association (APPA), created a guide to help electric utilities develop, review, and implement incident response plans to prepare for and limit the impacts of cyberattacks.
Cyberattacks targeting electric utilities are becoming more frequent, more sophisticated, and more severe. Because these attacks are beginning to target utilities’ power generation and delivery operations, they pose significant risks to public health and safety, as well as national security.
Despite these considerable threats, utilities’ awareness of and level of preparedness for cyber incidents varies significantly. To help utilities better prepare for potential attacks, APPA sought to develop a cyber incident response playbook to provide electric utilities with a step-by-step guide for developing their own effective response plans.
APPA turned to Nexight based on our extensive involvement in industry-driven efforts to secure the electric grid from cyber risks. The support of major cybersecurity initiatives that we’ve provided for the past decade to the U.S. Department of Energy has given us a keen understanding of the distinct cyber security needs and limitations of public power utilities.
We leveraged our strong track record of facilitating large, complex cyber security efforts among energy industry partners and developing plans and guides that drive action to create the Public Power Cyber Incident Response Playbook, which utilities can use to develop a response plan for disrupting or mitigating cyber incidents. The playbook:
- Maps out incident response best practices, resources, and partners that should be engaged
- Provides a simple, step-by-step model—including templates and advice—for utilities internal response actions and external coordination actions
- Draws upon the best elements of proven existing incident response and coordination plans
- Integrates with other sector-level and federal response, coordination, and mutual aid strategies
To develop the playbook, the Nexight team worked with APPA, using the methods outlined below, to engage a group of cyber security and emergency response personnel from within its member utilities as well as from incident response assistance groups.
- Identified top challenges and best practices
- Identified gaps in existing plans and resources
- Helped define roles and responsibilities, communications needs, and critical actions to identify, triage, and respond to cyber security incidents
- Reviewed existing literature and plans for both cyber incidents response and related natural disaster response to extract best practices and approaches, especially from mutual aid programs and resources
- Developed tabletop exercises for utilities, aid groups, and industry organizations (e.g., Electricity Information Sharing and Analysis Center [E-ISAC]) to test and revise the playbook procedures and demonstrate the need for utilizes to further develop or revise their response plans
By effectively guiding member utilities and other interested parties through the process of developing an incident response plan, the Public Power Cyber Incident Response Playbook can help mitigate the impact of cyber incidents against U.S. public power utilities by ensuring that staff have the tools and knowledge necessary to take swift, impactful action.