Cyber Wiki: Difference between revisions

From CyberWiki
Jump to navigation Jump to search
 
(12 intermediate revisions by the same user not shown)
Line 4: Line 4:
== Overview ==
== Overview ==
ERPI’s Cyber Security for Generation Assets Program (P209) performed research and development to improve the security, safety, and resiliency of power generation facilities.  The program addresses strategic focus areas including:
ERPI’s Cyber Security for Generation Assets Program (P209) performed research and development to improve the security, safety, and resiliency of power generation facilities.  The program addresses strategic focus areas including:
*[https://cyberwikitest.epri.com/Protect Protection] Technologies, Tools, and Guides
*[[Protect|Protection]] Technologies, Tools, and Guides
*[https://cyberwikitest.epri.com/Detect Detection] Technologies, Tools, and Guides
*[[Detect|Detection]] Technologies, Tools, and Guides
*[https://cyberwikitest.epri.com/Respond_Recover Response and Recovery] Technologies, Tools, and Guides
*[[Respond_Recover|Response and Recovery]] Technologies, Tools, and Guides
*[https://cyberwikitest.epri.com/Emerging_Technology Emerging Technology] Industry-specific technology use cases, guidance, Testing, and Development.  
*[[Process|Process and Integration]], Regulatory Impacts, Workforce Development, Training, and GRC
*[https://cyberwikitest.epri.com/Process Process and Integration], Regulatory Impacts, Workforce Development, Training, and GRC
*[[Emerging_Technology|Emerging Technology]] Industry-specific technology use cases, guidance, Testing, and Development.  
*Changing Threat Landscape
*Industry Collaboration and Benchmarking
*Industry Collaboration and Benchmarking
The CyberWiki also includes industry [https://cyberwikitest.epri.com/Terms definitions, terms], [https://cyberwikitest.epri.com/Standards standards, and regulations].
== Summary of Key Topics ==
Here you will find a summary listing of resource areas and key topics.  Published EPRI resources are listed by topic (separate login and access required).  Resources that address multiple topics are listed multiple times.
{| class="wikitable"
! Topic
! Description
! Resources
|-
| Changing Threat Landscape
| Cyber security threats evolve and impacts strategy, OT technology, and defensive tools.
| [https://www.epri.com/research/programs/112046/results/3002014312 Recent Russian Cyber Campaign Targeting the Electric Sector] <br> [https://www.epri.com/research/programs/112046/results/3002015259 Changing Threat Landscape Study Report] <br> [https://www.epri.com/research/programs/112046/results/3002017849 Awareness of Nation State Cyber Activity Targeting Critical Infrastructure] <br> [https://www.epri.com/research/programs/112046/results/3002017864 2020 OT Cyber Security Trends for Electric Utilities] <br> [https://www.epri.com/research/programs/112046/results/3002022287 Critical Infrastructure Interdependencies on Generation Capacity] <br> [https://www.epri.com/research/programs/112046/results/3002025919 Operational Technology (OT) Network Segmentation and Micro-Segmentation Strategies]
|-
| Industry Standards and Regulation
| Cyber security focusses on risk reduction. Regulatory standards mandate minimum expectations. Multiple security standards and framework are used worldwide and can align strategies with common terms and expectations. Research guides typically include sections relating to relevant standards and regulations by topic.
| [https://cyberwikitest.epri.com/Standards CyberWiki Standards and Regulation Listing]
|-
| Definitions and Terms
|
| [https://cyberwikitest.epri.com/Terms CyberWiki Terms Library] <br> [https://csrc.nist.gov/glossary NIST Glossary (External)] <br> [https://nerc.com NERC Published Glossary of Terms (External)] <br> [https://www.isc2.org/certifications/cissp/cissp-student-glossary ISC2 CISSP Student Guide Glossary (External)]
|-
! colspan="3" | Process and Integration
|-
| Governance, Risk, and Compliance
| Governance, Risk, and Compliance (GRC) addresses….
| [https://www.epri.com/research/programs/112046/results/3002012752 Cyber Security Technical Assessment Methodology] <br> [https://www.epri.com/research/programs/112046/results/3002017786 ConEd and Duke Energy Evaluate Cyber Security with Technical Assessment Methodology] <br> [https://www.epri.com/research/programs/112046/results/3002018752 Asset Management and Baseline Configuration for Generation and Renewable Assets] <br> [https://www.epri.com/research/programs/112046/results/3002018753 Risk-Informed Cyber Security Program Guide for Electric Generation Facilities] <br> [https://www.epri.com/research/programs/112046/results/3002019700 Fossil Power Plant Cyber Security Life-Cycle Risk Reduction] <br> [https://www.epri.com/research/programs/112046/results/3002021173 Operations Security (OPSEC) Program Development Guide] <br> [https://www.epri.com/research/programs/112046/results/3002027427 Cyber Security Risk Assessment Methodology] <br> [https://www.epri.com/research/programs/112046/results/3002027428 Cyber Security Case Study in Digital Overspeed Protection Systems] <br> [https://www.epri.com/research/programs/112046/results/3002027921 Cyber Security Operations Security (OPSEC) Awareness Posters] <br> [https://www.epri.com/research/programs/112046/results/3002027981 Duke Energy Optimizes Cyber Security for Generation Fleet]
|-
| Program Development
|
| [https://www.epri.com/research/programs/112046/results/3002012752 Cyber Security Technical Assessment Methodology: Risk Informed Exploit Sequence Identification and Mitigation, Revision 1] <br> [https://www.epri.com/research/programs/112046/results/3002016128 Transient Cyber Assets (TCAs) and Removable Media Process Guidance: Generation Cyber Security] <br> [https://www.epri.com/research/programs/112046/results/3002018753 Risk-Informed Cyber Security Program Guide for Electric Generation Facilities: Generation Cyber Security] <br> [https://www.epri.com/research/programs/112046/results/3002019699 Developing a Tamper Indicating Device (TID) Program for Cyber-Physical Security] <br> [https://www.epri.com/research/programs/112046/results/3002023339 Cyber-Security Assessment Lessons Learned in Generation] <br> [https://www.epri.com/research/programs/112046/results/3002027981 Duke Energy Optimizes Cyber Security for Generation Fleet]
|-
| Workforce Development
|
| [https://www.epri.com/research/programs/112046/results/3002011188 Patch Management Guideline CBT] <br> [https://www.epri.com/research/programs/112046/results/3002011545 Secure Interactive Remote Access in Power Generation Facilities v1.0] <br> [https://www.epri.com/research/programs/112046/results/3002011991 Guideline on Digital I&C Configuration Management and Hardening for Generation Facilities Computer Based Technology Transfer Modules] <br> [https://www.epri.com/research/programs/112046/results/3002014270 Incident Response Guidance: Generation Cyber Security] <br> [https://www.epri.com/research/programs/112046/results/3002014785 Access Control and Permission Management: Generation Cyber Security] <br> [https://www.epri.com/research/programs/112046/results/3002014786 Guideline on Cyber Security Scanning for Generation Plant Control Systems] <br> [https://www.epri.com/research/programs/112046/results/3002015262 Transient Cyber Assets and Removable Media Guideline] <br> [https://www.epri.com/research/programs/112046/results/3002016907 Technical Assessment Methodology (TAM) Revision 1] <br> [https://www.epri.com/research/programs/112046/results/3002017753 Developing a Cyber Security Culture in the Operational Technology (OT) Environment] <br> [https://www.epri.com/research/programs/112046/results/3002021173 Operations Security (OPSEC) Program Development Guide] <br> [https://www.epri.com/research/programs/112046/results/3002027495 Generation Cyber Security: Workforce Development] <br> [https://www.epri.com/research/programs/112046/results/3002027921 Cyber Security Operations Security (OPSEC) Awareness Posters]
|-
| Supply Chain Risk Management
|
| [https://www.epri.com/research/programs/112046/results/3002012753 Cyber Security in the Supply Chain: Cyber Security Procurement Methodology, Revision 2] <br> [https://www.epri.com/research/programs/112046/results/3002015402 Understanding Vendor Cyber Security Certifications] <br> [https://www.epri.com/research/programs/112046/results/3002021184 Hydro Power DCS Upgrade Cyber Security Assessment] <br> [https://www.epri.com/research/programs/112046/results/3002027429 Cyber Security Procurement Topical Guide]
|-
! colspan="3" | Protection
|-
| Security Architectures and Segmentation
|
|
|-
| Vulnerability Management
|
|
|-
| Hardening
|
|
|-
| Secure Remote Access
|
|
|-
| Transient Cyber Assets and Removable Media
|
|
|-
| Identity and Access Management
|
|
|-
! colspan="3" | Detection
|-
| Real-Time Detection
|
|
|-
| Scanning
|
|
|-
| Security Event Monitoring
|
|
|-
! colspan="3" | Response and Recovery
|-
| Incident Response Program
|
|
|-
| Incident Response Playbooks
|
|
|-
| Disaster Recovery Plans
|
|
|-
| Scenarios and Training
|
|
|-
| Backup and Recovery
|
|
|-
| Security Operations and Incident Classification
|
|
|-
! colspan="3" | Technology and Use Cases
|-
| Wireless Technology in Generation
|
|
|-
| IIOT, IOT, and Industry 4.0
|
|
|-
| Digital Worker
|
|
|-
| Artificial Intelligence
|
|
|-
| Quantum Computing
|
|
|-
| Software Bill of Materials
|
|
|-
| Control System Case Studies
|
|
|-
| Technical Assessment Methodology Case Studies
|
|
|}

Latest revision as of 19:38, 30 October 2024

Welcome to the Cyber Security for Electric Power Generation CyberWiki

Welcome to the main page of the Electric Power Research Institute's CyberWiki, a wiki-style hub for cyber security research at EPRI, with a focus on operational technology in power generation. CyberWiki was built using the MediaWiki engine to be an extensible and dynamic educational and knowledge dissemination tool. It supplements the published content that is accessible through the EPRI website, or through each program's cockpit, by providing a flexible, web-based content delivery solution for projects that can benefit from the ability to easily update and add content as a project progresses. EPRI members can log in to access additional content through the EPRI Cyber Security for Generation Assets homepage.

Overview

ERPI’s Cyber Security for Generation Assets Program (P209) performed research and development to improve the security, safety, and resiliency of power generation facilities. The program addresses strategic focus areas including:

Retrieved from "https://cyberwiki.epri.com/index.php?title=Cyber_Wiki&oldid=120"