Cyber Wiki: Difference between revisions
Jump to navigation
Jump to search
| Line 24: | Line 24: | ||
| Changing Threat Landscape | | Changing Threat Landscape | ||
| Cyber security threats evolve and impacts strategy, OT technology, and defensive tools. | | Cyber security threats evolve and impacts strategy, OT technology, and defensive tools. | ||
| [https://www.epri.com/research/programs/112046/results/3002014312 Quick Brief: Recent Russian Cyber Campaign Targeting the Electric Sector] <br> [https://www.epri.com/research/programs/112046/results/3002015259 Changing Threat Landscape Study Report: Generation | | [https://www.epri.com/research/programs/112046/results/3002014312 Quick Brief: Recent Russian Cyber Campaign Targeting the Electric Sector] <br> [https://www.epri.com/research/programs/112046/results/3002015259 Changing Threat Landscape Study Report: Generation Cyber Security] <br> [https://www.epri.com/research/programs/112046/results/3002017849 Quick Brief: Awareness of Nation State Cyber Activity Targeting Critical Infrastructure] <br> [https://www.epri.com/research/programs/112046/results/3002017864 2020 OT Cyber Security Trends for Electric Utilities] <br> [https://www.epri.com/research/programs/112046/results/3002022287 Critical Infrastructure Interdependencies on Generation Capacity] <br> [https://www.epri.com/research/programs/112046/results/3002025919 Operational Technology (OT) Network Segmentation and Micro-Segmentation Strategies] | ||
|- | |- | ||
| Industry Standards and Regulation | | Industry Standards and Regulation | ||
| Cyber security focusses on risk reduction. Regulatory standards mandate minimum expectations. Multiple security standards and framework are used worldwide and can align strategies with common terms and expectations. | | Cyber security focusses on risk reduction. Regulatory standards mandate minimum expectations. Multiple security standards and framework are used worldwide and can align strategies with common terms and expectations. Research guides typically include sections relating to relevant standards and regulations by topic. | ||
| [https:// | | [https://cyberwikitest.epri.com/Standards CyberWiki Standards and Regulation Listing] | ||
|- | |- | ||
| Definitions and Terms | | Definitions and Terms | ||
| | | | ||
| | | [https://cyberwikitest.epri.com/Terms CyberWiki Terms Library] <br> [https://csrc.nist.gov/glossary NIST Glossary (External)] <br> [https://nerc.com NERC Published Glossary of Terms (External)] <br> [https://www.isc2.org/certifications/cissp/cissp-student-glossary ISC2 CISSP Student Guide Glossary (External)] | ||
|- | |- | ||
! colspan="3" | Process and Integration | ! colspan="3" | Process and Integration | ||
| Line 38: | Line 38: | ||
| Governance, Risk, and Compliance | | Governance, Risk, and Compliance | ||
| Governance, Risk, and Compliance (GRC) addresses…. | | Governance, Risk, and Compliance (GRC) addresses…. | ||
| | | [https://www.epri.com/research/programs/112046/results/3002012752 Cyber Security Technical Assessment Methodology] <br> [https://www.epri.com/research/programs/112046/results/3002017786 ConEd and Duke Energy Evaluate Cyber Security with Technical Assessment Methodology] <br> [https://www.epri.com/research/programs/112046/results/3002018752 Asset Management and Baseline Configuration for Generation and Renewable Assets] <br> [https://www.epri.com/research/programs/112046/results/3002018753 Risk-Informed Cyber Security Program Guide for Electric Generation Facilities] <br> [https://www.epri.com/research/programs/112046/results/3002019700 Fossil Power Plant Cyber Security Life-Cycle Risk Reduction] <br> [https://www.epri.com/research/programs/112046/results/3002021173 Operations Security (OPSEC) Program Development Guide] <br> [https://www.epri.com/research/programs/112046/results/3002027427 Cyber Security Risk Assessment Methodology] <br> [https://www.epri.com/research/programs/112046/results/3002027428 Cyber Security Case Study in Digital Overspeed Protection Systems] <br> [https://www.epri.com/research/programs/112046/results/3002027921 Cyber Security Operations Security (OPSEC) Awareness Posters] <br> [https://www.epri.com/research/programs/112046/results/3002027981 Duke Energy Optimizes Cyber Security for Generation Fleet] | ||
|- | |- | ||
| Program Development | | Program Development | ||
| | | | ||
| | | [https://www.epri.com/research/programs/112046/results/3002012752 Cyber Security Technical Assessment Methodology: Risk Informed Exploit Sequence Identification and Mitigation, Revision 1] <br> [https://www.epri.com/research/programs/112046/results/3002016128 Transient Cyber Assets (TCAs) and Removable Media Process Guidance: Generation Cyber Security] <br> [https://www.epri.com/research/programs/112046/results/3002018753 Risk-Informed Cyber Security Program Guide for Electric Generation Facilities: Generation Cyber Security] <br> [https://www.epri.com/research/programs/112046/results/3002019699 Developing a Tamper Indicating Device (TID) Program for Cyber-Physical Security] <br> [https://www.epri.com/research/programs/112046/results/3002023339 Cyber-Security Assessment Lessons Learned in Generation] <br> [https://www.epri.com/research/programs/112046/results/3002027981 Duke Energy Optimizes Cyber Security for Generation Fleet] | ||
|- | |- | ||
| Workforce Development | | Workforce Development | ||
| | | | ||
| | | [https://www.epri.com/research/programs/112046/results/3002011188 Patch Management Guideline CBT] <br> [https://www.epri.com/research/programs/112046/results/3002011545 Secure Interactive Remote Access in Power Generation Facilities v1.0] <br> [https://www.epri.com/research/programs/112046/results/3002011991 Guideline on Digital I&C Configuration Management and Hardening for Generation Facilities Computer Based Technology Transfer Modules] <br> [https://www.epri.com/research/programs/112046/results/3002014270 Incident Response Guidance: Generation Cyber Security] <br> [https://www.epri.com/research/programs/112046/results/3002014785 Access Control and Permission Management: Generation Cyber Security] <br> [https://www.epri.com/research/programs/112046/results/3002014786 Guideline on Cyber Security Scanning for Generation Plant Control Systems] <br> [https://www.epri.com/research/programs/112046/results/3002015262 Transient Cyber Assets and Removable Media Guideline] <br> [https://www.epri.com/research/programs/112046/results/3002016907 Technical Assessment Methodology (TAM) Revision 1] <br> [https://www.epri.com/research/programs/112046/results/3002017753 Developing a Cyber Security Culture in the Operational Technology (OT) Environment] <br> [https://www.epri.com/research/programs/112046/results/3002021173 Operations Security (OPSEC) Program Development Guide] <br> [https://www.epri.com/research/programs/112046/results/3002027495 Generation Cyber Security: Workforce Development] <br> [https://www.epri.com/research/programs/112046/results/3002027921 Cyber Security Operations Security (OPSEC) Awareness Posters] | ||
|- | |- | ||
| Supply Chain | | Supply Chain | ||
| | | | ||
| | | [https://www.epri.com/research/programs/112046/results/3002012753 Cyber Security in the Supply Chain: Cyber Security Procurement Methodology, Revision 2] <br> [https://www.epri.com/research/programs/112046/results/3002015402 Understanding Vendor Cyber Security Certifications] <br> [https://www.epri.com/research/programs/112046/results/3002021184 Hydro Power DCS Upgrade Cyber Security Assessment] <br> [https://www.epri.com/research/programs/112046/results/3002027429 Cyber Security Procurement Topical Guide] | ||
|- | |- | ||
! colspan="3" | Protection | ! colspan="3" | Protection | ||
Revision as of 18:48, 25 September 2024
Welcome to the EPRI Cyber Security for Generation Assets CyberWiki
Welcome to the main page of the Electric Power Research Institute's CyberWiki, a wiki-style hub for cyber security research at EPRI, with a focus on operational technology in power generation. CyberWiki was built using the MediaWiki engine to be an extensible and dynamic educational and knowledge dissemination tool. It supplements the published content that is accessible through the EPRI website, or through each program's cockpit, by providing a flexible, web-based content delivery solution for projects that can benefit from the ability to easily update and add content as a project progresses. EPRI members can log in to access additional content through the EPRI Cyber Security for Generation Assets homepage.
Overview
ERPI’s Cyber Security for Generation Assets Program (P209) performed research and development to improve the security, safety, and resiliency of power generation facilities. The program addresses strategic focus areas including:
- Protection Technologies, Tools, and Guides
- Detection Technologies, Tools, and Guides
- Response and Recovery Technologies, Tools, and Guides
- Emerging Technology Industry-specific technology use cases, guidance, Testing, and Development.
- Changing Threat Landscape Impacts to Power System Security
- Process and Integration, Regulatory Impacts, Workforce Development, Training, and GRC
- Industry Collaboration and Benchmarking
The CyberWiki also includes industry definitions, terms, standards, and regulations.
Summary of Key Topics and Resources
Here you will find a summary listing of resource areas and key topics. Published EPRI resources are listed by topic (separate login and access required). Resources that address multiple topics are listed multiple times.