Cyber Wiki: Difference between revisions
Jump to navigation
Jump to search
| Line 25: | Line 25: | ||
| Cyber security threats evolve and impacts strategy, OT technology, and defensive tools. | | Cyber security threats evolve and impacts strategy, OT technology, and defensive tools. | ||
| [http://espn.com Title of R&D with Link] <br> [https://google.com R&D Title EPSN] | | [http://espn.com Title of R&D with Link] <br> [https://google.com R&D Title EPSN] | ||
|- | |||
| Industry Standards and Regulation | |||
| Cyber security focusses on risk reduction. Regulatory standards mandate minimum expectations. Multiple security standards and framework are used worldwide and can align strategies with common terms and expectations. | |||
| [https://weather.com Title of R&D Link] <br> [https://cnn.com Title of R&D Link] | |||
|- | |||
| Definitions and Terms | |||
| | |||
| | |||
|- | |||
! colspan="3" | Process and Integration | |||
|- | |||
| Governance, Risk, and Compliance | |||
| Governance, Risk, and Compliance (GRC) addresses…. | |||
| | |||
|- | |||
| Program Development | |||
| | |||
| | |||
|- | |||
| Workforce Development | |||
| | |||
| | |||
|- | |||
| Supply Chain | |||
| | |||
| | |||
|- | |||
! colspan="3" | Protection | |||
|- | |||
| Security Architectures and Segmentation | |||
| | |||
| | |||
|- | |||
| Vulnerability Management | |||
| | |||
| | |||
|- | |||
| Hardening | |||
| | |||
| | |||
|- | |||
| Secure Remote Access | |||
| | |||
| | |||
|- | |||
| Transient Cyber Assets and Removable Media | |||
| | |||
| | |||
|- | |||
| Identity and Access Management | |||
| | |||
| | |||
|- | |||
! colspan="3" | Detection | |||
|- | |||
| Real-Time Detection | |||
| | |||
| | |||
|- | |||
| Scanning | |||
| | |||
| | |||
|- | |||
| Security Event Monitoring | |||
| | |||
| | |||
|- | |||
! colspan="3" | Response and Recovery | |||
|- | |||
| Incident Response Program | |||
| | |||
| | |||
|- | |||
| Incident Response Playbooks | |||
| | |||
| | |||
|- | |||
| Disaster Recovery Plans | |||
| | |||
| | |||
|- | |||
| Scenarios and Training | |||
| | |||
| | |||
|- | |||
| Backup and Recovery | |||
| | |||
| | |||
|- | |||
| Security Operations and Incident Classification | |||
| | |||
| | |||
|- | |||
! colspan="3" | Technology and Use Cases | |||
|- | |||
| Wireless Technology in Generation | |||
| | |||
| | |||
|- | |||
| IIOT, IOT, and Industry 4.0 | |||
| | |||
| | |||
|- | |||
| Digital Worker | |||
| | |||
| | |||
|- | |||
| Artificial Intelligence | |||
| | |||
| | |||
|- | |||
| Quantum Computing | |||
| | |||
| | |||
|- | |||
| Software Bill of Materials | |||
| | |||
| | |||
|- | |||
| Control System Case Studies | |||
| | |||
| | |||
|- | |||
| Technical Assessment Methodology Case Studies | |||
| | |||
| | |||
|} | |||
{| class="wikitable" | |||
! Topic | |||
! Description | |||
! Resources | |||
|- | |||
| Changing Threat Landscape | |||
| Cyber security threats evolve and impacts strategy, OT technology, and defensive tools. | |||
| [https://www.epri.com/research/programs/112046/results/3002014312 Quick Brief: Recent Russian Cyber Campaign Targeting the Electric Sector] <br> [https://www.epri.com/research/programs/112046/results/3002015259 Changing Threat Landscape Study Report: Generation Cyber Security—Trends Across Cyber Security Incidents at Industrial Facilities] <br> [https://www.epri.com/research/programs/112046/results/3002017849 Quick Brief: Awareness of Nation State Cyber Activity Targeting Critical Infrastructure] <br> [https://www.epri.com/research/programs/112046/results/3002017864 2020 OT Cyber Security Trends for Electric Utilities] <br> [https://www.epri.com/research/programs/112046/results/3002022287 Quick Brief: Critical Infrastructure Interdependencies on Generation Capacity—Managing Risk] <br> [https://www.epri.com/research/programs/112046/results/3002025919 Operational Technology (OT) Network Segmentation and Micro-Segmentation Strategies: An Evaluation of Segmentation Strategies in Generation Environments] | |||
|- | |- | ||
| Industry Standards and Regulation | | Industry Standards and Regulation | ||
Revision as of 18:10, 25 September 2024
Welcome to the EPRI Cyber Security for Generation Assets CyberWiki
Welcome to the main page of the Electric Power Research Institute's CyberWiki, a wiki-style hub for cyber security research at EPRI, with a focus on operational technology in power generation. CyberWiki was built using the MediaWiki engine to be an extensible and dynamic educational and knowledge dissemination tool. It supplements the published content that is accessible through the EPRI website, or through each program's cockpit, by providing a flexible, web-based content delivery solution for projects that can benefit from the ability to easily update and add content as a project progresses. EPRI members can log in to access additional content through the EPRI Cyber Security for Generation Assets homepage.
Overview
ERPI’s Cyber Security for Generation Assets Program (P209) performed research and development to improve the security, safety, and resiliency of power generation facilities. The program addresses strategic focus areas including:
- Protection Technologies, Tools, and Guides
- Detection Technologies, Tools, and Guides
- Response and Recovery Technologies, Tools, and Guides
- Emerging Technology Industry-specific technology use cases, guidance, Testing, and Development.
- Changing Threat Landscape Impacts to Power System Security
- Process and Integration, Regulatory Impacts, Workforce Development, Training, and GRC
- Industry Collaboration and Benchmarking
The CyberWiki also includes industry definitions, terms, standards, and regulations.
Summary of Key Topics and Resources
Here you will find a summary listing of resource areas and key topics. Published EPRI resources are listed by topic (separate login and access required). Executive summaries and key facts and considerations are linked.
| Topic | Description | Resources |
|---|---|---|
| Changing Threat Landscape | Cyber security threats evolve and impacts strategy, OT technology, and defensive tools. | Title of R&D with Link R&D Title EPSN |
| Industry Standards and Regulation | Cyber security focusses on risk reduction. Regulatory standards mandate minimum expectations. Multiple security standards and framework are used worldwide and can align strategies with common terms and expectations. | Title of R&D Link Title of R&D Link |
| Definitions and Terms | ||
| Process and Integration | ||
| Governance, Risk, and Compliance | Governance, Risk, and Compliance (GRC) addresses…. | |
| Program Development | ||
| Workforce Development | ||
| Supply Chain | ||
| Protection | ||
| Security Architectures and Segmentation | ||
| Vulnerability Management | ||
| Hardening | ||
| Secure Remote Access | ||
| Transient Cyber Assets and Removable Media | ||
| Identity and Access Management | ||
| Detection | ||
| Real-Time Detection | ||
| Scanning | ||
| Security Event Monitoring | ||
| Response and Recovery | ||
| Incident Response Program | ||
| Incident Response Playbooks | ||
| Disaster Recovery Plans | ||
| Scenarios and Training | ||
| Backup and Recovery | ||
| Security Operations and Incident Classification | ||
| Technology and Use Cases | ||
| Wireless Technology in Generation | ||
| IIOT, IOT, and Industry 4.0 | ||
| Digital Worker | ||
| Artificial Intelligence | ||
| Quantum Computing | ||
| Software Bill of Materials | ||
| Control System Case Studies | ||
| Technical Assessment Methodology Case Studies | ||
| Topic | Description | Resources |
|---|---|---|
| Changing Threat Landscape | Cyber security threats evolve and impacts strategy, OT technology, and defensive tools. | Quick Brief: Recent Russian Cyber Campaign Targeting the Electric Sector Changing Threat Landscape Study Report: Generation Cyber Security—Trends Across Cyber Security Incidents at Industrial Facilities Quick Brief: Awareness of Nation State Cyber Activity Targeting Critical Infrastructure 2020 OT Cyber Security Trends for Electric Utilities Quick Brief: Critical Infrastructure Interdependencies on Generation Capacity—Managing Risk Operational Technology (OT) Network Segmentation and Micro-Segmentation Strategies: An Evaluation of Segmentation Strategies in Generation Environments |
| Industry Standards and Regulation | Cyber security focusses on risk reduction. Regulatory standards mandate minimum expectations. Multiple security standards and framework are used worldwide and can align strategies with common terms and expectations. | Title of R&D Link Title of R&D Link |
| Definitions and Terms | ||
| Process and Integration | ||
| Governance, Risk, and Compliance | Governance, Risk, and Compliance (GRC) addresses…. | |
| Program Development | ||
| Workforce Development | ||
| Supply Chain | ||
| Protection | ||
| Security Architectures and Segmentation | ||
| Vulnerability Management | ||
| Hardening | ||
| Secure Remote Access | ||
| Transient Cyber Assets and Removable Media | ||
| Identity and Access Management | ||
| Detection | ||
| Real-Time Detection | ||
| Scanning | ||
| Security Event Monitoring | ||
| Response and Recovery | ||
| Incident Response Program | ||
| Incident Response Playbooks | ||
| Disaster Recovery Plans | ||
| Scenarios and Training | ||
| Backup and Recovery | ||
| Security Operations and Incident Classification | ||
| Technology and Use Cases | ||
| Wireless Technology in Generation | ||
| IIOT, IOT, and Industry 4.0 | ||
| Digital Worker | ||
| Artificial Intelligence | ||
| Quantum Computing | ||
| Software Bill of Materials | ||
| Control System Case Studies | ||
| Technical Assessment Methodology Case Studies | ||