Welcome to the EPRI Cyber Security for Generation Assets CyberWiki
Welcome to the main page of the Electric Power Research Institute's CyberWiki, a wiki-style hub for cyber security research at EPRI, with a focus on operational technology in power generation. CyberWiki was built using the MediaWiki engine to be an extensible and dynamic educational and knowledge dissemination tool. It supplements the published content that is accessible through the EPRI website, or through each program's cockpit, by providing a flexible, web-based content delivery solution for projects that can benefit from the ability to easily update and add content as a project progresses. EPRI members can log in to access additional content through the EPRI Cyber Security for Generation Assets homepage.
Overview
ERPI’s Cyber Security for Generation Assets Program (P209) performed research and development to improve the security, safety, and resiliency of power generation facilities. The program addresses strategic focus areas including:
- Protection Technologies, Tools, and Guides
- Detection Technologies, Tools, and Guides
- Response and Recovery Technologies, Tools, and Guides
- Emerging Technology Industry-specific technology use cases, guidance, Testing, and Development.
- Changing Threat Landscape Impacts to Power System Security
- Process and Integration, Regulatory Impacts, Workforce Development, Training, and GRC
- Industry Collaboration and Benchmarking
The CyberWiki also includes industry definitions, terms, standards, and regulations.
Summary of Key Topics and Resources
Here you will find a summary listing of resource areas and key topics. Published EPRI resources are listed by topic (separate login and access required). Resources that address multiple topics are listed multiple times.
| Topic
|
Description
|
Resources
|
| Changing Threat Landscape
|
Cyber security threats evolve and impacts strategy, OT technology, and defensive tools.
|
Recent Russian Cyber Campaign Targeting the Electric Sector
Changing Threat Landscape Study Report
Awareness of Nation State Cyber Activity Targeting Critical Infrastructure
2020 OT Cyber Security Trends for Electric Utilities
Critical Infrastructure Interdependencies on Generation Capacity
Operational Technology (OT) Network Segmentation and Micro-Segmentation Strategies
|
| Industry Standards and Regulation
|
Cyber security focusses on risk reduction. Regulatory standards mandate minimum expectations. Multiple security standards and framework are used worldwide and can align strategies with common terms and expectations. Research guides typically include sections relating to relevant standards and regulations by topic.
|
CyberWiki Standards and Regulation Listing
|
| Definitions and Terms
|
|
CyberWiki Terms Library
NIST Glossary (External)
NERC Published Glossary of Terms (External)
ISC2 CISSP Student Guide Glossary (External)
|
| Process and Integration
|
| Governance, Risk, and Compliance
|
Governance, Risk, and Compliance (GRC) addresses….
|
Cyber Security Technical Assessment Methodology
ConEd and Duke Energy Evaluate Cyber Security with Technical Assessment Methodology
Asset Management and Baseline Configuration for Generation and Renewable Assets
Risk-Informed Cyber Security Program Guide for Electric Generation Facilities
Fossil Power Plant Cyber Security Life-Cycle Risk Reduction
Operations Security (OPSEC) Program Development Guide
Cyber Security Risk Assessment Methodology
Cyber Security Case Study in Digital Overspeed Protection Systems
Cyber Security Operations Security (OPSEC) Awareness Posters
Duke Energy Optimizes Cyber Security for Generation Fleet
|
| Program Development
|
|
Cyber Security Technical Assessment Methodology: Risk Informed Exploit Sequence Identification and Mitigation, Revision 1
Transient Cyber Assets (TCAs) and Removable Media Process Guidance: Generation Cyber Security
Risk-Informed Cyber Security Program Guide for Electric Generation Facilities: Generation Cyber Security
Developing a Tamper Indicating Device (TID) Program for Cyber-Physical Security
Cyber-Security Assessment Lessons Learned in Generation
Duke Energy Optimizes Cyber Security for Generation Fleet
|
| Workforce Development
|
|
Patch Management Guideline CBT
Secure Interactive Remote Access in Power Generation Facilities v1.0
Guideline on Digital I&C Configuration Management and Hardening for Generation Facilities Computer Based Technology Transfer Modules
Incident Response Guidance: Generation Cyber Security
Access Control and Permission Management: Generation Cyber Security
Guideline on Cyber Security Scanning for Generation Plant Control Systems
Transient Cyber Assets and Removable Media Guideline
Technical Assessment Methodology (TAM) Revision 1
Developing a Cyber Security Culture in the Operational Technology (OT) Environment
Operations Security (OPSEC) Program Development Guide
Generation Cyber Security: Workforce Development
Cyber Security Operations Security (OPSEC) Awareness Posters
|
| Supply Chain
|
|
Cyber Security in the Supply Chain: Cyber Security Procurement Methodology, Revision 2
Understanding Vendor Cyber Security Certifications
Hydro Power DCS Upgrade Cyber Security Assessment
Cyber Security Procurement Topical Guide
|
| Protection
|
| Security Architectures and Segmentation
|
|
|
| Vulnerability Management
|
|
|
| Hardening
|
|
|
| Secure Remote Access
|
|
|
| Transient Cyber Assets and Removable Media
|
|
|
| Identity and Access Management
|
|
|
| Detection
|
| Real-Time Detection
|
|
|
| Scanning
|
|
|
| Security Event Monitoring
|
|
|
| Response and Recovery
|
| Incident Response Program
|
|
|
| Incident Response Playbooks
|
|
|
| Disaster Recovery Plans
|
|
|
| Scenarios and Training
|
|
|
| Backup and Recovery
|
|
|
| Security Operations and Incident Classification
|
|
|
| Technology and Use Cases
|
| Wireless Technology in Generation
|
|
|
| IIOT, IOT, and Industry 4.0
|
|
|
| Digital Worker
|
|
|
| Artificial Intelligence
|
|
|
| Quantum Computing
|
|
|
| Software Bill of Materials
|
|
|
| Control System Case Studies
|
|
|
| Technical Assessment Methodology Case Studies
|
|
|