Cyber Security
About this risk area
The North American Bulk Electric System (BES) is highly automated, with computers and cyber assets controlling most functions of the planning and operations of the grid. As a critical infrastructure, essential for day-to-day life, our sector must remain vigilant in eliminating vulnerabilities and defend against potential cyber-attacks.
New technologies also present new cyber security risks, as the operational and technological environment is evolving significantly, increasing the risk and complexity of the cyber landscape. As an example, distributed energy resources place computer-controlled inverters in fields and other open areas. Similarly, dynamic line rating sensors are located on the span of transmission lines to provide accurate, real-time data on the ability of the line to carry power. In both cases, devices can be physically accessed, creating an additional vulnerability.
Cyber security risks are addressed through the North American Electric Reliability Corporation (NERC) CIP Standards with oversight from our audit and enforcement teams. NERC is considering additional updates to these standards to address emerging risks like cloud computing. We strive to learn from other industries regarding risks and threats they have experienced, and we work collaboratively with industry to encourage not just good cyber hygiene, but also best practices for classifying and protecting their cyber assets. We publish a CIP Themes Report, highlighting the themes we have seen through self-reports and audit findings with the goal of sharing mitigations to address these risks.
We have experienced cybersecurity experts that consult with industry to mitigate this risk. We tackle cyber security topics in newsletter articles such as The Lighthouse, workshops and webinars, and our committee work. We can also help answer questions and provide training on supply chain management, recovery, digital forensics, information protection, patch management, access controls, and more. If you are interested in working with us on identifying and mitigating cyber security threats to the grid, consider joining our Critical Infrastructure Protection Committee (CIPC).
Explore additional cyber security resources below.
- DOE/CESER – Rural and Municipal Utility Advanced Cybersecurity Grand and Technical Assistance (RMUC) Program (including free cybersecurity training)
- NARUC – Cybersecurity baselines for electric distribution systems and distributed energy resources
- NERC – Project 2023-09 Risk Management for Third-Party Cloud Services
- NERC – Project 2023-03 Internal Network Security Monitoring (INSM)
- Reliability Issues Steering Committee – 2023 ERO Reliability Risk Priorities Report
- NERC 2023 State of Reliability
- SERC 2022-2023 Regional Risk Report
- NIST SP 800-82 – Guide to Operational Technology (OT) Security