Skip to main content

Cyber Security

Go Search
Cyber Security

NRECA/Cooperative Research Network (CRN) Regional Smart Grid Demonstration

A Guide to Developing a Cyber Security and Risk Mitigation Plan

The Cooperative Research Network has developed a set of tools that together comprise the “Guide to Developing a Cyber Security and Risk Mitigation Plan.” Using these tools cooperatives (and other utilities) can start immediately to strengthen their security posture and chart a path of continuous improvement. All co-ops participating in NRECA’s Regional Smart Grid Demonstration are using these tools to develop a smart grid cyber security plan.

In 2009, Congress tasked the Department of Energy with administering a Stimulus-funded grants program to spur investments in “smartening” the grid and enhancing security. The development and dissemination of the Guide is a product of that effort.

  1. A Guide to Developing a Cyber Security and Risk Mitigation Plan. As part of the CRN Regional Smart Grid Demonstration, CRN created a guide to enhance security at the co-ops participating in the demonstration as they acquire and deploy grid components and technologies. Written for co-ops participating in the demonstration, the Guide can be used by any utility.
  2. Cyber Security Risk Mitigation Checklist. A list of activities/security controls necessary to implement a cyber security plan, with rationales.
  3. Cyber Security Plan Template. Co-ops can use this form to create their own cyber security plan.
  4. Security Questions for Smart Grid Vendors. CRN is encouraging co-ops to include these questions in their RFPs for smart grid components. The questions are designed to facilitate a frank and open dialogue on cyber security with those who make and sell components.
  5. Interoperability and Cyber Security Plan. The Interoperability and Cyber Security Plan (ICSP) was the first deliverable produced for the Department of Energy, funded by the matching grant. The ICSP examines risk management, identification of critical cyber assets, electronic security perimeters among other issues.