Physical Security

Review a utility’s layered approach to physical security of the grid in our infographic.

Physical Security Essentials: A Public Power Primer describes best practices to mitigate physical security risks and provides guidance on conducting security assessments and gap analyses and implementing physical security measures. Order now on the Product Store.

Order webinar recordings
Webinar list coming soon.

Cybersecurity

Review the elements of a holistic cyber defense plan in our infographic. 

Join the member working group of cybersecurity subject matter experts to advise APPA on upcoming projects.

Cyber Security Essentials: A Public Power Primer provides an overview of cybersecurity issues affecting public power utilities, case studies, and recommendations to protect your utility from cyber attacks. Order now on the Product Store.

Order webinar recordings
Introduction to Utility Cybersecurity Challenges

Cyber Insurance Primer

Developing a Cybersecurity Plan

The Role of Join Action Agencies in Addressing Cybersecurity

Improving Cybersecurity Posture: Public Power Case Studies

Cyber Risk Preparedness Assessment

Utilizing Dashboards for Information Sharing & Cybersecurity Legislation

APPA's Cyber Resiliency and Security Program

Cyber and physical threats pose an ever-increasing threat to our businesses and communities. Public power utilities are in a unique position to lead to the transition to an increasingly resilient grid thanks to the talent and dedication in our community. APPA is committed to helping its members in this critical process, and has entered into a 3-year cooperative agreement with the U.S. Department of Energy, giving APPA access to up to $7.5 million to help create stronger, more secure systems.

More information about this program can be found in our Fact Sheet, complete Project Management Plan, or its accompanying Executive Summary.

Task 1.0 Advancing Cyber Resiliency and Security Assessments

  1. Conduct baseline assessments
  2. Define and categorize the specific demographics and capabilities of APPA member groups
  3. Develop Public Power Resilience and Security Maturity Model
  4. Develop targeted training opportunities
  5. Conduct technical workshops, exercises, and/or roundtable discussions
  6. Develop cyber resiliency and security-themed videos and/or presentation materials
  7. Explore procurement mechanisms

Task 2.0 Onsite Vulnerability Assessments

  1. Conduct assessments, surveys, and field-based fact-finding missions

 

 

Task 3.0 Extend and Integrate Technologies

  1. Evaluate and deploy existing technologies and subscription services for public power utilities
  2. Evaluate cyber risk information sharing and pre-commercial technology solutions at public power utilities
  3. Subscriptions to eReliability Tracker for small APPA utility members
  4. eReliability Tracker and Interruption Cost Estimate (ICE) Calculator integration

Task 4.0 Information Sharing

  1. Evaluate information sharing tools and technologies
  2. Evaluate Information Filtering Methodology
  3. Develop resources for APPA utility members to facilitate engagement with associated constituents and other key stakeholders
  4. Improve Information Assurance in Communications; Please find the Communications Information Assurance Assessment Questionnaire here.

Task 5.0 Project Management and Reporting

  1. Project Management Plan
  2. Quarterly Reports
  3. Continuation Application
  4. Annual Report
  5. Data Management Plan
  6. Prepare Materials for DOE Briefings

Additional Resources

Issue Briefs
APPA ensures that the lines of communication are open between public power utilities and the federal government so that we can collectively prepare and respond to cyber attacks. Read more in our June 2017 Issue Brief.

APPA supports enhanced dialogue between the industry and federal government on physical security threats and potential remediation, but does not support federal mandates in this area. Read more in our June 2017 Issue Brief.

The Cybersecurity Act of 2015 sets up policies and procedures for sharing cybersecurity threat information between the federal government and utilities. Read more about the provisions of the act.