On September 14, 2020, FERC, NERC, and NERC Regional Entities staff (collectively, “joint staff”) published a Cyber Planning for Response and Recovery Study (CYPRES) Report that discusses utility approaches to protecting their networks against cyber security incidents by way of their incident response and recovery plans. Subject matter experts from the joint staff relied upon the National Institute of Standards and Technology (NIST) Special Publication 800-61 Rev.2, Computer Security Incident Handling Guide Recommendations, as a reference tool for how to respond to incidents effectively.
After a series of site visits and interviews of employees at electric utilities of various sizes and bulk electric system responsibilities, along with varying cyber infrastructure designs, the joint staff made some key observations. While the CYPRES Report confirms there is no “one size fits all” approach to preparing and responding to cyber incidents, it does illuminate common areas where entities can effectively focus their response efforts. First, in order to prepare for a cybersecurity event, personnel should have up-to-date training, well-defined roles, and the authority to take quick, decisive action. Second, utilities should institute and maintain a constant baseline that enables personnel to detect deviations in network operations. Third, utilities must realize the full range of consequences when implementing a containment and eradication strategy. Personnel should continue to analyze each cyber event to determine its scope of impact, while keeping in mind that ongoing inquiry could continue for an indefinite length of time. Finally, utilities should simulate cyber incidents, as a way of improving their IRR plans and to better account for lessons learned.
FERC published the CYPRES Report
and issued a news release
For more information, please contact Kristen Connolly McCullough
, Lisa Gast
, and Sean Neal