NREL: Webinar Series Presents the Building Blocks of Cybersecurity

Ensuring cybersecurity for an electric utility requires a multifaceted approach. Networks must be hardened to prepare for future attacks, and cyber threat intelligence must be monitored for new vulnerabilities and the adversaries that could exploit them. It is also critical to train utility staff on how to avoid opening files that are potentially infected with malware, and leadership must assess which potential targets are most critical to continuity of operations.

A new series from the U.S. Agency for International Development (USAID) and the National Renewable Energy Laboratory (NREL), in collaboration with the Caribbean Electric Utility Services Corporation (CARILEC), breaks down these different requirements into user-friendly webinars presented by world-class experts. The goal of the “Power Sector Cybersecurity Building Blocks” series is to raise awareness about all aspects of security and help utilities develop a well-rounded cybersecurity program.

Why Building Blocks?

In a 2020 webinar, NREL cyber researcher Maurice Martin outlined the potential business impacts of an attack such as deleted data, theft of sensitive customer records, and ransomware costs. But, in addition, Martin explained, “utilities have to consider the cyber-physical consequences. By accessing devices that are controlled by computers, a hacker could introduce safety concerns, interrupt the delivery of electricity, or damage physical assets with a high cost to repair. … It is these consequences that make cybersecurity not just a business consideration but an issue of national interest.”

Developing a robust cybersecurity defense program is critical to enhancing grid security and power sector resilience. However, some utilities may struggle to identify all components needed for a well-rounded cybersecurity program. The USAID-NREL partnership published the recent report “Power Sector Cybersecurity Building Blocks” to identify 11 essential components of grid security, which form the basis of the webinar series.

Organizations in the early stages of developing cybersecurity plans and standards will likely get the most benefit from these webinars, given that they are grappling with the question of defining what a complete cyber program looks like, while more “cyber mature” organizations can use the building blocks to gain a fresh perspective and fill in gaps for their existing cyber programs.

This effort grows out of USAID and NREL’s discussions with utilities around the world and assessments of challenges faced by under-resourced utilities. Developed in collaboration with CARILEC, these webinars specifically address the critical infrastructure needs of the Caribbean based on input from electric utility staff in that region; however, the concepts are applicable to utilities and other types of organizations in all countries.

Register Now for the Next Webinar!

In the next webinar, on Sept. 22, cybersecurity experts will provide an overview of technical controls for operational technology networks. These security measures include firewalls, intrusion detection systems, and encryption that strengthen the operational security of an organization. The webinar will also examine real-world cybersecurity attacks on critical infrastructure.