Fossil Power Plant Cyber Security Life-Cycle Risk Reduction, A Practical Framework for Implementation
- Electric Power Research Inst. (EPRI), Knoxville, TN (United States)
- Southern Engineering Services, Aberdeen, NC (United States)
- Idaho National Lab. (INL), Idaho Falls, ID (United States)
Market conditions are forcing fossil electricity generation facility owners and operators to implement advanced digital technologies. These technologies enable efficiencies, operational flexibility, operations and maintenance efficiencies, and adapting to a transitioning workforce. These digital technologies, however, can increase the cybersecurity attack surface. The purpose of this research was to develop a holistic cybersecurity risk reduction framework for fossil generation facilities. The framework begins with assessing how cyber risk changes across facility life cycles, including plant, system, vendor, and business life cycles. The next phase performs consequence analysis to prioritize high consequence events. Focusing on high consequence events allows owners to use a graded, risk-informed approach to prioritize cybersecurity efforts. The final phase identifies the digital asset attack surface in sensors and instrumentation and control equipment. After the vulnerabilities are identified, the owner selects mitigating cybersecurity control measures (or countermeasures) based on the risk analysis from the previous phases. This report describes the current industry cybersecurity best practices in fossil generation that are based on the first principles for cybersecurity engineering. The report is divided into five sections that describe the implementation of the risk reduction framework and present identified research, methodological, and technology gaps that were identified through this course of research and development.
- Research Organization:
- Electric Power Research Institute, Palo Alto, CA (United States); Idaho National Lab. (INL), Idaho Falls, ID (United States); Southern Engineering Services, Aberdeen, NC (United States)
- Sponsoring Organization:
- USDOE Office of Fossil Energy (FE)
- DOE Contract Number:
- FE0031643
- OSTI ID:
- 1764035
- Report Number(s):
- DOE-FE-0031643-3002019700
- Country of Publication:
- United States
- Language:
- English
Similar Records
Fossil Power Plant Cyber Security Life-Cycle Risk Reduction: A Practical Framework for Implementation
Prioritizing ICS Beachhead Systems for Cyber Vulnerability Testing
Related Subjects
01 COAL, LIGNITE, AND PEAT
Attack surface analysis
Cybersecurity
Cybersecurity first principles
Cybersecurity risk reduction
Operational technology (OT)
Consequence-Driven Cyber-Informed Engineering
Cyber-Informed Engineering
CIE
CCE
Cybersecurity Resilience
Consequence-based Targeting
Energy Transition
Integrating Cybersecurity
Cyber Risk
Cyber Supply Chain Risk
Cyber-Resilience
Cyber
Cyber Threat and Vulnerability