Here's exactly how a cyberattack will bring down your utility

The National Electric Sector Cybersecurity Organization Resource (NESCOR) has published three cyber security failure scenario and impact analyses documents for the electric sector. NESCOR is a Department of Energy-funded public-private partnership that is led by Electric Power Research Institute (EPRI). A cybersecurity failure scenario is a realistic event in which the failure to maintain confidentiality, integrity, and/or availability of sector cyber assets creates a negative impact on the generation, transmission, and/or delivery of power.

These documents include:

• How a utility may use the documents
• Identification of threat agents
• Criteria, methods, and results of prioritization of the failure scenarios
• A list of failure scenarios using common terminology for mitigations
• An analysis of the frequency of use of common mitigations to identify the greatest potential for benefit across multiple scenarios
• Here are some key takeaways from these documents:
• The information about potential cyber security failure scenarios is intended to be useful to utilities for risk assessment, planning, procurement, training, tabletop exercises and security testing.
• The failure scenarios were developed and revised based on input from many utilities – to ensure the content was realistic.
• The list of common mitigations may be used by utilities as they assess the cyber security of their control systems.