Pacific Northwest National Laboratory is working with federal and private sector representatives to develop a cyber security self-assessment method (the Method) for use in the electric power industry. The Method will assist facility owners in identifying and characterizing cyber vulnerabilities, potential adverse consequences, cyber security risk levels, and cost-effective protection and mitigation measures. The Method supports a comprehensive, expeditious assessment that can be integrated efficiently into normal business practices. Personnel in information systems, plant operations, and security all would contribute to the assessment. The risk assessment stage of the Method evaluates both external and internal threats. In the risk management stage, potential protection and mitigation measures are evaluated based on risk reduction; the costs of purchasing, installing, operating, and maintaining new protection and mitigation measures; and changes in the cost of doing business that may be associated with the implementation of new measures.
Revised: July 13, 2011 |
Published: November 15, 2003
Citation
Glantz C.S., R.B. Bass, J.R. Cash, G.A. Coles, A.J. Currie, D.J. Gower, and J.J. Heilman, et al. 2003.A Cyber Security Self-Assessment Method for Critical Infrastructure Protection. In Proceedings of the 2003 ASME International Mechanical Engineering Congress and Exposition, Nov 15-21 2003, Washington, DC. Engineering Technology Management - 2003: Safety Engineering and Risk Analysis, Technology and Society, Engineering Business Management, Homeland Security, 195-198. New York, New York:American Society of Mechanical Engineers.PNNL-SA-39260.