PNNL

Abstract

Protecting hydroelectric plants from incidents that adversely impact their cyber-physical systems presents unique challenges due to the plants’ widely dispersed geographic locations and varied configurations as well as the relative nascent nature of the cyberattacks targeting these facilities. To help hydroelectric plants better respond to and mitigate cybersecurity incidents, this Department of Energy Water Power Technologies Office Navigator aligns the processes within the National Institute of Standards 800-61r2 Computer Security Incident Handling Guide with the emergency actions within the FEMA 64 Emergency Action Plan Framework. This work is to be used at a hydroelectric plant to quickly understand how the plant responds to a cyber incident in relationship to the actions involved in an emergency action plan involving a hydroelectric plant. In addition to this product, there are three other products meant to be distributed to a hydroelectric plant to assist in their cyber incident response and recovery. The first, a report on the processes of building a R&R flip book based on a large set of existing guidance. The second, a handy flip book meant to be distributed to hydroelectric plants to assist them during a cybersecurity incident occurring on a hydroelectic plant. And the third is a comprehensive set of resources to assist an operator in locating appropriate guidance during the recovery process. .