Electric Power Research Institute About Us
The Institute
Office Locations

2016 Corporate Social Responsibility Report

EPRI completed a full corporate social responsibility assessment in 2015 culminating in release of its first Corporate Social Responsibility report. The report (and companion video) provides a comprehensive look at EPRI's social responsibility culture and actions around four focus areas: community, employees, operations, and research.

Our Work Events Newsroom Careers EPRI Journal

Product Abstract

Cyber Security Procurement Methodology for Power Delivery Systems

Product ID:1026562
Date Published:31-Dec-2012
Sector Name:Power Delivery & Utilization - Distribution & Utilization
Document Type:Technical Results
Price:No Charge

This Product is publicly available

   829.18 KB - Adobe PDF (.pdf)


Determining how to apply cyber security requirements for new power delivery systems requires cyber security experts, power system engineers, and procurement organizations to work together with vendors to implement and maintain cyber security controls. Improper or incomplete implementation of controls due to lack of proper requirements and/or division of responsibilities between the utility and vendor can often result in costly backfit to meet requirements.

The Electric Power Research Institute (EPRI) has a project underway to develop procurement guidance to address this problem. Project research has shown that a standard set of cyber security requirements with a standard set of procurement specifications is not feasible for the multitude of equipment types, vendors, and use cases that exist. Therefore a methodology has been developed for determining the appropriate cyber security requirements for each use case as informed by a number of factors.

This Technical Update report is phase 2 of a three-phase ongoing EPRI cross sector project. Phase 2 includes development of a methodology for procuring digital I&C and power delivery systems with the necessary cyber security controls. This document is focused on the Power Delivery & Utilization (PDU) Sector and is based upon EPRI Technical Update 1025824, which describes a procurement methodology for the Generation/Nuclear (GEN/NUC) Sector.

Phase 1 included a GEN/NUC benchmarking study that was conducted prior to proceeding with any new guidance. A follow-on Phase-3 project is planned with completion in early 2013 to develop additional PDU guidance with sample procurement language, additional worked examples, and a complete mapping between major applicable regulations and guidelines.

Related Material
2012 Program 183   Cyber Security and Privacy
  • Cyber security guidance
  • Cyber security methodology
  • Cyber security procurement
  • Cyber security standards
  • Cyber assets

For further information about EPRI, call the EPRI Customer Assistance Center at (800) 313-3774 or email askepri@epri.com

 Having Trouble Downloading?

Internet Explorer Information Bar

If using Internet Explorer the browser automatically blocks downloads by default, instead displaying an "Information Bar" at the top or bottom of the page.

Click "Download File" on Information Bar if using Internet Explorer 8 or older. If using version 9, click “Save” button on Information Bar and then select “Open” once downloaded.

Pop-up blocker software

You can hold down the CTRL key when selecting Download to bypass your pop-up blocker.

You may also configure your pop-up blocker to allow EPRI.com to open new windows.

Recommended Software

EPRI recommends using the latest version of Adobe Reader for best performance.

 Support Services

EPRI Customer Assistance Center (CAC):
800-313-3774 or 650-855-2121 Option 4

Hours of Operation:
8:00 AM - 6:00 PM Eastern Time (GMT-5)

Order and Conference Center:
800-313-3774 or 650-855-2121 Option 2