Sector Name:Power Delivery & Utilization - Distribution & Utilization
Document Type:Technical Results
This Product is publicly available
Currently, the nation’s power system consists of both legacy and next-generation technologies. This includes devices that may be 30–50 years old, include no cyber security controls, and implement proprietary communication protocols and applications. Many of these legacy devices have significant computing and performance constraints that limit the cyber security controls that may be implemented. In contrast, the new technology may include modern information technology (IT) devices with commercially available applications and communication protocols. The new operations technology (OT) devices may also include commercially available applications and communications.
With this change in technology, utilities are exploring methods to better address the cyber security requirements. This includes prioritizing the systems, performing a cyber security risk assessment, and determining the impacts of a cyber security compromise. These activities are part of a cyber security strategy.
Another component of the cyber security strategy is a cyber security architecture. Currently, utilities have enterprise architecture diagrams, but they have not typically developed a security architecture.
This report includes a methodology for developing a security architecture that leverages existing architecture methodologies.
For further information about EPRI, call the EPRI Customer Assistance Center at (800) 313-3774 or email firstname.lastname@example.org