A Cyber Security Roadmap to the 2030 Energy System

Posted to EPRI in the Digital Utility Group
Christine Hertzog's picture
Principal Technical Leader, Cyber Security Strategic Initiative Electric Power Research Institute

Christine Hertzog is a Principal Technical Leader focused on OT Cyber Security research at EPRI.  She conducts research on new technologies suitable for OT environments and informs industry...

  • Member since 2010
  • 286 items added with 154,971 views
  • Aug 23, 2021

EPRI is at the third and final stage of an ambitious, year-long collaborative effort to identify industry-wide drivers and requirements for the electricity subsector to optimize OT cyber security investments.  The first white paper titled Preparing for the 2030 Energy System: Why We Need a New Cyber Security Vision described metatrends and their impacts on OT cyber security and the need for intrinsic cyber security.  The simplest definition for intrinsic cyber security is that it is “baked in,” rather than “bolted on.”

Intrinsic OT cyber security can enhance and improve grid defenses against attack and overall grid resiliency.  Undoubtedly, it is an ambitious vision for electricity subsector stakeholders, but a vitally important one to strengthen the overall security of critical infrastructure.  To help develop that vision, EPRI’s second stage of this cyber security initiative engaged utility stakeholders in discussions that defined the future state for intrinsic OT cyber security.  These conclusions are documented in our latest white paper titled Cyber Security Vision for 2030

The third and final step is the development of an industry-wide roadmap to identify actions by and for electricity subsector stakeholders.  Led by EPRI cyber security experts, utilities, solution providers, and governmental entities will meet in a series of webcasts to develop a ten-year roadmap that describes the path forward to achieve intrinsic OT cyber security for utilities.  

This roadmap will identify meaningful stakeholder actions that enable cyber security to migrate to intrinsic security while accommodating legacy systems. Like the DOE’s “Roadmap to Achieve Energy Delivery Systems Cybersecurity” drove investments and priorities in the last decade, this roadmap will create an action plan for stakeholders to impact the next decade of security progress.

Roadmap development needs participation from all industry stakeholders, including utilities, vendors, regulators, standards development organizations (SDOs), federal and state agencies, industry associations, and integrators.  EPRI invites your participation to help ensure that this roadmap delivers a cohesive, collaborative, and technology-agnostic plan to achieve intrinsic cyber security for the future energy system.  Contact me for more information.

Founded in 1972, EPRI is the world's preeminent independent, non-profit energy research and development organization, with offices around the world.
Matt Chester's picture
Matt Chester on Aug 24, 2021

Cybersecurity seems to be extra challenging because the weakest link in a chain can compromise the entire system-- so no matter how robust one entity or stakeholder is in their practices, there's always the risk of penetration to the cybersecurity barrier somewhere else in the supply chain that puts them at risk. How does that change the conversation around energy system cybersecurity? 

Christine Hertzog's picture
Christine Hertzog on Aug 24, 2021

Hi Matt -  Thanks for your observation.  That dilemma is the reason EPRI's cyber security vision calls for intrinsic cyber security that is embedded into product design, development, deployment, and runtime.  The conversation has to change for stakeholders - cyber security is everyone's responsibility.

Christine Hertzog's picture
Thank Christine for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »