Mitigation Categories for Cybersecurity Controls [1]

 

Category

Description

Power System Examples

Cyber Examples

Before Failure or Attack

Protection against a failure or attack

Active measures used in normal circumstances that are designed to prevent an attack

Erect substation fence; limit access to control center; validate data entry; deploy redundant equipment; perform contingency analysis studies; train personnel adequately

Isolate networks; require strong passwords; use role-based access control; encrypt messages; disable unneeded ports/services; validate patches before implementing them

Deterrence to a failure or attack

Preparing for a possible failure or discouraging someone from engaging in an attack

Develop emergency operations plans; test emergency plans periodically; display signs indicating danger or private property; warn of legal actions; deploy CCTV cameras; change system settings for storms or other natural disasters; test new software and systems

Develop emergency network plans; display warnings when applications or data are modified; require legal acceptance when installing software

During Failure or Attack

Detection of a failure or attack

Identifying a failure or attack and notifying appropriate entities

Monitor power system status and measurements; enter events in event log; alarm operators; initiate cellphone call to on-duty person; provide quality flags for monitored data

Detect intrusions;  check signatures; scan for viruses; monitor network configurations; alarm security personnel

Response to a failure or attack

Stopping the spread of the failure or attack by using emergency measures

Trip breakers; shed load; isolate microgrids

Shut down network; turn off computer; isolate network

Coping during a failure or attack

Initiating additional activities to mitigate the impact

Switch to backup systems; reconfigure feeders; start additional generation

 Start manual activities to replace automated activities

After Failure or Attack

Recovery from a failure or attack

Restoring to normal operations after a failure has be corrected or an attack has been stopped

Test all failed or compromised power equipment; restore power; switch to primary systems; return to normal operations

Test all systems and networks; reconnect isolated networks and systems;

Audit and legal actions to a failure or attack

Assessing the nature and consequences of a failure or attack

Analyze audit logs and other records

Debrief and post-mortem analysis; system re-configuration; policy changes



1. Derived from ASAP-SG: Security Profile for Distribution Management, Version 0.92