Mitigation Categories for Cybersecurity Controls [1]
|
Category | Description | Power System Examples | Cyber Examples |
Before Failure or Attack |
Protection against a failure or attack |
Active measures used in normal circumstances that are designed to prevent an attack |
Erect substation fence; limit access to control center; validate data entry; deploy redundant equipment; perform contingency analysis studies; train personnel adequately |
Isolate networks; require strong passwords; use role-based access control; encrypt messages; disable unneeded ports/services; validate patches before implementing them |
Deterrence to a failure or attack |
Preparing for a possible failure or discouraging someone from engaging in an attack |
Develop emergency operations plans; test emergency plans periodically; display signs indicating danger or private property; warn of legal actions; deploy CCTV cameras; change system settings for storms or other natural disasters; test new software and systems |
Develop emergency network plans; display warnings when applications or data are modified; require legal acceptance when installing software |
|
During Failure or Attack |
Detection of a failure or attack |
Identifying a failure or attack and notifying appropriate entities |
Monitor power system status and measurements; enter events in event log; alarm operators; initiate cellphone call to on-duty person; provide quality flags for monitored data |
Detect intrusions; check signatures; scan for viruses; monitor network configurations; alarm security personnel |
Response to a failure or attack |
Stopping the spread of the failure or attack by using emergency measures |
Trip breakers; shed load; isolate microgrids |
Shut down network; turn off computer; isolate network |
|
Coping during a failure or attack |
Initiating additional activities to mitigate the impact |
Switch to backup systems; reconfigure feeders; start additional generation |
Start manual activities to replace automated activities |
|
After Failure or Attack |
Recovery from a failure or attack |
Restoring to normal operations after a failure has be corrected or an attack has been stopped |
Test all failed or compromised power equipment; restore power; switch to primary systems; return to normal operations |
Test all systems and networks; reconnect isolated networks and systems; |
Audit and legal actions to a failure or attack |
Assessing the nature and consequences of a failure or attack |
Analyze audit logs and other records |
Debrief and post-mortem analysis; system re-configuration; policy changes |
1. Derived from ASAP-SG: Security Profile for Distribution Management, Version 0.92