Integrating Electricity Subsector Failure Scenarios into a Risk Assessment Methodology (co-author)

The purpose of this report is to specify a risk assessment process that may be used by utilities. Included are high-level diagrams that illustrate the risk assessment process at the security requirements and security-control-selection stages, as well as for ongoing assessment and for assessing emerging changes. These are generic high-level diagrams based on commonly available reference documents. A second objective of this report is to illustrate how to use the content of the National Electric Sector Cybersecurity Organization Resource (NESCOR) cyber security failure scenarios and impact analyses document in the risk assessment process. A cyber security failure scenario is a realistic event in which the failure to maintain confidentiality, integrity, and/or availability of sector cyber assets creates a negative impact on the generation, transmission, and/or distribution of power.