Cyber Security Risk Management in Practice: Comparative Analyses Tables (co-author)
Utilities are assessing various federal guidelines that are applicable to cyber security for the electric sector—a significant task requiring all new guidance. This report is a companion document to EPRI technical update 3002003333, Risk Management in Practice—A Guide for the Electric Sector, and EPRI technical update 3002003332, Security Posture Using the Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2). The focus of this technical update is to provide guidance on the various cyber security regulations, guidelines, and specifications that may be applicable to the electric sector. This update is not intended to provide new guidance but rather to present information on how to navigate and relate the diverse existing guidance that is applicable to the electric sector. To this end, several additional comparative analyses tables referenced in the other two documents will serve as a roadmap for utilities to use in understanding and applying the cyber security guidance. Information in the various tables will also help utilities implement their own cyber security programs and perform cyber security risk management activities, including risk and maturity assessments.