Information Assurance Task Force

Electric Power Risk Assessment



 
 

TABLE OF CONTENTS

 

EXECUTIVE SUMMARY

1.0 INTRODUCTION

2.0 OVERVIEW OF POWER GENERATION AND DISTRIBUTION

    2.1 BACKGROUND
    2.2 OVERVIEW OF ELECTRIC POWER INDUSTRY
    2.3 OVERVIEW OF ELECTRIC POWER SYSTEMS
      2.3.1 Control Center
      2.3.2 Energy Management System
    2.4 INDUSTRY LEGISLATIVE ENVIRONMENT
    2.5 INDUSTRY TRENDS
    2.6 PREVIOUS STUDIES
3.0 THREAT
    3.1 PHYSICAL THREAT
    3.2 ELECTRONIC THREAT
      3.2.1 Insider Threat
      3.2.2 Outsider Threat
    3.3 THREAT CONCLUSIONS
4.0 DETERRENTS

5.0 VULNERABILITIES

    5.1 CONTROL CENTER VULNERABILITIES
      5.1.1 Corporate MIS
      5.1.2 Other Utilities and Power Pools
      5.1.3 Supporting Vendors
      5.1.4 Remote Maintenance and Administration
      5.1.5 Impacts
    5.2 SUBSTATION VULNERABILITIES
      5.2.1 Digital Programmable Devices
      5.2.2 Remote Terminal Units
    5.3 COMMUNICATIONS VULNERABILITIES
      5.3.1 Private Infrastructure Vulnerabilities
      5.3.2 Public Infrastructure Vulnerabilities
6.0 PROTECTION MEASURES

7.0 POTENTIAL IMPACTS

8.0 CONCLUSIONS

9.0 RECOMMENDATIONS

    9.1 RECOMMENDATIONS TO THE POWER INDUSTRY
      9.1.1 Awareness
      9.1.2 Information Sharing
      9.1.3 Mechanisms for Prevention, Detection, Response, and Restoration
    9.2 RECOMMENDATIONS TO THE PRESIDENT
      9.2.1 Awareness
      9.2.2 Information Sharing
      9.2.3 Mechanisms for Prevention, Detection, Response, and Restoration
    9.3 RECOMMENDATIONS TO THE NSTAC
      9.3.1 Awareness
      9.3.2 Information Sharing
      9.3.3 Mechanisms for Prevention, Detection, Response, and Restoration