Swift Cyber Risk Management

Southern Company Uses EPRI Methodology to Create More Regular, Timely Assessments

Southern Company, in collaboration with EPRI, reduced from seven weeks to one week the time needed to assess and prioritize cybersecurity risks.

With the profusion of digital communications, technologies, and devices in electric power systems come many new cybersecurity risks and threats to the power supply. To help utilities assess vulnerabilities and manage risks with available resources, EPRI developed a risk-assessment methodology to identify cybersecurity vulnerabilities with potential grid impacts, prioritize appropriate mitigation activities, and provide management with cybersecurity status.

Southern Company has refined and applied the methodology to assess numerous control and data acquisition systems in its transmission and distribution grids. The methodology enables the utility to repeat the analysis regularly as technologies and vulnerabilities change. Southern Company also developed a tool that can present the results in an easily understandable format to support effective mitigation decisions. The utility received a 2014 EPRI Technology Transfer Award for this work.

EPRI is working with utilities to build a database with security guidance from key industry cybersecurity documents, making it easier for them to search and report on risk assessment.

---