Application of Cyber Resilience Review to an Electricity Company

Abstract

The functioning of a modern society is based on the cooperation of several critical infrastructures, whose joint efficiency depends increasingly on a reliable national electric power system. Reliability is based on the functional data transmission networks of the organizations belonging to the electric power system. Furthermore, reliability is linked to the confidentiality, integrity and availability of system data in the operational environment, whose cyber security risks are continuously augmented by the threatening scenarios of the digital world. In Finland, the electricity generation is in various ways distributed, which contributes to the reliability of the electric power system. There are about 120 electricity generation companies and about 400 power plants nationally, in which the electricity is produced using various production methods. The control of electric power system’s operational processes is highly automated and networked. The major contribution of the paper is to apply the cyber resilience review to a single electricity company. The basis is in SWOT analysis, which is used for analyzing and that way for bettering the cyber security level of an organization. However, there is not such as perfect security. Security is based on trust, which can be developed with the help of preparedness planning. Resilience review can be seen as preparedness planning that also enables contingency planning. Resilience metrics framework proposed by Linkov et al. is utilized by applying the resilience measures to the organization’s operational processes. In addition, open source intelligence and organization’s operating networks are used for collecting significant security information and that way for updating the preparedness plan, i.e. resilience plan. In order to put the resilience plan into practice, the leadership of an organization must regard resilience measures related to cyber security as a strategic goal and communicate to their staff the importance of contingency planning in achieving the goals. As a result, the cyber security management of an electricity company is improved.