Implementation of Resilience via Operational Controls

s
Activity Leads: 
Industry Collaborators: 
  • Chevron
  • We are actively seeking additional industry partners. Contact Wm. Arthur Conklin for more details.
Summary Statement: 

Resiliency is an emergent property of a system. To achieve resiliency in a system requires specific elements in system design and operation. This activity looks at how operational controls that are used to achieve specific objectives such as security can be adapted and patterned by use into controls that also enable greater resiliency. Much like the top 20 security controls list, the objective is to determine and highlight how operational controls can enhance system resiliency.

Energy Delivery System (EDS) Gap Analysis: 

Cybersecurity is achieved through the employment of security controls. Operational resiliency will be achieved through operational measures. Developing the correct set of operational controls that facilitate both security and resiliency will enable energy companies to improve resiliency through normal operational elements.

Reference the research activity fact sheet (PDF) for an extended gap analysis and bibliography.

How does this research activity address the Roadmap to Achieve Energy Delivery Systems Cybersecurity?
This activity relates directly to objectives identified in the roadmap. Because resiliency is a foundational element behind many cybersecurity practices and is needed to achieve desired objectives, it is a foundational element involved in many aspects of the roadmap. Developing a better understanding of what constitutes actionable operational elements and how they relate to the development of system resiliency is a key step in achieving these desired objectives. Specifically, resiliency is involved in the following roadmap elements:

Strategy 1. Build a Culture of Security

1.4 Field-proven best practices for energy delivery systems security widely employed

1.5 Compelling business case developed for investment in energy delivery systems security

Strategy 2. Assess and Monitor Risk (all aspects)

Strategy 3. Develop and Implement New Protective Measures to Reduce Risk

3.1 Capabilities to evaluate the robustness and survivability of new platforms, systems, networks, architectures, policies, and other system changes commercially available

3.5 Capabilities that enable security solutions to continue operation during a cyber attack available as upgrades and built-in to new security solutions

More Information: 

Research Posters:

Status of Activity: 
Inactive