Cyber & Physical Security Resources

Cyber and physical security preparedness is critically important to Florida public power and electric utilities across the state and country as we work together to create a more resilient and secure electric grid.

Below are a variety of resources relating to cyber and physical security preparedness.

Information from the American Public Power Association (APPA)

The American Public Power Association (APPA) helps its member utilities across the country create a more resilient and secure electric grid that is prepared for both cyber and physical threats. Public power utilities are working with their communities, states, and the federal government to ensure compliance with stringent security standards and to manage risk.

• APPA’s Security and Resilience page
  APPA has a number of free and paid resources linked on this page that are available to utilities to evaluate their cybersecurity posture, identify areas for improvement, and develop roadmaps to implement new policies and technologies to improve resilience against potential threat actors.
  
  
• Public Power Cybersecurity Roadmap
  This publication is designed to help utilities take the next step to improve their cybersecurity readiness based on identified needs and priorities in the Scorecard or other assessment tool. APPA has worked with a group of pilot members to develop the Cybersecurity Roadmap, which is available for download here.
  
  
• Public Power Cyber Incident Response Playbook
  The Public Power Cyber Incident Response Playbook walks through the steps and best practices a utility can follow in the event it experiences a cyber incident or attack. The Playbook can be downloaded here.
  
  
• Cybersecurity Guide for Public Power Utilities
  

  This comprehensive, high-level cybersecurity guide, developed by APPA, offers reliable industry guidance and resources aligned with a high-level outline of the National Institute of Standards and Technology’s Cybersecurity Framework. The guide offers resources related to supporting utilities in the five core functions - identify, protect, detect, respond, and recover - as well as listing these resources by organization. 

Electricity Information Sharing and Analysis Center (E-ISAC)

The E-ISAC keeps asset owners and operators informed about cyber and physical threats to the North American bulk power system through around-the-clock situational awareness and expert analysis. E-ISAC membership includes access to the secure online portal where members can voluntarily exchange information and receive access to the latest updates and alerts, including bulletins, white papers, webinars, and conferences. The E-ISAC is open to all electricity asset owners and operators and select government and cross-sector partners in North America. Joining the E-ISAC is free and users can request an account here.

The E-ISAC has published a one-page information sharing guide listing the types of information that should be shared with the ISAC and the best means of doing so. The guide is available here.

U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA)

• DHS Cybersecurity and Infrastructure Security Agency website
• CISA Cybersecurity Information
• CISA Insights
• CISA Cyber Essentials Starter Kit
• CISA Cyber Essentials Toolkits
• CISA Services Catalog
• CISA Cyber Resource Hub
• CISA Active Shooter Preparedness
• CISA Unmanned Aircraft Systems – Critical Infrastructure
• CISA Information Sharing
• CISA Pipeline Cybersecurity Initiative 
• CISA Pipeline Cybersecurity Resources Library 
• CISA Shields Up Program

Additional Resources

• Cyber Florida - Florida Center for Cybersecurity
• Cyber Florida - Guide to Ransomware Prevention
• Florida Department of Law Enforcement Florida Computer Crime Center
• FBI Internet Crime Complaint Center
• Hometown Connections Infographic - Cybersecurity for Community Owned Utilities