UU 103: Cybersecuring the Grid

Jan 25, 2022
C142, First Level

To register for this course, click here!


Cybersecurity is a real and continuously changing threat to electric utilities.  An axiom long understood for the critical systems is that cybersecurity must be designed in, it cannot be added after systems are developed. Protecting the grid is now recognized as a parallel effort to protect Industrial Control Systems. This course describes both the fundamentals and advanced techniques to implement cyber-secure systems at electric utilities. Topics covered include security basics such as risks, vulnerabilities, and threats to advanced topics such as risk mitigation strategies and cyber secure grid modernization architectures.  

In the context of cybersecurity, different assessment types exist such as risk assessments, vulnerability assessments, and threat assessments.  Each assessment type has a specific purpose. Threat assessments identify specific people, circumstances, and events with the potential to cause loss or damage. Vulnerability assessments identify weaknesses that an adversary could exploit to compromise a system. Risk assessments evaluate the potential for harm considering both threats and vulnerabilities as well as the consequences of an attack. An example showing vulnerabilities, threats, and risks is shown below.

In terms of advanced topics, the course provides technical instruction on the protection of Industrial Control Systems using offensive and defensive methods. The course will cover how cyberattacks are launched, how and why cyberattacks are successful, and mitigation strategies to increase the cybersecurity posture of utility systems.

Preventing cyberattacks is a critical aspect of securing utility systems. Techniques to prevent cyber-attacks are presented as well as techniques to design deploy cybersecurity systems. Prevention techniques leverage the standards and methodologies to protect Industrial Control Systems and the design capabilities of Enterprise Architecture.

Attendees should acquire:

  • Understand the difference between cybersecurity threats, vulnerabilities, and risks.
  • Understand how to assess systems for ability to protect, detect, respond and recover from cybersecurity attacks
  • Learn how to secure OT systems using industrial control cyber principles
  • Learn how to use enterprise architectures to design a cyber-secure system

Who should attend: 

  • Electric and combination utilities, software developers, and consultants to electric and combination utilities
  • CTOs, multi-unit directors, unit managers, and engineers
  • Distribution Planning, Distribution Engineering/Design, Distribution Operations, Transmission Planning, Transmission Engineering/Design, Transmission Operations, Customer Service, Generation, IT

Prerequisite skills, knowledge, certifications: None


  • Understand cyber threats, vulnerabilities, and risks relevant to critical grid systems
  • Understand the types and purposes of cyber assessments
  • Learn how to use techniques to design and prevent cyberattacks


  1. Understanding cybersecurity threats, vulnerabilities, and risks
  2. How to use enterprise architecture to design a cyber-secure system
  3. Securing grid systems using Industrial Control System cybersecurity techniques
Brian Smith, Principal Consultant - EnerNeX
Kay Stefferud, Director of Implementation Projects - EnerNex, A CESI Company
Ronald Chebra, Vice President, Grid Modernization - EnerNex, LLC
Neil Placer, Director of Utility Services Consulting - EnerNeX
Ben Rankin, Principal Consultant - EnerNeX